[PATCH] x86/paravirt: Apply paravirt instructions in consistent order during boot/module load
Commit 4e6292114c74 ("x86/paravirt: Add new features for paravirt patching") changed the order in which altinstructions and paravirt instructions are patched at boot time. However, no analogous change was made in module_finalize, where we apply altinstructions and parainstructions during module load.
As a result, any code that generates "stacked up" altinstructions and parainstructions (i.e. local_irq_save/restore) will produce different results when used in built-in kernel code vs. kernel modules. This also makes it possible to inadvertently replace altinstructions in the booted kernel with their parainstruction counterparts when using livepatch/kpatch.
To fix this, re-order the processing in module_finalize, so that we do things in this order:
1. apply_paravirt 2. apply_retpolines 3. apply_alternatives 4. alternatives_smp_module_add
This is the same ordering that is used at boot time in alternative_instructions.
Fixes: 4e6292114c74 ("x86/paravirt: Add new features for paravirt patching") Signed-off-by: Alex Thorlton alex.thorlton@oracle.com Reviewed-by: Boris Ostrovsky boris.ostrovsky@oracle.com Cc: Thomas Gleixner tglx@linutronix.de Cc: Ingo Molnar mingo@redhat.com Cc: Borislav Petkov bp@alien8.de Cc: Dave Hansen dave.hansen@linux.intel.com Cc: "H. Peter Anvin" hpa@zytor.com Cc: Andrew Morton akpm@linux-foundation.org Cc: Peter Zijlstra peterz@infradead.org Cc: Josh Poimboeuf jpoimboe@redhat.com Cc: Kefeng Wang wangkefeng.wang@huawei.com Cc: x86@kernel.org Cc: linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org # 5.13+ --- arch/x86/kernel/module.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c index 95fa745e310a5..4edc9c87ad0bc 100644 --- a/arch/x86/kernel/module.c +++ b/arch/x86/kernel/module.c @@ -273,6 +273,10 @@ int module_finalize(const Elf_Ehdr *hdr, retpolines = s; }
+ if (para) { + void *pseg = (void *)para->sh_addr; + apply_paravirt(pseg, pseg + para->sh_size); + } if (retpolines) { void *rseg = (void *)retpolines->sh_addr; apply_retpolines(rseg, rseg + retpolines->sh_size); @@ -290,11 +294,6 @@ int module_finalize(const Elf_Ehdr *hdr, tseg, tseg + text->sh_size); }
- if (para) { - void *pseg = (void *)para->sh_addr; - apply_paravirt(pseg, pseg + para->sh_size); - } - /* make jump label nops */ jump_label_apply_nops(me);
On Mon, Mar 07, 2022 at 12:03:38PM -0600, Alex Thorlton wrote:
Commit 4e6292114c74 ("x86/paravirt: Add new features for paravirt patching") changed the order in which altinstructions and paravirt instructions are patched at boot time. However, no analogous change was made in module_finalize, where we apply altinstructions and parainstructions during module load.
As a result, any code that generates "stacked up" altinstructions and parainstructions (i.e. local_irq_save/restore) will produce different results when used in built-in kernel code vs. kernel modules. This also makes it possible to inadvertently replace altinstructions in the booted kernel with their parainstruction counterparts when using livepatch/kpatch.
To fix this, re-order the processing in module_finalize, so that we do things in this order:
- apply_paravirt
- apply_retpolines
- apply_alternatives
- alternatives_smp_module_add
This is the same ordering that is used at boot time in alternative_instructions.
Fixes: 4e6292114c74 ("x86/paravirt: Add new features for paravirt patching") Signed-off-by: Alex Thorlton alex.thorlton@oracle.com Reviewed-by: Boris Ostrovsky boris.ostrovsky@oracle.com
Peter previously posted a fix, buried in his IBT series:
https://lkml.kernel.org/r/20220303112825.068773913@infradead.org
It should probably go ahead and be merged now...
On Mon, Mar 07, 2022 at 10:45:05AM -0800, Josh Poimboeuf wrote:
On Mon, Mar 07, 2022 at 12:03:38PM -0600, Alex Thorlton wrote:
Commit 4e6292114c74 ("x86/paravirt: Add new features for paravirt patching") changed the order in which altinstructions and paravirt instructions are patched at boot time. However, no analogous change was made in module_finalize, where we apply altinstructions and parainstructions during module load.
As a result, any code that generates "stacked up" altinstructions and parainstructions (i.e. local_irq_save/restore) will produce different results when used in built-in kernel code vs. kernel modules. This also makes it possible to inadvertently replace altinstructions in the booted kernel with their parainstruction counterparts when using livepatch/kpatch.
To fix this, re-order the processing in module_finalize, so that we do things in this order:
- apply_paravirt
- apply_retpolines
- apply_alternatives
- alternatives_smp_module_add
This is the same ordering that is used at boot time in alternative_instructions.
Fixes: 4e6292114c74 ("x86/paravirt: Add new features for paravirt patching") Signed-off-by: Alex Thorlton alex.thorlton@oracle.com Reviewed-by: Boris Ostrovsky boris.ostrovsky@oracle.com
Peter previously posted a fix, buried in his IBT series:
https://urldefense.com/v3/__https://lkml.kernel.org/r/20220303112825.0687739...
It should probably go ahead and be merged now...
Ahh, yep - hadn't seen that one yet! In any case, I'm glad this is on other folk's radar.
Thanks for letting me know, Josh!
- Alex
linux-stable-mirror@lists.linaro.org
-
Alex Thorlton -
Josh Poimboeuf