From: Greg KH <gregkh@linuxfoundation.org>
To: Rui Qi <qirui.001@bytedance.com>
Cc: bp@alien8.de, mingo@redhat.com, tglx@linutronix.de,
hpa@zytor.com, jpoimboe@redhat.com, peterz@infradead.org,
mbenes@suse.cz, stable@vger.kernel.org,
alexandre.chartre@oracle.com, x86@kernel.org,
linux-kernel@vger.kernel.org, yuanzhu@bytedance.com
Subject: Re: [PATCH v2 0/3] Support intra-function call validation
Date: Mon, 4 Mar 2024 11:41:46 +0100 [thread overview]
Message-ID: <2024030438-dropout-satisfy-b4c4@gregkh> (raw)
In-Reply-To: <20240228024535.79980-1-qirui.001@bytedance.com>
On Wed, Feb 28, 2024 at 10:45:32AM +0800, Rui Qi wrote:
> Since kernel version 5.4.217 LTS, there has been an issue with the kernel live patching feature becoming unavailable.
> When compiling the sample code for kernel live patching, the following message is displayed when enabled:
>
> livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
>
> Reproduction steps:
> 1.git checkout v5.4.269 -b v5.4.269
> 2.make defconfig
> 3. Set CONFIG_LIVEPATCH=y、CONFIG_SAMPLE_LIVEPATCH=m
> 4. make -j bzImage
> 5. make samples/livepatch/livepatch-sample.ko
> 6. qemu-system-x86_64 -kernel arch/x86_64/boot/bzImage -nographic -append "console=ttyS0" -initrd initrd.img -m 1024M
> 7. insmod livepatch-sample.ko
>
> Kernel live patch cannot complete successfully.
>
> After some debugging, the immediate cause of the patch failure is an error in stack checking. The logs are as follows:
> [ 340.974853] livepatch: klp_check_stack: kworker/u256:0:23486 has an unreliable stack
> [ 340.974858] livepatch: klp_check_stack: kworker/u256:1:23487 has an unreliable stack
> [ 340.974863] livepatch: klp_check_stack: kworker/u256:2:23488 has an unreliable stack
> [ 340.974868] livepatch: klp_check_stack: kworker/u256:5:23489 has an unreliable stack
> [ 340.974872] livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
> ......
>
> BTW,if you use the v5.4.217 tag for testing, make sure to set CONFIG_RETPOLINE = y and CONFIG_LIVEPATCH = y, and other steps are consistent with v5.4.269
>
> After investigation, The problem is strongly related to the commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"),
> which would cause incorrect ORC entries to be generated, and the v5.4.217 version can undo this commit to make kernel livepatch work normally.
> It is a back-ported upstream patch with some code adjustments,from the git log, the author also mentioned no intra-function call validation support.
>
> Based on commit 6e1f54a4985b63bc1b55a09e5e75a974c5d6719b (Linux 5.4.269), This patchset adds stack validation support for intra-function calls,
> allowing the kernel live patching feature to work correctly.
>
> Alexandre Chartre (2):
> objtool: is_fentry_call() crashes if call has no destination
> objtool: Add support for intra-function calls
>
> Rui Qi (1):
> x86/speculation: Support intra-function call validation
>
> arch/x86/include/asm/nospec-branch.h | 7 ++
> include/linux/frame.h | 11 ++++
> .../Documentation/stack-validation.txt | 8 +++
> tools/objtool/arch/x86/decode.c | 6 ++
> tools/objtool/check.c | 64 +++++++++++++++++--
> 5 files changed, 91 insertions(+), 5 deletions(-)
All now queued up, thanks!
greg k-h
next prev parent reply other threads:[~2024-03-04 10:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-28 2:45 [PATCH v2 0/3] Support intra-function call validation Rui Qi
2024-02-28 2:45 ` [PATCH v2 1/3] objtool: is_fentry_call() crashes if call has no destination Rui Qi
2024-02-28 2:45 ` [PATCH v2 2/3] objtool: Add support for intra-function calls Rui Qi
2024-02-28 2:45 ` [PATCH v2 3/3] x86/speculation: Support intra-function call validation Rui Qi
2024-03-04 10:41 ` Greg KH [this message]
2024-03-04 10:55 ` [PATCH v2 0/3] " Greg KH
2024-03-05 3:28 ` [External] " Rui Qi
2024-03-05 6:13 ` Greg KH
2024-03-05 6:28 ` Rui Qi
2024-03-05 7:20 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024030438-dropout-satisfy-b4c4@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=alexandre.chartre@oracle.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mbenes@suse.cz \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=qirui.001@bytedance.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=yuanzhu@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).