[PATCH OLK-6.6] livepatch: fix insn length check

29 Jul 2025

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/ICPCXQ

----------------------------------------

When livepatch checks the instruction length while ftrace is modifying
the instruction, livepatch might read incorrect insn length.
This tries to fix the issue by holding jump_label_lock() when doing insn
check.

Fixes: 4fe95df15c61 ("livepatch/core: Avoid conflict with static {call,key}")
Signed-off-by: Pan Taixi <pantaixi1@huawei.com>
---
 kernel/livepatch/core.c | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index bb7ecc516b4a..6c5b3f52967a 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -21,6 +21,7 @@
 #include <linux/completion.h>
 #include <linux/memory.h>
 #include <linux/rcupdate.h>
+#include <linux/jump_label.h>
 #include <asm/cacheflush.h>
 #include "core.h"
 #ifdef CONFIG_LIVEPATCH_FTRACE
@@ -1602,18 +1603,11 @@ static int check_address_conflict(struct klp_patch *patch)
 {
 	struct klp_object *obj;
 	struct klp_func *func;
-	int ret;
+	int ret = 0;
 	void *start;
 	void *end;
 
-	/*
-	 * Locks seem required as comment of jump_label_text_reserved() said:
-	 *   Caller must hold jump_label_mutex.
-	 * But looking into implementation of jump_label_text_reserved() and
-	 * static_call_text_reserved(), call sites of every jump_label or static_call
-	 * are checked, and they won't be changed after corresponding module inserted,
-	 * so no need to take jump_label_lock and static_call_lock here.
-	 */
+	jump_label_lock();
 	klp_for_each_object(patch, obj) {
 		klp_for_each_func(obj, func) {
 			start = func->old_func;
@@ -1622,17 +1616,21 @@ static int check_address_conflict(struct klp_patch *patch)
 			if (ret) {
 				pr_err("'%s' has static key in first %zu bytes, ret=%d\n",
 				       func->old_name, KLP_MAX_REPLACE_SIZE, ret);
-				return -EINVAL;
+				ret = -EINVAL;
+				goto out;
 			}
 			ret = static_call_text_reserved(start, end);
 			if (ret) {
 				pr_err("'%s' has static call in first %zu bytes, ret=%d\n",
 				       func->old_name, KLP_MAX_REPLACE_SIZE, ret);
-				return -EINVAL;
+				ret = -EINVAL;
+				goto out;
 			}
 		}
 	}
-	return 0;
+out:
+	jump_label_unlock();
+	return ret;
 }
 
 static int state_show(struct seq_file *m, void *v)
-- 
2.34.1

    

Pan Taixi

patchwork bot

tags

participants (2)