[PATCH 0/3] jump_label/static_call/kprobes: *_text_reserved() fixes

[PATCH 0/3] jump_label/static_call/kprobes: *_text_reserved() fixes

[Peter Zijlstra]

Hi,

3 little pigs^Wfixes for kprobes on dynamic text.

[PATCH 1/3] jump_label: Fix jump_label_text_reserved() vs __init

[Peter Zijlstra]

It turns out that jump_label_text_reserved() was reporting __init text
as being reserved past the time when the __init text was freed and
re-used.

For a long time, this resulted in, at worst, not being able to kprobe
text that happened to land at the re-used address. However a recent
commit e7bf1ba97afd ("jump_label, x86: Emit short JMP") made it a
fatal mistake because it now needs to read the instruction in order to
determine the conflict -- an instruction that's no longer there.

Fixes: 4c3ef6d79328 ("jump label: Add jump_label_text_reserved() to reserve jump points")
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
 kernel/jump_label.c |   13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -316,14 +316,16 @@ static int addr_conflict(struct jump_ent
 }
 
 static int __jump_label_text_reserved(struct jump_entry *iter_start,
-		struct jump_entry *iter_stop, void *start, void *end)
+		struct jump_entry *iter_stop, void *start, void *end, bool init)
 {
 	struct jump_entry *iter;
 
 	iter = iter_start;
 	while (iter < iter_stop) {
-		if (addr_conflict(iter, start, end))
-			return 1;
+		if (init || !jump_entry_is_init(iter)) {
+			if (addr_conflict(iter, start, end))
+				return 1;
+		}
 		iter++;
 	}
 
@@ -561,7 +563,7 @@ static int __jump_label_mod_text_reserve
 
 	ret = __jump_label_text_reserved(mod->jump_entries,
 				mod->jump_entries + mod->num_jump_entries,
-				start, end);
+				start, end, mod->state == MODULE_STATE_COMING);
 
 	module_put(mod);
 
@@ -786,8 +788,9 @@ early_initcall(jump_label_init_module);
  */
 int jump_label_text_reserved(void *start, void *end)
 {
+	bool init = system_state < SYSTEM_RUNNING;
 	int ret = __jump_label_text_reserved(__start___jump_table,
-			__stop___jump_table, start, end);
+			__stop___jump_table, start, end, init);
 
 	if (ret)
 		return ret;

[PATCH 2/3] static_call: Fix static_call_text_reserved() vs __init

[Peter Zijlstra]

It turns out that static_call_text_reserved() was reporting __init
text as being reserved past the time when the __init text was freed
and re-used.

This is mostly harmless and will at worst result in refusing a kprobe.

Fixes: 6333e8f73b83 ("static_call: Avoid kprobes on inline static_call()s")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
 kernel/static_call.c |   13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

--- a/kernel/static_call.c
+++ b/kernel/static_call.c
@@ -292,13 +292,15 @@ static int addr_conflict(struct static_c
 
 static int __static_call_text_reserved(struct static_call_site *iter_start,
 				       struct static_call_site *iter_stop,
-				       void *start, void *end)
+				       void *start, void *end, bool init)
 {
 	struct static_call_site *iter = iter_start;
 
 	while (iter < iter_stop) {
-		if (addr_conflict(iter, start, end))
-			return 1;
+		if (init || !static_call_is_init(iter)) {
+			if (addr_conflict(iter, start, end))
+				return 1;
+		}
 		iter++;
 	}
 
@@ -324,7 +326,7 @@ static int __static_call_mod_text_reserv
 
 	ret = __static_call_text_reserved(mod->static_call_sites,
 			mod->static_call_sites + mod->num_static_call_sites,
-			start, end);
+			start, end, mod->state == MODULE_STATE_COMING);
 
 	module_put(mod);
 
@@ -459,8 +461,9 @@ static inline int __static_call_mod_text
 
 int static_call_text_reserved(void *start, void *end)
 {
+	bool init = system_state < SYSTEM_RUNNING;
 	int ret = __static_call_text_reserved(__start_static_call_sites,
-			__stop_static_call_sites, start, end);
+			__stop_static_call_sites, start, end, init);
 
 	if (ret)
 		return ret;

[PATCH 3/3] kprobe/static_call: Restore missing static_call_text_reserved()

[Peter Zijlstra]

Restore two hunks from commit 6333e8f73b83 ("static_call: Avoid
kprobes on inline static_call()s") that went walkabout.

