[PATCH v2 0/3] Support intra-function call validation

[PATCH v2 0/3] Support intra-function call validation

[Rui Qi]

Since kernel version 5.4.217 LTS, there has been an issue with the kernel live patching feature becoming unavailable. 
When compiling the sample code for kernel live patching, the following message is displayed when enabled:

livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack

Reproduction steps:
1.git checkout v5.4.269 -b v5.4.269
2.make defconfig
3. Set CONFIG_LIVEPATCH=y、CONFIG_SAMPLE_LIVEPATCH=m
4. make -j bzImage
5. make samples/livepatch/livepatch-sample.ko
6. qemu-system-x86_64 -kernel arch/x86_64/boot/bzImage -nographic -append "console=ttyS0" -initrd initrd.img -m 1024M
7. insmod livepatch-sample.ko

Kernel live patch cannot complete successfully.

After some debugging, the immediate cause of the patch failure is an error in stack checking. The logs are as follows:
[ 340.974853] livepatch: klp_check_stack: kworker/u256:0:23486 has an unreliable stack
[ 340.974858] livepatch: klp_check_stack: kworker/u256:1:23487 has an unreliable stack
[ 340.974863] livepatch: klp_check_stack: kworker/u256:2:23488 has an unreliable stack
[ 340.974868] livepatch: klp_check_stack: kworker/u256:5:23489 has an unreliable stack
[ 340.974872] livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
......

BTW,if you use the v5.4.217 tag for testing, make sure to set CONFIG_RETPOLINE = y and CONFIG_LIVEPATCH = y, and other steps are consistent with v5.4.269

After investigation, The problem is strongly related to the commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"),
which would cause incorrect ORC entries to be generated, and the v5.4.217 version can undo this commit to make kernel livepatch work normally. 
It is a back-ported upstream patch with some code adjustments,from the git log, the author also mentioned no intra-function call validation support.

Based on commit 6e1f54a4985b63bc1b55a09e5e75a974c5d6719b (Linux 5.4.269), This patchset adds stack validation support for intra-function calls, 
allowing the kernel live patching feature to work correctly.

Alexandre Chartre (2):
  objtool: is_fentry_call() crashes if call has no destination
  objtool: Add support for intra-function calls

Rui Qi (1):
  x86/speculation: Support intra-function call validation

 arch/x86/include/asm/nospec-branch.h          |  7 ++
 include/linux/frame.h                         | 11 ++++
 .../Documentation/stack-validation.txt        |  8 +++
 tools/objtool/arch/x86/decode.c               |  6 ++
 tools/objtool/check.c                         | 64 +++++++++++++++++--
 5 files changed, 91 insertions(+), 5 deletions(-)

-- 
2.39.2 (Apple Git-143)

[PATCH v2 1/3] objtool: is_fentry_call() crashes if call has no destination

[Rui Qi]

From: Alexandre Chartre <alexandre.chartre@oracle.com>

commit 87cf61fe848ca8ddf091548671e168f52e8a718e upstream.

Fix is_fentry_call() so that it works if a call has no destination
set (call_dest). This needs to be done in order to support intra-
function calls.

Signed-off-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/20200414103618.12657-2-alexandre.chartre@oracle.com
Signed-off-by: Rui Qi <qirui.001@bytedance.com>
---
 tools/objtool/check.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index dfd67243faac..71a24fd46dbd 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -1367,7 +1367,7 @@ static int decode_sections(struct objtool_file *file)
 
 static bool is_fentry_call(struct instruction *insn)
 {
-	if (insn->type == INSN_CALL &&
+	if (insn->type == INSN_CALL && insn->call_dest &&
 	    insn->call_dest->type == STT_NOTYPE &&
 	    !strcmp(insn->call_dest->name, "__fentry__"))
 		return true;
-- 
2.39.2 (Apple Git-143)

[PATCH v2 2/3] objtool: Add support for intra-function calls

[Rui Qi]

From: Alexandre Chartre <alexandre.chartre@oracle.com>

commit 8aa8eb2a8f5b3305a95f39957dd2b715fa668e21 upstream.

Change objtool to support intra-function calls. On x86, an intra-function
call is represented in objtool as a push onto the stack (of the return
address), and a jump to the destination address. That way the stack
information is correctly updated and the call flow is still accurate.

