Please fast-forward merge this change to the f22 branch and push that out.
josh
---------- Forwarded message ----------
From: Richard W.M. Jones <rjones@xxxxxxxxxxxxxxxxx>
Date: Tue, Feb 24, 2015 at 1:26 PM
Subject: [kernel] Add patch to fix aarch64 KVM bug with module loading
(rhbz 1194366).
To: kernel-owner@xxxxxxxxxxxxxxxxx, scm-commits@xxxxxxxxxxxxxxxxxxxxxxx
commit f7bbaa5ad931357b0e53974dd4ebca385802366e
Author: Richard W.M. Jones <rjones@xxxxxxxxxx>
Date: Tue Feb 24 18:25:10 2015 +0000
Add patch to fix aarch64 KVM bug with module loading (rhbz 1194366).
...Fix-text-patching-logic-when-using-fixmap.patch | 68 ++++++++++++++++++++++
kernel.spec | 10 +++-
2 files changed, 77 insertions(+), 1 deletion(-)
---
diff --git a/0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch
b/0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch
new file mode 100644
index 0000000..27784b5
--- /dev/null
+++ b/0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch
@@ -0,0 +1,68 @@
+From a79ebe4eb65331733803df4a7fd634d3b709af7b Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@xxxxxxx>
+Date: Tue, 24 Feb 2015 16:30:21 +0000
+Subject: [PATCH] arm64: Fix text patching logic when using fixmap
+
+Patch 2f896d586610 ("arm64: use fixmap for text patching") changed
+the way we patch the kernel text, using a fixmap when the kernel or
+modules are flagged as read only.
+
+Unfortunately, a flaw in the logic makes it fall over when patching
+modules without CONFIG_DEBUG_SET_MODULE_RONX enabled:
+
+[...]
+[ 32.032636] Call trace:
+[ 32.032716] [<fffffe00003da0dc>] __copy_to_user+0x2c/0x60
+[ 32.032837] [<fffffe0000099f08>] __aarch64_insn_write+0x94/0xf8
+[ 32.033027] [<fffffe000009a0a0>] aarch64_insn_patch_text_nosync+0x18/0x58
+[ 32.033200] [<fffffe000009c3ec>] ftrace_modify_code+0x58/0x84
+[ 32.033363] [<fffffe000009c4e4>] ftrace_make_nop+0x3c/0x58
+[ 32.033532] [<fffffe0000164420>] ftrace_process_locs+0x3d0/0x5c8
+[ 32.033709] [<fffffe00001661cc>] ftrace_module_init+0x28/0x34
+[ 32.033882] [<fffffe0000135148>] load_module+0xbb8/0xfc4
+[ 32.034044] [<fffffe0000135714>] SyS_finit_module+0x94/0xc4
+[...]
+
+This is triggered by the use of virt_to_page() on a module address,
+which ends to pointing to Nowhereland if you're lucky, or corrupt
+your precious data if not.
+
+This patch fixes the logic by mimicking what is done on arm:
+- If we're patching a module and CONFIG_DEBUG_SET_MODULE_RONX is set,
+ use vmalloc_to_page().
+- If we're patching the kernel and CONFIG_DEBUG_RODATA is set,
+ use virt_to_page().
+- Otherwise, use the provided address, as we can write to it directly.
+
+Tested on 4.0-rc1 as a KVM guest.
+
+Reported-by: Richard W.M. Jones <rjones@xxxxxxxxxx>
+Cc: Kees Cook <keescook@xxxxxxxxxxxx>
+Cc: Mark Rutland <mark.rutland@xxxxxxx>
+Cc: Laura Abbott <lauraa@xxxxxxxxxxxxxx>
+Cc: Catalin Marinas <catalin.marinas@xxxxxxx>
+Cc: Will Deacon <will.deacon@xxxxxxx>
+Signed-off-by: Marc Zyngier <marc.zyngier@xxxxxxx>
+---
+ arch/arm64/kernel/insn.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm64/kernel/insn.c b/arch/arm64/kernel/insn.c
+index 27d4864..c8eca88 100644
+--- a/arch/arm64/kernel/insn.c
++++ b/arch/arm64/kernel/insn.c
+@@ -87,8 +87,10 @@ static void __kprobes *patch_map(void *addr, int fixmap)
+
+ if (module && IS_ENABLED(CONFIG_DEBUG_SET_MODULE_RONX))
+ page = vmalloc_to_page(addr);
+- else
++ else if (!module && IS_ENABLED(CONFIG_DEBUG_RODATA))
+ page = virt_to_page(addr);
++ else
++ return addr;
+
+ BUG_ON(!page);
+ set_fixmap(fixmap, page_to_phys(page));
+--
+2.3.0
+
diff --git a/kernel.spec b/kernel.spec
index 16ca947..43146ce 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -42,7 +42,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
-%global baserelease 1
+%global baserelease 2
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@@ -627,6 +627,9 @@ Patch26139:
HID-i2c-hid-Limit-reads-to-wMaxInputLength-bytes-for.patch
Patch30000: kernel-arm64.patch
Patch30001: kernel-arm64-fix-psci-when-pg.patch
+# Not yet upstream, for https://bugzilla.redhat.com/show_bug.cgi?id=1194366#c12
+Patch30002: 0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -1359,6 +1362,8 @@ ApplyPatch kernel-arm64.patch -R
%endif
%endif
ApplyPatch kernel-arm64-fix-psci-when-pg.patch
+# Not yet upstream, for https://bugzilla.redhat.com/show_bug.cgi?id=1194366#c12
+ApplyPatch 0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch
# END OF PATCH APPLICATIONS
@@ -2210,6 +2215,9 @@ fi
#
#
%changelog
+* Tue Feb 24 2015 Richard W.M. Jones <rjones@xxxxxxxxxx> - 4.0.0-0.rc1.git0.2
+- Add patch to fix aarch64 KVM bug with module loading (rhbz 1194366).
+
* Tue Feb 24 2015 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx>
- Minor ARM config update
_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel
