On Mon, Mar 07, 2022 at 12:03:38PM -0600, Alex Thorlton wrote:
> Commit 4e6292114c74 ("x86/paravirt: Add new features for paravirt
> patching") changed the order in which altinstructions and paravirt
> instructions are patched at boot time. However, no analogous change was
> made in module_finalize, where we apply altinstructions and
> parainstructions during module load.
>
> As a result, any code that generates "stacked up" altinstructions and
> parainstructions (i.e. local_irq_save/restore) will produce different
> results when used in built-in kernel code vs. kernel modules. This also
> makes it possible to inadvertently replace altinstructions in the booted
> kernel with their parainstruction counterparts when using
> livepatch/kpatch.
>
> To fix this, re-order the processing in module_finalize, so that we do
> things in this order:
>
> 1. apply_paravirt
> 2. apply_retpolines
> 3. apply_alternatives
> 4. alternatives_smp_module_add
>
> This is the same ordering that is used at boot time in
> alternative_instructions.
>
> Fixes: 4e6292114c74 ("x86/paravirt: Add new features for paravirt patching")
> Signed-off-by: Alex Thorlton <[email protected]>
> Reviewed-by: Boris Ostrovsky <[email protected]>
Peter previously posted a fix, buried in his IBT series:
https://lkml.kernel.org/r/[email protected]
It should probably go ahead and be merged now...
--
Josh
On Mon, Mar 07, 2022 at 10:45:05AM -0800, Josh Poimboeuf wrote:
> On Mon, Mar 07, 2022 at 12:03:38PM -0600, Alex Thorlton wrote:
> > Commit 4e6292114c74 ("x86/paravirt: Add new features for paravirt
> > patching") changed the order in which altinstructions and paravirt
> > instructions are patched at boot time. However, no analogous change was
> > made in module_finalize, where we apply altinstructions and
> > parainstructions during module load.
> >
> > As a result, any code that generates "stacked up" altinstructions and
> > parainstructions (i.e. local_irq_save/restore) will produce different
> > results when used in built-in kernel code vs. kernel modules. This also
> > makes it possible to inadvertently replace altinstructions in the booted
> > kernel with their parainstruction counterparts when using
> > livepatch/kpatch.
> >
> > To fix this, re-order the processing in module_finalize, so that we do
> > things in this order:
> >
> > 1. apply_paravirt
> > 2. apply_retpolines
> > 3. apply_alternatives
> > 4. alternatives_smp_module_add
> >
> > This is the same ordering that is used at boot time in
> > alternative_instructions.
> >
> > Fixes: 4e6292114c74 ("x86/paravirt: Add new features for paravirt patching")
> > Signed-off-by: Alex Thorlton <[email protected]>
> > Reviewed-by: Boris Ostrovsky <[email protected]>
>
> Peter previously posted a fix, buried in his IBT series:
>
> https://urldefense.com/v3/__https://lkml.kernel.org/r/[email protected]__;!!ACWV5N9M2RV99hQ!YARvXhahbleGAt689pqTXJU7ko-rePIjzrbuGmemJXgFRViFZ8FDfOy7mHZQ7CPaG6Y$
>
> It should probably go ahead and be merged now...
Ahh, yep - hadn't seen that one yet! In any case, I'm glad this is on
other folk's radar.
Thanks for letting me know, Josh!
- Alex