Signed-off-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/20200414103618.12657-4-alexandre.chartre@oracle.com
Signed-off-by: Rui Qi <qirui.001@bytedance.com>
---
 include/linux/frame.h                         | 11 ++++
 .../Documentation/stack-validation.txt        |  8 +++
 tools/objtool/arch/x86/decode.c               |  6 ++
 tools/objtool/check.c                         | 62 +++++++++++++++++--
 4 files changed, 83 insertions(+), 4 deletions(-)

diff --git a/include/linux/frame.h b/include/linux/frame.h
index 02d3ca2d9598..303cda600e56 100644
--- a/include/linux/frame.h
+++ b/include/linux/frame.h
@@ -15,9 +15,20 @@
 	static void __used __section(.discard.func_stack_frame_non_standard) \
 		*__func_stack_frame_non_standard_##func = func
 
+/*
+ * This macro indicates that the following intra-function call is valid.
+ * Any non-annotated intra-function call will cause objtool to issue a warning.
+ */
+#define ANNOTATE_INTRA_FUNCTION_CALL				\
+	999:							\
+	.pushsection .discard.intra_function_calls;		\
+	.long 999b;						\
+	.popsection;
+
 #else /* !CONFIG_STACK_VALIDATION */
 
 #define STACK_FRAME_NON_STANDARD(func)
+#define ANNOTATE_INTRA_FUNCTION_CALL
 
 #endif /* CONFIG_STACK_VALIDATION */
 
diff --git a/tools/objtool/Documentation/stack-validation.txt b/tools/objtool/Documentation/stack-validation.txt
index de094670050b..ee26bb382b70 100644
--- a/tools/objtool/Documentation/stack-validation.txt
+++ b/tools/objtool/Documentation/stack-validation.txt
@@ -290,6 +290,14 @@ they mean, and suggestions for how to fix them.
       https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70646
 
 
+11. file.o: warning: unannotated intra-function call
+
+   This warning means that a direct call is done to a destination which
+   is not at the beginning of a function. If this is a legit call, you
+   can remove this warning by putting the ANNOTATE_INTRA_FUNCTION_CALL
+   directive right before the call.
+
+
 If the error doesn't seem to make sense, it could be a bug in objtool.
 Feel free to ask the objtool maintainer for help.
 
diff --git a/tools/objtool/arch/x86/decode.c b/tools/objtool/arch/x86/decode.c
index a62e032863a8..c3ff62c085c8 100644
--- a/tools/objtool/arch/x86/decode.c
+++ b/tools/objtool/arch/x86/decode.c
@@ -437,6 +437,12 @@ int arch_decode_instruction(struct elf *elf, struct section *sec,
 
 	case 0xe8:
 		*type = INSN_CALL;
+		/*
+		 * For the impact on the stack, a CALL behaves like
+		 * a PUSH of an immediate value (the return address).
+		 */
+			op->src.type = OP_SRC_CONST;
+			op->dest.type = OP_DEST_PUSH;
 		break;
 
 	case 0xfc:
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 71a24fd46dbd..0fa414869f45 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -645,6 +645,7 @@ static int add_jump_destinations(struct objtool_file *file)
 	return 0;
 }
 
+
 /*
  * Find the destination instructions for all calls.
  */
@@ -666,10 +667,7 @@ static int add_call_destinations(struct objtool_file *file)
 								dest_off);
 
 			if (!insn->call_dest && !insn->ignore) {
-				WARN_FUNC("unsupported intra-function call",
-					  insn->sec, insn->offset);
-				if (retpoline)
-					WARN("If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE.");
+				WARN_FUNC("unannotated intra-function call", insn->sec, insn->offset);
 				return -1;
 			}
 
@@ -1291,6 +1289,58 @@ static int read_retpoline_hints(struct objtool_file *file)
 	return 0;
 }
 
+
+static int read_intra_function_calls(struct objtool_file *file)
+{
+	struct instruction *insn;
+	struct section *sec;
+	struct rela *rela;
+
+	sec = find_section_by_name(file->elf, ".rela.discard.intra_function_calls");
+	if (!sec)
+		return 0;
+
+	list_for_each_entry(rela, &sec->rela_list, list) {
+		unsigned long dest_off;
+
+		if (rela->sym->type != STT_SECTION) {
+			WARN("unexpected relocation symbol type in %s",
+			     sec->name);
+			return -1;
+		}
+
+		insn = find_insn(file, rela->sym->sec, rela->addend);
+		if (!insn) {
+			WARN("bad .discard.intra_function_call entry");
+			return -1;
+		}
+
+		if (insn->type != INSN_CALL) {
+			WARN_FUNC("intra_function_call not a direct call",
+				  insn->sec, insn->offset);
+			return -1;
+		}
+
+		/*
+		 * Treat intra-function CALLs as JMPs, but with a stack_op.
+		 * See add_call_destinations(), which strips stack_ops from
+		 * normal CALLs.
+		 */
+		insn->type = INSN_JUMP_UNCONDITIONAL;
+
+		dest_off = insn->offset + insn->len + insn->immediate;
+		insn->jump_dest = find_insn(file, insn->sec, dest_off);
+		if (!insn->jump_dest) {
+			WARN_FUNC("can't find call dest at %s+0x%lx",
+				  insn->sec, insn->offset,
+				  insn->sec->name, dest_off);
+			return -1;
+		}
+	}
+
+	return 0;
+}
+
 static void mark_rodata(struct objtool_file *file)
 {
 	struct section *sec;
@@ -1346,6 +1396,10 @@ static int decode_sections(struct objtool_file *file)
 	if (ret)
 		return ret;
 
+	ret = read_intra_function_calls(file);
+	if (ret)
+		return ret;
+
 	ret = add_call_destinations(file);
 	if (ret)
 		return ret;
-- 
2.39.2 (Apple Git-143)

[PATCH v2 3/3] x86/speculation: Support intra-function call validation

[Rui Qi]

commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER
 to work with objtool") does not support intra-function call
 stack validation, which causes kernel live patching to fail.
This commit adds support for this, and after testing, the kernel
 live patching feature is restored to normal.

Fixes: 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool")
Cc: <stable@vger.kernel.org> # v5.4.250+
Signed-off-by: Rui Qi <qirui.001@bytedance.com>
---
 arch/x86/include/asm/nospec-branch.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index c8819358a332..a88135c358c0 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -13,6 +13,8 @@
 #include <asm/unwind_hints.h>
 #include <asm/percpu.h>
 
+#include <linux/frame.h>
+#include <asm/unwind_hints.h>
 /*
  * This should be used immediately before a retpoline alternative. It tells
  * objtool where the retpolines are so that it can make sense of the control
@@ -51,14 +53,18 @@
 #define __FILL_RETURN_BUFFER(reg, nr, sp)	\
 	mov	$(nr/2), reg;			\
 771:						\
+	ANNOTATE_INTRA_FUNCTION_CALL;           \
 	call	772f;				\
 773:	/* speculation trap */			\
+	UNWIND_HINT_EMPTY;		\
 	pause;					\
 	lfence;					\
 	jmp	773b;				\
 772:						\
+	ANNOTATE_INTRA_FUNCTION_CALL;           \
 	call	774f;				\
 775:	/* speculation trap */			\
+	UNWIND_HINT_EMPTY;                      \
 	pause;					\
 	lfence;					\
 	jmp	775b;				\
@@ -152,6 +158,7 @@
 .endm
 
 .macro ISSUE_UNBALANCED_RET_GUARD
+	ANNOTATE_INTRA_FUNCTION_CALL;
 	call .Lunbalanced_ret_guard_\@
 	int3
 .Lunbalanced_ret_guard_\@:
-- 
2.39.2 (Apple Git-143)

Re: [PATCH v2 0/3] Support intra-function call validation

[Greg KH]

