Cheng Jian (5): livepatch/x86: support livepatch without ftrace livepatch/x86: check active func in consistency stack checking livepatch/arm64: check active func in consistency stack checking livepatch/x86: enable livepatch config for hulk livepatch/x86: enable livepatch config openeuler
arch/arm64/kernel/livepatch.c | 84 ++++++---- arch/x86/Kconfig | 1 + arch/x86/configs/hulk_defconfig | 54 +++--- arch/x86/configs/openeuler_defconfig | 18 +- arch/x86/configs/syzkaller_defconfig | 53 +++--- arch/x86/include/asm/livepatch.h | 33 +++- arch/x86/kernel/livepatch.c | 307 +++++++++++++++++++++++++++++++++++ kernel/livepatch/core.c | 13 ++ 8 files changed, 492 insertions(+), 71 deletions(-)
From: Cheng Jian cj.chengjian@huawei.com
hulk inclusion category: feature bugzilla: 5507 CVE: NA
----------------------------------------
support livepatch without ftrace for x86_64
supported now: livepatch relocation when init_patch after load_module; instruction patched when enable; activeness function check; enforcing the patch stacking principle;
x86_64 use variable length instruction, so there's no need to consider extra implementation for long jumps.
Signed-off-by: Cheng Jian cj.chengjian@huawei.com Signed-off-by: Li Bin huawei.libin@huawei.com Tested-by: Yang ZuoTing yangzuoting@huawei.com Tested-by: Cheng Jian cj.chengjian@huawei.com Reviewed-by: Xie XiuQi xiexiuqi@huawei.com Signed-off-by: zhangyi (F) yi.zhang@huawei.com Reviewed-By: Xie XiuQi xiexiuqi@huawei.com Reviewed-By: Xie XiuQi xiexiuqi@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- arch/x86/Kconfig | 1 + arch/x86/include/asm/livepatch.h | 33 ++++- arch/x86/kernel/livepatch.c | 280 +++++++++++++++++++++++++++++++++++++++ kernel/livepatch/core.c | 13 ++ 4 files changed, 326 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index e297c79..454d411 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -166,6 +166,7 @@ config X86 select HAVE_KRETPROBES select HAVE_KVM select HAVE_LIVEPATCH_FTRACE if X86_64 + select HAVE_LIVEPATCH_WO_FTRACE if X86_64 select HAVE_MEMBLOCK select HAVE_MEMBLOCK_NODE_MAP select HAVE_MIXED_BREAKPOINTS_REGS diff --git a/arch/x86/include/asm/livepatch.h b/arch/x86/include/asm/livepatch.h index ed80003..8f8533d 100644 --- a/arch/x86/include/asm/livepatch.h +++ b/arch/x86/include/asm/livepatch.h @@ -24,17 +24,48 @@ #include <asm/setup.h> #include <linux/ftrace.h>
+#ifdef CONFIG_LIVEPATCH static inline int klp_check_compiler_support(void) { -#ifndef CC_USING_FENTRY +#if defined(CONFIG_LIVEPATCH_FTRACE) && !defined(CC_USING_FENTRY) return 1; #endif return 0; }
+#ifdef CONFIG_LIVEPATCH_FTRACE static inline void klp_arch_set_pc(struct pt_regs *regs, unsigned long ip) { regs->ip = ip; }
+static inline unsigned long klp_arch_stub_ip(unsigned long addr) +{ + return addr; +} +#else /* CONFIG_LIVEPATCH_WO_FTRACE */ +#define klp_smp_isb() + +static inline void klp_arch_set_pc(struct pt_regs *regs, unsigned long ip) +{ + BUG(); +} + +static inline unsigned long klp_arch_stub_ip(unsigned long addr) +{ + BUG(); + return 0; +} + +struct klp_patch; +struct klp_func; +int arch_klp_patch_func(struct klp_func *func); +void arch_klp_unpatch_func(struct klp_func *func); +int klp_check_calltrace(struct klp_patch *patch, int enable); +#endif + +#else +#error Live patching support is disabled; check CONFIG_LIVEPATCH +#endif + #endif /* _ASM_X86_LIVEPATCH_H */ diff --git a/arch/x86/kernel/livepatch.c b/arch/x86/kernel/livepatch.c index e9d252d..1fbfa62 100644 --- a/arch/x86/kernel/livepatch.c +++ b/arch/x86/kernel/livepatch.c @@ -15,10 +15,14 @@ * along with this program; if not, see http://www.gnu.org/licenses/. */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/module.h> #include <linux/kallsyms.h> #include <linux/livepatch.h> #include <asm/text-patching.h> +#include <asm/stacktrace.h> +#include <asm/set_memory.h>