Fixes: 76d4acf22b48 ("Merge tag 'perf-kprobes-2020-12-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
 kernel/kprobes.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -35,6 +35,7 @@
 #include <linux/ftrace.h>
 #include <linux/cpu.h>
 #include <linux/jump_label.h>
+#include <linux/static_call.h>
 #include <linux/perf_event.h>
 
 #include <asm/sections.h>
@@ -1551,6 +1552,7 @@ static int check_kprobe_address_safe(str
 	if (!kernel_text_address((unsigned long) p->addr) ||
 	    within_kprobe_blacklist((unsigned long) p->addr) ||
 	    jump_label_text_reserved(p->addr, p->addr) ||
+	    static_call_text_reserved(p->addr, p->addr) ||
 	    find_bug((unsigned long)p->addr)) {
 		ret = -EINVAL;
 		goto out;

Re: [PATCH 3/3] kprobe/static_call: Restore missing static_call_text_reserved()

[Peter Zijlstra]

On Mon, Jun 28, 2021 at 01:24:12PM +0200, Peter Zijlstra wrote:
> Restore two hunks from commit 6333e8f73b83 ("static_call: Avoid
> kprobes on inline static_call()s") that went walkabout.
> 
> Fixes: 76d4acf22b48 ("Merge tag 'perf-kprobes-2020-12-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip")

FWIW, it was a royal pain in the arse to find that commit...

Re: [PATCH 1/3] jump_label: Fix jump_label_text_reserved() vs __init

[Masami Hiramatsu]

On Mon, 28 Jun 2021 13:24:10 +0200
Peter Zijlstra <peterz@infradead.org> wrote:

> It turns out that jump_label_text_reserved() was reporting __init text
> as being reserved past the time when the __init text was freed and
> re-used.
> 
> For a long time, this resulted in, at worst, not being able to kprobe
> text that happened to land at the re-used address. However a recent
> commit e7bf1ba97afd ("jump_label, x86: Emit short JMP") made it a
> fatal mistake because it now needs to read the instruction in order to
> determine the conflict -- an instruction that's no longer there.
> 
> Fixes: 4c3ef6d79328 ("jump label: Add jump_label_text_reserved() to reserve jump points")
> Reported-by: kernel test robot <oliver.sang@intel.com>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>

Looks good to me.

Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>

Thank you,

> ---
>  kernel/jump_label.c |   13 ++++++++-----
>  1 file changed, 8 insertions(+), 5 deletions(-)
> 
> --- a/kernel/jump_label.c
> +++ b/kernel/jump_label.c
> @@ -316,14 +316,16 @@ static int addr_conflict(struct jump_ent
>  }
>  
>  static int __jump_label_text_reserved(struct jump_entry *iter_start,
> -		struct jump_entry *iter_stop, void *start, void *end)
> +		struct jump_entry *iter_stop, void *start, void *end, bool init)
>  {
>  	struct jump_entry *iter;
>  
>  	iter = iter_start;
>  	while (iter < iter_stop) {
> -		if (addr_conflict(iter, start, end))
> -			return 1;
> +		if (init || !jump_entry_is_init(iter)) {
> +			if (addr_conflict(iter, start, end))
> +				return 1;
> +		}
>  		iter++;
>  	}
>  
> @@ -561,7 +563,7 @@ static int __jump_label_mod_text_reserve
>  
>  	ret = __jump_label_text_reserved(mod->jump_entries,
>  				mod->jump_entries + mod->num_jump_entries,
> -				start, end);
> +				start, end, mod->state == MODULE_STATE_COMING);
>  
>  	module_put(mod);
>  
> @@ -786,8 +788,9 @@ early_initcall(jump_label_init_module);
>   */
>  int jump_label_text_reserved(void *start, void *end)
>  {
> +	bool init = system_state < SYSTEM_RUNNING;
>  	int ret = __jump_label_text_reserved(__start___jump_table,
> -			__stop___jump_table, start, end);
> +			__stop___jump_table, start, end, init);
>  
>  	if (ret)
>  		return ret;
> 
> 