On Wed, Feb 28, 2024 at 10:45:32AM +0800, Rui Qi wrote:
> Since kernel version 5.4.217 LTS, there has been an issue with the kernel live patching feature becoming unavailable. 
> When compiling the sample code for kernel live patching, the following message is displayed when enabled:
> 
> livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
> 
> Reproduction steps:
> 1.git checkout v5.4.269 -b v5.4.269
> 2.make defconfig
> 3. Set CONFIG_LIVEPATCH=y、CONFIG_SAMPLE_LIVEPATCH=m
> 4. make -j bzImage
> 5. make samples/livepatch/livepatch-sample.ko
> 6. qemu-system-x86_64 -kernel arch/x86_64/boot/bzImage -nographic -append "console=ttyS0" -initrd initrd.img -m 1024M
> 7. insmod livepatch-sample.ko
> 
> Kernel live patch cannot complete successfully.
> 
> After some debugging, the immediate cause of the patch failure is an error in stack checking. The logs are as follows:
> [ 340.974853] livepatch: klp_check_stack: kworker/u256:0:23486 has an unreliable stack
> [ 340.974858] livepatch: klp_check_stack: kworker/u256:1:23487 has an unreliable stack
> [ 340.974863] livepatch: klp_check_stack: kworker/u256:2:23488 has an unreliable stack
> [ 340.974868] livepatch: klp_check_stack: kworker/u256:5:23489 has an unreliable stack
> [ 340.974872] livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
> ......
> 
> BTW,if you use the v5.4.217 tag for testing, make sure to set CONFIG_RETPOLINE = y and CONFIG_LIVEPATCH = y, and other steps are consistent with v5.4.269
> 
> After investigation, The problem is strongly related to the commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"),
> which would cause incorrect ORC entries to be generated, and the v5.4.217 version can undo this commit to make kernel livepatch work normally. 
> It is a back-ported upstream patch with some code adjustments,from the git log, the author also mentioned no intra-function call validation support.
> 
> Based on commit 6e1f54a4985b63bc1b55a09e5e75a974c5d6719b (Linux 5.4.269), This patchset adds stack validation support for intra-function calls, 
> allowing the kernel live patching feature to work correctly.
> 
> Alexandre Chartre (2):
>   objtool: is_fentry_call() crashes if call has no destination
>   objtool: Add support for intra-function calls
> 
> Rui Qi (1):
>   x86/speculation: Support intra-function call validation
> 
>  arch/x86/include/asm/nospec-branch.h          |  7 ++
>  include/linux/frame.h                         | 11 ++++
>  .../Documentation/stack-validation.txt        |  8 +++
>  tools/objtool/arch/x86/decode.c               |  6 ++
>  tools/objtool/check.c                         | 64 +++++++++++++++++--
>  5 files changed, 91 insertions(+), 5 deletions(-)

All now queued up, thanks!

greg k-h

Re: [PATCH v2 0/3] Support intra-function call validation

[Greg KH]

On Mon, Mar 04, 2024 at 11:41:46AM +0100, Greg KH wrote:
> On Wed, Feb 28, 2024 at 10:45:32AM +0800, Rui Qi wrote:
> > Since kernel version 5.4.217 LTS, there has been an issue with the kernel live patching feature becoming unavailable. 
> > When compiling the sample code for kernel live patching, the following message is displayed when enabled:
> > 
> > livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
> > 
> > Reproduction steps:
> > 1.git checkout v5.4.269 -b v5.4.269
> > 2.make defconfig
> > 3. Set CONFIG_LIVEPATCH=y、CONFIG_SAMPLE_LIVEPATCH=m
> > 4. make -j bzImage
> > 5. make samples/livepatch/livepatch-sample.ko
> > 6. qemu-system-x86_64 -kernel arch/x86_64/boot/bzImage -nographic -append "console=ttyS0" -initrd initrd.img -m 1024M
> > 7. insmod livepatch-sample.ko
> > 
> > Kernel live patch cannot complete successfully.
> > 
> > After some debugging, the immediate cause of the patch failure is an error in stack checking. The logs are as follows:
> > [ 340.974853] livepatch: klp_check_stack: kworker/u256:0:23486 has an unreliable stack
> > [ 340.974858] livepatch: klp_check_stack: kworker/u256:1:23487 has an unreliable stack
> > [ 340.974863] livepatch: klp_check_stack: kworker/u256:2:23488 has an unreliable stack
> > [ 340.974868] livepatch: klp_check_stack: kworker/u256:5:23489 has an unreliable stack
> > [ 340.974872] livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
> > ......
> > 
> > BTW,if you use the v5.4.217 tag for testing, make sure to set CONFIG_RETPOLINE = y and CONFIG_LIVEPATCH = y, and other steps are consistent with v5.4.269
> > 
> > After investigation, The problem is strongly related to the commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"),
> > which would cause incorrect ORC entries to be generated, and the v5.4.217 version can undo this commit to make kernel livepatch work normally. 
> > It is a back-ported upstream patch with some code adjustments,from the git log, the author also mentioned no intra-function call validation support.
> > 
> > Based on commit 6e1f54a4985b63bc1b55a09e5e75a974c5d6719b (Linux 5.4.269), This patchset adds stack validation support for intra-function calls, 
> > allowing the kernel live patching feature to work correctly.
> > 
> > Alexandre Chartre (2):
> >   objtool: is_fentry_call() crashes if call has no destination
> >   objtool: Add support for intra-function calls
> > 
> > Rui Qi (1):
> >   x86/speculation: Support intra-function call validation
> > 
> >  arch/x86/include/asm/nospec-branch.h          |  7 ++
> >  include/linux/frame.h                         | 11 ++++
> >  .../Documentation/stack-validation.txt        |  8 +++
> >  tools/objtool/arch/x86/decode.c               |  6 ++
> >  tools/objtool/check.c                         | 64 +++++++++++++++++--
> >  5 files changed, 91 insertions(+), 5 deletions(-)
> 
> All now queued up, thanks!

