On Mon, Mar 04, 2024 at 11:41:46AM +0100, Greg KH wrote:
> On Wed, Feb 28, 2024 at 10:45:32AM +0800, Rui Qi wrote:
> > Since kernel version 5.4.217 LTS, there has been an issue with the kernel live patching feature becoming unavailable.
> > When compiling the sample code for kernel live patching, the following message is displayed when enabled:
> >
> > livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
> >
> > Reproduction steps:
> > 1.git checkout v5.4.269 -b v5.4.269
> > 2.make defconfig
> > 3. Set CONFIG_LIVEPATCH=y、CONFIG_SAMPLE_LIVEPATCH=m
> > 4. make -j bzImage
> > 5. make samples/livepatch/livepatch-sample.ko
> > 6. qemu-system-x86_64 -kernel arch/x86_64/boot/bzImage -nographic -append "console=ttyS0" -initrd initrd.img -m 1024M
> > 7. insmod livepatch-sample.ko
> >
> > Kernel live patch cannot complete successfully.
> >
> > After some debugging, the immediate cause of the patch failure is an error in stack checking. The logs are as follows:
> > [ 340.974853] livepatch: klp_check_stack: kworker/u256:0:23486 has an unreliable stack
> > [ 340.974858] livepatch: klp_check_stack: kworker/u256:1:23487 has an unreliable stack
> > [ 340.974863] livepatch: klp_check_stack: kworker/u256:2:23488 has an unreliable stack
> > [ 340.974868] livepatch: klp_check_stack: kworker/u256:5:23489 has an unreliable stack
> > [ 340.974872] livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
> > ......
> >
> > BTW,if you use the v5.4.217 tag for testing, make sure to set CONFIG_RETPOLINE = y and CONFIG_LIVEPATCH = y, and other steps are consistent with v5.4.269
> >
> > After investigation, The problem is strongly related to the commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"),
> > which would cause incorrect ORC entries to be generated, and the v5.4.217 version can undo this commit to make kernel livepatch work normally.
> > It is a back-ported upstream patch with some code adjustments,from the git log, the author also mentioned no intra-function call validation support.
> >
> > Based on commit 6e1f54a4985b63bc1b55a09e5e75a974c5d6719b (Linux 5.4.269), This patchset adds stack validation support for intra-function calls,
> > allowing the kernel live patching feature to work correctly.
> >
> > Alexandre Chartre (2):
> > objtool: is_fentry_call() crashes if call has no destination
> > objtool: Add support for intra-function calls
> >
> > Rui Qi (1):
> > x86/speculation: Support intra-function call validation
> >
> > arch/x86/include/asm/nospec-branch.h | 7 ++
> > include/linux/frame.h | 11 ++++
> > .../Documentation/stack-validation.txt | 8 +++
> > tools/objtool/arch/x86/decode.c | 6 ++
> > tools/objtool/check.c | 64 +++++++++++++++++--
> > 5 files changed, 91 insertions(+), 5 deletions(-)
>
> All now queued up, thanks!
Nope, these break the build:
../arch/x86/include/asm/nospec-branch.h:313: Error: no such instruction: `unwind_hint_empty'
../arch/x86/include/asm/nospec-branch.h:313: Error: no such instruction: `unwind_hint_empty'
How did you test them? I'll go drop them from the queue now, sorry.
Please fix them up and resend when you have something that works.
greg k-h