-- 
Masami Hiramatsu <mhiramat@kernel.org>

Re: [PATCH 3/3] kprobe/static_call: Restore missing static_call_text_reserved()

[Masami Hiramatsu]

On Mon, 28 Jun 2021 13:34:58 +0200
Peter Zijlstra <peterz@infradead.org> wrote:

> On Mon, Jun 28, 2021 at 01:24:12PM +0200, Peter Zijlstra wrote:
> > Restore two hunks from commit 6333e8f73b83 ("static_call: Avoid
> > kprobes on inline static_call()s") that went walkabout.
> > 
> > Fixes: 76d4acf22b48 ("Merge tag 'perf-kprobes-2020-12-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip")
> 
> FWIW, it was a royal pain in the arse to find that commit...

I think if this is a fix, that fixes static_call introduction commit,
because anyway kprobes has to check the static_call site as a reserved
area for another self code modifying.

Thank you,

-- 
Masami Hiramatsu <mhiramat@kernel.org>

Re: [PATCH 3/3] kprobe/static_call: Restore missing static_call_text_reserved()

[Masami Hiramatsu]

On Mon, 28 Jun 2021 13:24:12 +0200
Peter Zijlstra <peterz@infradead.org> wrote:

> Restore two hunks from commit 6333e8f73b83 ("static_call: Avoid
> kprobes on inline static_call()s") that went walkabout.
> 
> Fixes: 76d4acf22b48 ("Merge tag 'perf-kprobes-2020-12-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip")
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>

This looks good to me.

Acked-by: Masami Hiramatsu <mhiramat@kernel.org>

Thank you!

> ---
>  kernel/kprobes.c |    2 ++
>  1 file changed, 2 insertions(+)
> 
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -35,6 +35,7 @@
>  #include <linux/ftrace.h>
>  #include <linux/cpu.h>
>  #include <linux/jump_label.h>
> +#include <linux/static_call.h>
>  #include <linux/perf_event.h>
>  
>  #include <asm/sections.h>
> @@ -1551,6 +1552,7 @@ static int check_kprobe_address_safe(str
>  	if (!kernel_text_address((unsigned long) p->addr) ||
>  	    within_kprobe_blacklist((unsigned long) p->addr) ||
>  	    jump_label_text_reserved(p->addr, p->addr) ||
> +	    static_call_text_reserved(p->addr, p->addr) ||
>  	    find_bug((unsigned long)p->addr)) {
>  		ret = -EINVAL;
>  		goto out;
> 
> 


-- 
Masami Hiramatsu <mhiramat@kernel.org>

Re: [PATCH 2/3] static_call: Fix static_call_text_reserved() vs __init

[Masami Hiramatsu]

On Mon, 28 Jun 2021 13:24:11 +0200
Peter Zijlstra <peterz@infradead.org> wrote:

> It turns out that static_call_text_reserved() was reporting __init
> text as being reserved past the time when the __init text was freed
> and re-used.
> 
> This is mostly harmless and will at worst result in refusing a kprobe.
> 
> Fixes: 6333e8f73b83 ("static_call: Avoid kprobes on inline static_call()s")
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>

This looks good to me.

Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>

Thank you,

> ---
>  kernel/static_call.c |   13 ++++++++-----
>  1 file changed, 8 insertions(+), 5 deletions(-)
> 
> --- a/kernel/static_call.c
> +++ b/kernel/static_call.c
> @@ -292,13 +292,15 @@ static int addr_conflict(struct static_c
>  
>  static int __static_call_text_reserved(struct static_call_site *iter_start,
>  				       struct static_call_site *iter_stop,
> -				       void *start, void *end)
> +				       void *start, void *end, bool init)
>  {
>  	struct static_call_site *iter = iter_start;
>  
>  	while (iter < iter_stop) {
> -		if (addr_conflict(iter, start, end))
> -			return 1;
> +		if (init || !static_call_is_init(iter)) {
> +			if (addr_conflict(iter, start, end))
> +				return 1;
> +		}
>  		iter++;
>  	}
>  
> @@ -324,7 +326,7 @@ static int __static_call_mod_text_reserv
>  
>  	ret = __static_call_text_reserved(mod->static_call_sites,
>  			mod->static_call_sites + mod->num_static_call_sites,
> -			start, end);
> +			start, end, mod->state == MODULE_STATE_COMING);
>  
>  	module_put(mod);
>  
> @@ -459,8 +461,9 @@ static inline int __static_call_mod_text
>  
>  int static_call_text_reserved(void *start, void *end)
>  {
> +	bool init = system_state < SYSTEM_RUNNING;
>  	int ret = __static_call_text_reserved(__start_static_call_sites,
> -			__stop_static_call_sites, start, end);
> +			__stop_static_call_sites, start, end, init);
>  
>  	if (ret)
>  		return ret;
> 
> 


-- 
Masami Hiramatsu <mhiramat@kernel.org>

Re: [PATCH 3/3] kprobe/static_call: Restore missing static_call_text_reserved()

[Peter Zijlstra]

On Mon, Jun 28, 2021 at 11:24:47PM +0900, Masami Hiramatsu wrote:
> On Mon, 28 Jun 2021 13:34:58 +0200
> Peter Zijlstra <peterz@infradead.org> wrote:
> 
> > On Mon, Jun 28, 2021 at 01:24:12PM +0200, Peter Zijlstra wrote:
> > > Restore two hunks from commit 6333e8f73b83 ("static_call: Avoid
> > > kprobes on inline static_call()s") that went walkabout.
> > > 
> > > Fixes: 76d4acf22b48 ("Merge tag 'perf-kprobes-2020-12-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip")
> > 
> > FWIW, it was a royal pain in the arse to find that commit...
> 
> I think if this is a fix, that fixes static_call introduction commit,
> because anyway kprobes has to check the static_call site as a reserved
> area for another self code modifying.

Yeah, so 6333e8f73b83 has these two hunks, so the initial commit was
fine, but the merge commit from the Fixes: tag lost them again for some
reason. So this really is a fix for a merge commit afaict.

[tip: locking/urgent] kprobe/static_call: Restore missing static_call_text_reserved()

[tip-bot2 for Peter Zijlstra]

The following commit has been merged into the locking/urgent branch of tip:

Commit-ID:     1dcba646c86dc86114ac666a1887e84282154515
Gitweb:        https://git.kernel.org/tip/1dcba646c86dc86114ac666a1887e84282154515
Author:        Peter Zijlstra <peterz@infradead.org>
AuthorDate:    Mon, 28 Jun 2021 13:24:12 +02:00
Committer:     Peter Zijlstra <peterz@infradead.org>
CommitterDate: Fri, 02 Jul 2021 15:58:27 +02:00

kprobe/static_call: Restore missing static_call_text_reserved()

Restore two hunks from commit 6333e8f73b83 ("static_call: Avoid
kprobes on inline static_call()s") that went walkabout.

Fixes: 76d4acf22b48 ("Merge tag 'perf-kprobes-2020-12-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20210628113045.167127609@infradead.org
---
 kernel/kprobes.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index e41385a..069388d 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -35,6 +35,7 @@
 #include <linux/ftrace.h>
 #include <linux/cpu.h>
 #include <linux/jump_label.h>
+#include <linux/static_call.h>
 #include <linux/perf_event.h>
 
 #include <asm/sections.h>
@@ -1551,6 +1552,7 @@ static int check_kprobe_address_safe(struct kprobe *p,
 	if (!kernel_text_address((unsigned long) p->addr) ||
 	    within_kprobe_blacklist((unsigned long) p->addr) ||
 	    jump_label_text_reserved(p->addr, p->addr) ||
+	    static_call_text_reserved(p->addr, p->addr) ||
 	    find_bug((unsigned long)p->addr)) {
 		ret = -EINVAL;
 		goto out;

[tip: locking/urgent] static_call: Fix static_call_text_reserved() vs __init

[tip-bot2 for Peter Zijlstra]

The following commit has been merged into the locking/urgent branch of tip:

Commit-ID:     8e62ef8c9922d7deaa2d92dc30a87ba6f81fdee3
Gitweb:        https://git.kernel.org/tip/8e62ef8c9922d7deaa2d92dc30a87ba6f81fdee3
Author:        Peter Zijlstra <peterz@infradead.org>
AuthorDate:    Mon, 28 Jun 2021 13:24:11 +02:00
Committer:     Peter Zijlstra <peterz@infradead.org>
CommitterDate: Fri, 02 Jul 2021 15:58:27 +02:00

static_call: Fix static_call_text_reserved() vs __init

It turns out that static_call_text_reserved() was reporting __init
text as being reserved past the time when the __init text was freed
and re-used.