Nope, these break the build:

../arch/x86/include/asm/nospec-branch.h:313: Error: no such instruction: `unwind_hint_empty'
../arch/x86/include/asm/nospec-branch.h:313: Error: no such instruction: `unwind_hint_empty'

How did you test them?  I'll go drop them from the queue now, sorry.
Please fix them up and resend when you have something that works.

greg k-h

Re: [External] Re: [PATCH v2 0/3] Support intra-function call validation

[Rui Qi]

Hi Greg,
I checked out commit e133c1ee6d7271007fdba3dbe78818afd88943f9 (Linux 5.4.270), applied my patche set on top, enabled CONFIG_LIVEPATCH based on x86 defconfig, compiled without any issues. I couldn't even grep unwind_hint_empty in the codebase, so I'm quite puzzled about how this phenomenon occurred. Can you tell me how to reproduce this compilation error?

In addition, my patchset only applies to the LTS branch of 5.4, not to other branches. Please be careful not to merge it into other branches.Other stable branches do not have the problem of such kernel livepatch issue.

On 3/4/24 6:55 PM, Greg KH wrote:
> On Mon, Mar 04, 2024 at 11:41:46AM +0100, Greg KH wrote:
>> On Wed, Feb 28, 2024 at 10:45:32AM +0800, Rui Qi wrote:
>>> Since kernel version 5.4.217 LTS, there has been an issue with the kernel live patching feature becoming unavailable.
>>> When compiling the sample code for kernel live patching, the following message is displayed when enabled:
>>>
>>> livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
>>>
>>> Reproduction steps:
>>> 1.git checkout v5.4.269 -b v5.4.269
>>> 2.make defconfig
>>> 3. Set CONFIG_LIVEPATCH=y、CONFIG_SAMPLE_LIVEPATCH=m
>>> 4. make -j bzImage
>>> 5. make samples/livepatch/livepatch-sample.ko
>>> 6. qemu-system-x86_64 -kernel arch/x86_64/boot/bzImage -nographic -append "console=ttyS0" -initrd initrd.img -m 1024M
>>> 7. insmod livepatch-sample.ko
>>>
>>> Kernel live patch cannot complete successfully.
>>>
>>> After some debugging, the immediate cause of the patch failure is an error in stack checking. The logs are as follows:
>>> [ 340.974853] livepatch: klp_check_stack: kworker/u256:0:23486 has an unreliable stack
>>> [ 340.974858] livepatch: klp_check_stack: kworker/u256:1:23487 has an unreliable stack
>>> [ 340.974863] livepatch: klp_check_stack: kworker/u256:2:23488 has an unreliable stack
>>> [ 340.974868] livepatch: klp_check_stack: kworker/u256:5:23489 has an unreliable stack
>>> [ 340.974872] livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack
>>> ......
>>>
>>> BTW,if you use the v5.4.217 tag for testing, make sure to set CONFIG_RETPOLINE = y and CONFIG_LIVEPATCH = y, and other steps are consistent with v5.4.269
>>>
>>> After investigation, The problem is strongly related to the commit 8afd1c7da2b0 ("x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"),
>>> which would cause incorrect ORC entries to be generated, and the v5.4.217 version can undo this commit to make kernel livepatch work normally.
>>> It is a back-ported upstream patch with some code adjustments,from the git log, the author also mentioned no intra-function call validation support.
>>>
>>> Based on commit 6e1f54a4985b63bc1b55a09e5e75a974c5d6719b (Linux 5.4.269), This patchset adds stack validation support for intra-function calls,
>>> allowing the kernel live patching feature to work correctly.
>>>
>>> Alexandre Chartre (2):
>>>    objtool: is_fentry_call() crashes if call has no destination
>>>    objtool: Add support for intra-function calls
>>>
>>> Rui Qi (1):
>>>    x86/speculation: Support intra-function call validation
>>>
>>>   arch/x86/include/asm/nospec-branch.h          |  7 ++
>>>   include/linux/frame.h                         | 11 ++++
>>>   .../Documentation/stack-validation.txt        |  8 +++
>>>   tools/objtool/arch/x86/decode.c               |  6 ++
>>>   tools/objtool/check.c                         | 64 +++++++++++++++++--
>>>   5 files changed, 91 insertions(+), 5 deletions(-)
>>
>> All now queued up, thanks!
> 
> Nope, these break the build:
> 
> ../arch/x86/include/asm/nospec-branch.h:313: Error: no such instruction: `unwind_hint_empty'
> ../arch/x86/include/asm/nospec-branch.h:313: Error: no such instruction: `unwind_hint_empty'
> 
> How did you test them?  I'll go drop them from the queue now, sorry.
> Please fix them up and resend when you have something that works.
> 
> greg k-h

