diff options
Diffstat (limited to 'debian/patches/bugfix/x86/retbleed/0055-x86-static_call-Serialize-__static_call_fixup-proper.patch')
| -rw-r--r-- | debian/patches/bugfix/x86/retbleed/0055-x86-static_call-Serialize-__static_call_fixup-proper.patch | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/debian/patches/bugfix/x86/retbleed/0055-x86-static_call-Serialize-__static_call_fixup-proper.patch b/debian/patches/bugfix/x86/retbleed/0055-x86-static_call-Serialize-__static_call_fixup-proper.patch new file mode 100644 index 000000000..0fb2a7efa --- /dev/null +++ b/debian/patches/bugfix/x86/retbleed/0055-x86-static_call-Serialize-__static_call_fixup-proper.patch @@ -0,0 +1,70 @@ +From: Thomas Gleixner <tglx@linutronix.de> +Date: Tue, 12 Jul 2022 14:01:06 +0200 +Subject: x86/static_call: Serialize __static_call_fixup() properly +Origin: https://git.kernel.org/linus/c27c753ea6fd1237f4f96abf8b623d7bab505513 + +__static_call_fixup() invokes __static_call_transform() without holding +text_mutex, which causes lockdep to complain in text_poke_bp(). + +Adding the proper locking cures that, but as this is either used during +early boot or during module finalizing, it's not required to use +text_poke_bp(). Add an argument to __static_call_transform() which tells +it to use text_poke_early() for it. + +Fixes: ee88d363d156 ("x86,static_call: Use alternative RET encoding") +Signed-off-by: Thomas Gleixner <tglx@linutronix.de> +Signed-off-by: Borislav Petkov <bp@suse.de> +--- + arch/x86/kernel/static_call.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/arch/x86/kernel/static_call.c b/arch/x86/kernel/static_call.c +index be7038a0da4d..aaaba85d6d7f 100644 +--- a/arch/x86/kernel/static_call.c ++++ b/arch/x86/kernel/static_call.c +@@ -25,7 +25,8 @@ static const u8 xor5rax[] = { 0x2e, 0x2e, 0x2e, 0x31, 0xc0 }; + + static const u8 retinsn[] = { RET_INSN_OPCODE, 0xcc, 0xcc, 0xcc, 0xcc }; + +-static void __ref __static_call_transform(void *insn, enum insn_type type, void *func) ++static void __ref __static_call_transform(void *insn, enum insn_type type, ++ void *func, bool modinit) + { + const void *emulate = NULL; + int size = CALL_INSN_SIZE; +@@ -60,7 +61,7 @@ static void __ref __static_call_transform(void *insn, enum insn_type type, void + if (memcmp(insn, code, size) == 0) + return; + +- if (unlikely(system_state == SYSTEM_BOOTING)) ++ if (system_state == SYSTEM_BOOTING || modinit) + return text_poke_early(insn, code, size); + + text_poke_bp(insn, code, size, emulate); +@@ -114,12 +115,12 @@ void arch_static_call_transform(void *site, void *tramp, void *func, bool tail) + + if (tramp) { + __static_call_validate(tramp, true, true); +- __static_call_transform(tramp, __sc_insn(!func, true), func); ++ __static_call_transform(tramp, __sc_insn(!func, true), func, false); + } + + if (IS_ENABLED(CONFIG_HAVE_STATIC_CALL_INLINE) && site) { + __static_call_validate(site, tail, false); +- __static_call_transform(site, __sc_insn(!func, tail), func); ++ __static_call_transform(site, __sc_insn(!func, tail), func, false); + } + + mutex_unlock(&text_mutex); +@@ -145,8 +146,10 @@ bool __static_call_fixup(void *tramp, u8 op, void *dest) + return false; + } + ++ mutex_lock(&text_mutex); + if (op == RET_INSN_OPCODE || dest == &__x86_return_thunk) +- __static_call_transform(tramp, RET, NULL); ++ __static_call_transform(tramp, RET, NULL, true); ++ mutex_unlock(&text_mutex); + + return true; + } |