This is mostly harmless and will at worst result in refusing a kprobe.

Fixes: 6333e8f73b83 ("static_call: Avoid kprobes on inline static_call()s")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20210628113045.106211657@infradead.org
---
 kernel/static_call.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/kernel/static_call.c b/kernel/static_call.c
index 723fcc9..43ba0b1 100644
--- a/kernel/static_call.c
+++ b/kernel/static_call.c
@@ -292,13 +292,15 @@ static int addr_conflict(struct static_call_site *site, void *start, void *end)
 
 static int __static_call_text_reserved(struct static_call_site *iter_start,
 				       struct static_call_site *iter_stop,
-				       void *start, void *end)
+				       void *start, void *end, bool init)
 {
 	struct static_call_site *iter = iter_start;
 
 	while (iter < iter_stop) {
-		if (addr_conflict(iter, start, end))
-			return 1;
+		if (init || !static_call_is_init(iter)) {
+			if (addr_conflict(iter, start, end))
+				return 1;
+		}
 		iter++;
 	}
 
@@ -324,7 +326,7 @@ static int __static_call_mod_text_reserved(void *start, void *end)
 
 	ret = __static_call_text_reserved(mod->static_call_sites,
 			mod->static_call_sites + mod->num_static_call_sites,
-			start, end);
+			start, end, mod->state == MODULE_STATE_COMING);
 
 	module_put(mod);
 
@@ -459,8 +461,9 @@ static inline int __static_call_mod_text_reserved(void *start, void *end)
 
 int static_call_text_reserved(void *start, void *end)
 {
+	bool init = system_state < SYSTEM_RUNNING;
 	int ret = __static_call_text_reserved(__start_static_call_sites,
-			__stop_static_call_sites, start, end);
+			__stop_static_call_sites, start, end, init);
 
 	if (ret)
 		return ret;

[tip: locking/urgent] jump_label: Fix jump_label_text_reserved() vs __init

[tip-bot2 for Peter Zijlstra]

The following commit has been merged into the locking/urgent branch of tip:

Commit-ID:     b1487a958a6dd1f39f6ccd97c915bf132535cd1a
Gitweb:        https://git.kernel.org/tip/b1487a958a6dd1f39f6ccd97c915bf132535cd1a
Author:        Peter Zijlstra <peterz@infradead.org>
AuthorDate:    Mon, 28 Jun 2021 13:24:10 +02:00
Committer:     Peter Zijlstra <peterz@infradead.org>
CommitterDate: Fri, 02 Jul 2021 15:58:26 +02:00

jump_label: Fix jump_label_text_reserved() vs __init

It turns out that jump_label_text_reserved() was reporting __init text
as being reserved past the time when the __init text was freed and
re-used.

For a long time, this resulted in, at worst, not being able to kprobe
text that happened to land at the re-used address. However a recent
commit e7bf1ba97afd ("jump_label, x86: Emit short JMP") made it a
fatal mistake because it now needs to read the instruction in order to
determine the conflict -- an instruction that's no longer there.

Fixes: 4c3ef6d79328 ("jump label: Add jump_label_text_reserved() to reserve jump points")
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20210628113045.045141693@infradead.org
---
 kernel/jump_label.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/kernel/jump_label.c b/kernel/jump_label.c
index bdb0681..b156e15 100644
--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -316,14 +316,16 @@ static int addr_conflict(struct jump_entry *entry, void *start, void *end)
 }
 
 static int __jump_label_text_reserved(struct jump_entry *iter_start,
-		struct jump_entry *iter_stop, void *start, void *end)
+		struct jump_entry *iter_stop, void *start, void *end, bool init)
 {
 	struct jump_entry *iter;
 
 	iter = iter_start;
 	while (iter < iter_stop) {
-		if (addr_conflict(iter, start, end))
-			return 1;
+		if (init || !jump_entry_is_init(iter)) {
+			if (addr_conflict(iter, start, end))
+				return 1;
+		}
 		iter++;
 	}
 
@@ -562,7 +564,7 @@ static int __jump_label_mod_text_reserved(void *start, void *end)
 
 	ret = __jump_label_text_reserved(mod->jump_entries,
 				mod->jump_entries + mod->num_jump_entries,
-				start, end);
+				start, end, mod->state == MODULE_STATE_COMING);
 
 	module_put(mod);
 
@@ -788,8 +790,9 @@ early_initcall(jump_label_init_module);
  */
 int jump_label_text_reserved(void *start, void *end)
 {
+	bool init = system_state < SYSTEM_RUNNING;
 	int ret = __jump_label_text_reserved(__start___jump_table,
-			__stop___jump_table, start, end);
+			__stop___jump_table, start, end, init);
 
 	if (ret)
 		return ret;

[tip: locking/urgent] kprobe/static_call: Restore missing static_call_text_reserved()

[tip-bot2 for Peter Zijlstra]

The following commit has been merged into the locking/urgent branch of tip:

Commit-ID:     fa68bd09fc62240a383c0c601d3349c47db10c34
Gitweb:        https://git.kernel.org/tip/fa68bd09fc62240a383c0c601d3349c47db10c34
Author:        Peter Zijlstra <peterz@infradead.org>
AuthorDate:    Mon, 28 Jun 2021 13:24:12 +02:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Mon, 05 Jul 2021 10:47:16 +02:00

kprobe/static_call: Restore missing static_call_text_reserved()

Restore two hunks from commit:

  6333e8f73b83 ("static_call: Avoid kprobes on inline static_call()s")

that went walkabout in a Git merge commit.

Fixes: 76d4acf22b48 ("Merge tag 'perf-kprobes-2020-12-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20210628113045.167127609@infradead.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 kernel/kprobes.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index e41385a..069388d 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -35,6 +35,7 @@
 #include <linux/ftrace.h>
 #include <linux/cpu.h>
 #include <linux/jump_label.h>
+#include <linux/static_call.h>
 #include <linux/perf_event.h>
 
 #include <asm/sections.h>
@@ -1551,6 +1552,7 @@ static int check_kprobe_address_safe(struct kprobe *p,
 	if (!kernel_text_address((unsigned long) p->addr) ||
 	    within_kprobe_blacklist((unsigned long) p->addr) ||
 	    jump_label_text_reserved(p->addr, p->addr) ||
+	    static_call_text_reserved(p->addr, p->addr) ||
 	    find_bug((unsigned long)p->addr)) {
 		ret = -EINVAL;
 		goto out;

[tip: locking/urgent] static_call: Fix static_call_text_reserved() vs __init

[tip-bot2 for Peter Zijlstra]

The following commit has been merged into the locking/urgent branch of tip:

Commit-ID:     2bee6d16e4379326b1eea454e68c98b17456769e
Gitweb:        https://git.kernel.org/tip/2bee6d16e4379326b1eea454e68c98b17456769e
Author:        Peter Zijlstra <peterz@infradead.org>
AuthorDate:    Mon, 28 Jun 2021 13:24:11 +02:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Mon, 05 Jul 2021 10:46:33 +02:00

static_call: Fix static_call_text_reserved() vs __init

It turns out that static_call_text_reserved() was reporting __init
text as being reserved past the time when the __init text was freed
and re-used.

This is mostly harmless and will at worst result in refusing a kprobe.

Fixes: 6333e8f73b83 ("static_call: Avoid kprobes on inline static_call()s")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20210628113045.106211657@infradead.org
---
 kernel/static_call.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/kernel/static_call.c b/kernel/static_call.c
index 723fcc9..43ba0b1 100644
--- a/kernel/static_call.c
+++ b/kernel/static_call.c
@@ -292,13 +292,15 @@ static int addr_conflict(struct static_call_site *site, void *start, void *end)
 
 static int __static_call_text_reserved(struct static_call_site *iter_start,
 				       struct static_call_site *iter_stop,
-				       void *start, void *end)
+				       void *start, void *end, bool init)
 {
 	struct static_call_site *iter = iter_start;
 
 	while (iter < iter_stop) {
-		if (addr_conflict(iter, start, end))
-			return 1;
+		if (init || !static_call_is_init(iter)) {
+			if (addr_conflict(iter, start, end))
+				return 1;
+		}
 		iter++;
 	}
 
@@ -324,7 +326,7 @@ static int __static_call_mod_text_reserved(void *start, void *end)
 
 	ret = __static_call_text_reserved(mod->static_call_sites,
 			mod->static_call_sites + mod->num_static_call_sites,
-			start, end);
+			start, end, mod->state == MODULE_STATE_COMING);
 
 	module_put(mod);
 
@@ -459,8 +461,9 @@ static inline int __static_call_mod_text_reserved(void *start, void *end)
 
 int static_call_text_reserved(void *start, void *end)
 {
+	bool init = system_state < SYSTEM_RUNNING;
 	int ret = __static_call_text_reserved(__start_static_call_sites,
-			__stop_static_call_sites, start, end);
+			__stop_static_call_sites, start, end, init);
 
 	if (ret)
 		return ret;

[tip: locking/urgent] jump_label: Fix jump_label_text_reserved() vs __init

[tip-bot2 for Peter Zijlstra]

The following commit has been merged into the locking/urgent branch of tip:

Commit-ID:     9e667624c291753b8a5128f620f493d0b5226063
Gitweb:        https://git.kernel.org/tip/9e667624c291753b8a5128f620f493d0b5226063
Author:        Peter Zijlstra <peterz@infradead.org>
AuthorDate:    Mon, 28 Jun 2021 13:24:10 +02:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Mon, 05 Jul 2021 10:46:20 +02:00

jump_label: Fix jump_label_text_reserved() vs __init

It turns out that jump_label_text_reserved() was reporting __init text
as being reserved past the time when the __init text was freed and
re-used.

For a long time, this resulted in, at worst, not being able to kprobe
text that happened to land at the re-used address. However a recent
commit e7bf1ba97afd ("jump_label, x86: Emit short JMP") made it a
fatal mistake because it now needs to read the instruction in order to
determine the conflict -- an instruction that's no longer there.

Fixes: 4c3ef6d79328 ("jump label: Add jump_label_text_reserved() to reserve jump points")
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20210628113045.045141693@infradead.org
---
 kernel/jump_label.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/kernel/jump_label.c b/kernel/jump_label.c
index bdb0681..b156e15 100644
--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -316,14 +316,16 @@ static int addr_conflict(struct jump_entry *entry, void *start, void *end)
 }
 
 static int __jump_label_text_reserved(struct jump_entry *iter_start,
-		struct jump_entry *iter_stop, void *start, void *end)
+		struct jump_entry *iter_stop, void *start, void *end, bool init)
 {
 	struct jump_entry *iter;
 
 	iter = iter_start;
 	while (iter < iter_stop) {
-		if (addr_conflict(iter, start, end))
-			return 1;
+		if (init || !jump_entry_is_init(iter)) {
+			if (addr_conflict(iter, start, end))
+				return 1;
+		}
 		iter++;
 	}
 
@@ -562,7 +564,7 @@ static int __jump_label_mod_text_reserved(void *start, void *end)
 
 	ret = __jump_label_text_reserved(mod->jump_entries,
 				mod->jump_entries + mod->num_jump_entries,
-				start, end);
+				start, end, mod->state == MODULE_STATE_COMING);
 
 	module_put(mod);
 
@@ -788,8 +790,9 @@ early_initcall(jump_label_init_module);
  */
 int jump_label_text_reserved(void *start, void *end)
 {
+	bool init = system_state < SYSTEM_RUNNING;
 	int ret = __jump_label_text_reserved(__start___jump_table,
-			__stop___jump_table, start, end);
+			__stop___jump_table, start, end, init);
 
 	if (ret)
 		return ret;