Re: [External] Re: [PATCH v2 0/3] Support intra-function call validation

[Greg KH]

On Tue, Mar 05, 2024 at 11:28:01AM +0800, Rui Qi wrote:
> Hi Greg,
> I checked out commit e133c1ee6d7271007fdba3dbe78818afd88943f9 (Linux 5.4.270), applied my patche set on top, enabled CONFIG_LIVEPATCH based on x86 defconfig, compiled without any issues. I couldn't even grep unwind_hint_empty in the codebase, so I'm quite puzzled about how this phenomenon occurred. Can you tell me how to reproduce this compilation error?

Try building with 'make allmodconfig'.  Also, what compiler and version are you using?

> In addition, my patchset only applies to the LTS branch of 5.4, not to other branches. Please be careful not to merge it into other branches.Other stable branches do not have the problem of such kernel livepatch issue.

It just broke this branch, I didn't apply it anywhere else.

thanks,

greg k-h

Re: [External] Re: [PATCH v2 0/3] Support intra-function call validation

[Rui Qi]

No problem with make allmodconfig, the compiler I use is gcc version 8.3.0 (Debian 8.3.0 -6).

On 3/5/24 2:13 PM, Greg KH wrote:
> On Tue, Mar 05, 2024 at 11:28:01AM +0800, Rui Qi wrote:
>> Hi Greg,
>> I checked out commit e133c1ee6d7271007fdba3dbe78818afd88943f9 (Linux 5.4.270), applied my patche set on top, enabled CONFIG_LIVEPATCH based on x86 defconfig, compiled without any issues. I couldn't even grep unwind_hint_empty in the codebase, so I'm quite puzzled about how this phenomenon occurred. Can you tell me how to reproduce this compilation error?
> 
> Try building with 'make allmodconfig'.  Also, what compiler and version are you using?
> 
>> In addition, my patchset only applies to the LTS branch of 5.4, not to other branches. Please be careful not to merge it into other branches.Other stable branches do not have the problem of such kernel livepatch issue.
> 
> It just broke this branch, I didn't apply it anywhere else.
> 
> thanks,
> 
> greg k-h

Re: [External] Re: [PATCH v2 0/3] Support intra-function call validation

[Greg KH]

On Tue, Mar 05, 2024 at 02:28:52PM +0800, Rui Qi wrote:
> No problem with make allmodconfig, the compiler I use is gcc version 8.3.0 (Debian 8.3.0 -6).

That is a _VERY_ old compiler, does it even support all of the retbleed
and other stuff needed here?  Try something newer, I see this failing on
gcc-12 and probably gcc-13.

thanks,

greg k-h