Re: [PATCH v2 0/3] Support intra-function call validation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 04, 2024 at 11:41:46AM +0100, Greg KH wrote:
> On Wed, Feb 28, 2024 at 10:45:32AM +0800, Rui Qi wrote:
> > Since kernel version 5.4.217 LTS, there has been an issue with the kernel live patching feature becoming unavailable. 
> > When compiling the sample code for kernel live patching, the following message is displayed when enabled:
> > 
> > livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
> > 
> > Reproduction steps:
> > 1.git checkout v5.4.269 -b v5.4.269
> > 2.make defconfig
> > 3. Set CONFIG_LIVEPATCH=y、CONFIG_SAMPLE_LIVEPATCH=m
> > 4. make -j bzImage
> > 5. make samples/livepatch/livepatch-sample.ko
> > 6. qemu-system-x86_64 -kernel arch/x86_64/boot/bzImage -nographic -append "console=ttyS0" -initrd initrd.img -m 1024M
> > 7. insmod livepatch-sample.ko
> > 
> > Kernel live patch cannot complete successfully.
> > 
> > After some debugging, the immediate cause of the patch failure is an error in stack checking. The logs are as follows:
> > [ 340.974853] livepatch: klp_check_stack: kworker/u256:0:23486 has an unreliable stack
> > [ 340.974858] livepatch: klp_check_stack: kworker/u256:1:23487 has an unreliable stack
> > [ 340.974863] livepatch: klp_check_stack: kworker/u256:2:23488 has an unreliable stack
> > [ 340.974868] livepatch: klp_check_stack: kworker/u256:5:23489 has an unreliable stack
> > [ 340.974872] livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
> > ......
> > 
> > BTW,if you use the v5.4.217 tag for testing, make sure to set CONFIG_RETPOLINE = y and CONFIG_LIVEPATCH = y, and other steps are consistent with v5.4.269
> > 
> > After investigation, The problem is strongly related to the commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"),
> > which would cause incorrect ORC entries to be generated, and the v5.4.217 version can undo this commit to make kernel livepatch work normally. 
> > It is a back-ported upstream patch with some code adjustments,from the git log, the author also mentioned no intra-function call validation support.
> > 
> > Based on commit 6e1f54a4985b63bc1b55a09e5e75a974c5d6719b (Linux 5.4.269), This patchset adds stack validation support for intra-function calls, 
> > allowing the kernel live patching feature to work correctly.
> > 
> > Alexandre Chartre (2):
> >   objtool: is_fentry_call() crashes if call has no destination
> >   objtool: Add support for intra-function calls
> > 
> > Rui Qi (1):
> >   x86/speculation: Support intra-function call validation
> > 
> >  arch/x86/include/asm/nospec-branch.h          |  7 ++
> >  include/linux/frame.h                         | 11 ++++
> >  .../Documentation/stack-validation.txt        |  8 +++
> >  tools/objtool/arch/x86/decode.c               |  6 ++
> >  tools/objtool/check.c                         | 64 +++++++++++++++++--
> >  5 files changed, 91 insertions(+), 5 deletions(-)
> 
> All now queued up, thanks!

Nope, these break the build:

../arch/x86/include/asm/nospec-branch.h:313: Error: no such instruction: `unwind_hint_empty'
../arch/x86/include/asm/nospec-branch.h:313: Error: no such instruction: `unwind_hint_empty'

How did you test them?  I'll go drop them from the queue now, sorry.
Please fix them up and resend when you have something that works.

greg k-h




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux