| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250129232936.1795412-2-song@kernel.org> Date: Wed, 29 Jan 2025 15:29:36 -0800 From: Song Liu <song@...nel.org> To: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, live-patching@...r.kernel.org Cc: catalin.marinas@....com, will@...nel.org, mark.rutland@....com, jpoimboe@...nel.org, jikos@...nel.org, mbenes@...e.cz, pmladek@...e.com, joe.lawrence@...hat.com, surajjs@...zon.com, duwe@...e.de, song@...nel.org, kernel-team@...a.com Subject: [RFC 2/2] arm64: Implement HAVE_LIVEPATCH This is largely based on [1] by Suraj Jitindar Singh. Test coverage: - Passed manual tests with samples/livepatch. - Passed all but test-kprobe.sh in selftests/livepatch. test-kprobe.sh is expected to fail, because arm64 doesn't have KPROBES_ON_FTRACE. - Passed tests with kpatch-build [2]. (This version includes commits that are not merged to upstream kpatch yet). [1] https://lore.kernel.org/all/20210604235930.603-1-surajjs@amazon.com/ [2] https://github.com/liu-song-6/kpatch/tree/fb-6.13 Cc: Suraj Jitindar Singh <surajjs@...zon.com> Cc: Torsten Duwe <duwe@...e.de> Signed-off-by: Song Liu <song@...nel.org> --- arch/arm64/Kconfig | 3 +++ arch/arm64/include/asm/thread_info.h | 4 +++- arch/arm64/kernel/entry-common.c | 4 ++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index f5af6faf9e2b..475caa57c94a 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -272,6 +272,7 @@ config ARM64 select USER_STACKTRACE_SUPPORT select VDSO_GETRANDOM select HAVE_RELIABLE_STACKTRACE + select HAVE_LIVEPATCH help ARM 64-bit (AArch64) Linux support. @@ -2496,3 +2497,5 @@ endmenu # "CPU Power Management" source "drivers/acpi/Kconfig" source "arch/arm64/kvm/Kconfig" + +source "kernel/livepatch/Kconfig" diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h index 1114c1c3300a..01623c471beb 100644 --- a/arch/arm64/include/asm/thread_info.h +++ b/arch/arm64/include/asm/thread_info.h @@ -69,6 +69,7 @@ void arch_setup_new_exec(void); #define TIF_SYSCALL_TRACEPOINT 10 /* syscall tracepoint for ftrace */ #define TIF_SECCOMP 11 /* syscall secure computing */ #define TIF_SYSCALL_EMU 12 /* syscall emulation active */ +#define TIF_PATCH_PENDING 13 /* pending live patching update */ #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ #define TIF_FREEZE 19 #define TIF_RESTORE_SIGMASK 20 @@ -92,6 +93,7 @@ void arch_setup_new_exec(void); #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) #define _TIF_SECCOMP (1 << TIF_SECCOMP) #define _TIF_SYSCALL_EMU (1 << TIF_SYSCALL_EMU) +#define _TIF_PATCH_PENDING (1 << TIF_PATCH_PENDING) #define _TIF_UPROBE (1 << TIF_UPROBE) #define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP) #define _TIF_32BIT (1 << TIF_32BIT) @@ -103,7 +105,7 @@ void arch_setup_new_exec(void); #define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ _TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE | \ _TIF_UPROBE | _TIF_MTE_ASYNC_FAULT | \ - _TIF_NOTIFY_SIGNAL) + _TIF_NOTIFY_SIGNAL | _TIF_PATCH_PENDING) #define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | \ diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index b260ddc4d3e9..b537af333b42 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -8,6 +8,7 @@ #include <linux/context_tracking.h> #include <linux/kasan.h> #include <linux/linkage.h> +#include <linux/livepatch.h> #include <linux/lockdep.h> #include <linux/ptrace.h> #include <linux/resume_user_mode.h> @@ -144,6 +145,9 @@ static void do_notify_resume(struct pt_regs *regs, unsigned long thread_flags) (void __user *)NULL, current); } + if (thread_flags & _TIF_PATCH_PENDING) + klp_update_patch_state(current); + if (thread_flags & (_TIF_SIGPENDING | _TIF_NOTIFY_SIGNAL)) do_signal(regs); -- 2.43.5
Powered by blists - more mailing lists