[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2024032928-slit-tricky-cdd2@gregkh>
Date: Fri, 29 Mar 2024 11:16:38 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Rui Qi <qirui.001@...edance.com>
Cc: bp@...en8.de, mingo@...hat.com, tglx@...utronix.de, hpa@...or.com,
jpoimboe@...hat.com, peterz@...radead.org, mbenes@...e.cz,
stable@...r.kernel.org, alexandre.chartre@...cle.com,
x86@...nel.org, linux-kernel@...r.kernel.org, sashal@...nel.org
Subject: Re: [PATCH V3 RESEND 0/3] Support intra-function call validation
On Wed, Mar 27, 2024 at 05:44:44PM +0800, Rui Qi wrote:
> Since kernel version 5.4.217 LTS, there has been an issue with the kernel live patching feature becoming unavailable.
> When compiling the sample code for kernel live patching, the following message is displayed when enabled:
>
> livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
>
> Reproduction steps:
> 1.git checkout v5.4.269 -b v5.4.269
> 2.make defconfig
> 3. Set CONFIG_LIVEPATCH=yćCONFIG_SAMPLE_LIVEPATCH=m
> 4. make -j bzImage
> 5. make samples/livepatch/livepatch-sample.ko
> 6. qemu-system-x86_64 -kernel arch/x86_64/boot/bzImage -nographic -append "console=ttyS0" -initrd initrd.img -m 1024M
> 7. insmod livepatch-sample.ko
>
> Kernel live patch cannot complete successfully.
>
> After some debugging, the immediate cause of the patch failure is an error in stack checking. The logs are as follows:
> [ 340.974853] livepatch: klp_check_stack: kworker/u256:0:23486 has an unreliable stack
> [ 340.974858] livepatch: klp_check_stack: kworker/u256:1:23487 has an unreliable stack
> [ 340.974863] livepatch: klp_check_stack: kworker/u256:2:23488 has an unreliable stack
> [ 340.974868] livepatch: klp_check_stack: kworker/u256:5:23489 has an unreliable stack
> [ 340.974872] livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
> ......
>
> BTW,if you use the v5.4.217 tag for testing, make sure to set CONFIG_RETPOLINE = y and CONFIG_LIVEPATCH = y, and other steps are consistent with v5.4.269
>
> After investigation, The problem is strongly related to the commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"),
> which would cause incorrect ORC entries to be generated, and the v5.4.217 version can undo this commit to make kernel livepatch work normally.
> It is a back-ported upstream patch with some code adjustments,from the git log, the author also mentioned no intra-function call validation support.
>
> Based on commit 24489321d0cd5339f9c2da01eb8bf2bccbac7956 (Linux 5.4.273), This patchset adds stack validation support for intra-function calls,
> allowing the kernel live patching feature to work correctly.
Sorry for the delay, all now queued up.
greg k-h
Powered by blists - more mailing lists