/* Apply per-object alternatives. Based on x86 module_finalize() */ void arch_klp_init_object_loaded(struct klp_patch *patch, @@ -63,3 +67,279 @@ void arch_klp_init_object_loaded(struct klp_patch *patch, apply_paravirt(pseg, pseg + para->sh_size); } } + + +#ifdef CONFIG_LIVEPATCH_WO_FTRACE +static inline int klp_compare_address(unsigned long stack_addr, + unsigned long func_addr, unsigned long func_size, + const char *func_name) +{ + if (stack_addr >= func_addr && stack_addr < func_addr + func_size) { + pr_err("func %s is in use!\n", func_name); + return -EBUSY; + } + return 0; +} + +static int klp_check_stack_func(struct klp_func *func, + struct stack_trace *trace, int enable) +{ + unsigned long func_addr, func_size, address; + const char *func_name; + int i; + + for (i = 0; i < trace->nr_entries; i++) { + address = trace->entries[i]; + + if (enable) { + if (func->force) + continue; + func_addr = func->old_addr; + func_size = func->old_size; + } else { + func_addr = (unsigned long)func->new_func; + func_size = func->new_size; + } + func_name = func->old_name; + + if (klp_compare_address(address, func_addr, + func_size, func_name)) + return -EAGAIN; + } + + return 0; +} + +static void klp_print_stack_trace(struct stack_trace *trace) +{ + int i; + + pr_err("Call Trace:\n"); + for (i = 0; i < trace->nr_entries; i++) { + pr_err("[<%pK>] %pS\n", + (void *)trace->entries[i], + (void *)trace->entries[i]); + } + +} + +#ifdef MAX_STACK_ENTRIES +#undef MAX_STACK_ENTRIES +#endif +#define MAX_STACK_ENTRIES 100 + +/* + * Determine whether it's safe to transition the task to the target patch state + * by looking for any to-be-patched or to-be-unpatched functions on its stack. + */ +static int klp_check_stack(struct task_struct *task, + struct klp_patch *patch, int enable) + +{ + static unsigned long entries[MAX_STACK_ENTRIES]; + struct stack_trace trace; + struct klp_object *obj; + struct klp_func *func; + int ret; + + trace.skip = 0; + trace.nr_entries = 0; + trace.max_entries = MAX_STACK_ENTRIES; + trace.entries = entries; + ret = save_stack_trace_tsk_reliable(task, &trace); + WARN_ON_ONCE(ret == -ENOSYS); + if (ret) { + pr_info("%s: %s:%d has an unreliable stack\n", + __func__, task->comm, task->pid); + return ret; + } + + klp_for_each_object(patch, obj) { + klp_for_each_func(obj, func) { + ret = klp_check_stack_func(func, &trace, enable); + if (ret) { + pr_info("%s: %s:%d is sleeping on function %s\n", + __func__, task->comm, task->pid, + func->old_name); + + klp_print_stack_trace(&trace); + + return ret; + + } + } + } + + return 0; +} + +int klp_check_calltrace(struct klp_patch *patch, int enable) +{ + struct task_struct *g, *t; + int ret = 0; + + for_each_process_thread(g, t) { + ret = klp_check_stack(t, patch, enable); + if (ret) + goto out; + } + +out: + return ret; +} + +#include <linux/slab.h> +#include <asm/nops.h> +#include <asm/sections.h> + +#define JMP_E9_INSN_SIZE 5 +union klp_code_union { + char code[JMP_E9_INSN_SIZE]; + struct { + unsigned char e9; + int offset; + } __packed; +}; + +struct klp_func_node { + struct list_head node; + struct list_head func_stack; + unsigned long old_addr; + unsigned char old_code[JMP_E9_INSN_SIZE]; +}; + +static LIST_HEAD(klp_func_list); + +static struct klp_func_node *klp_find_func_node(unsigned long old_addr) +{ + struct klp_func_node *func_node; + + list_for_each_entry(func_node, &klp_func_list, node) { + if (func_node->old_addr == old_addr) + return func_node; + } + + return NULL; +} + +int arch_klp_init_func(struct klp_object *obj, struct klp_func *func) +{ + return 0; +} + +void arch_klp_free_func(struct klp_object *obj, struct klp_func *limit) +{ + +} + +static int klp_calc_offset(long pc, long addr) +{ + return (int)(addr - pc); +} + +static unsigned char *klp_jmp_code(unsigned long ip, unsigned long addr) +{ + static union klp_code_union calc; + + calc.e9 = 0xe9; + calc.offset = klp_calc_offset(ip + JMP_E9_INSN_SIZE, addr); + + return calc.code; +} + +static unsigned char *klp_old_code(unsigned char *code) +{ + static union klp_code_union old_code; + + strncpy(old_code.code, code, JMP_E9_INSN_SIZE); + return old_code.code; +} + +void arch_klp_code_modify_prepare(void) +{ + set_kernel_text_rw(); + set_all_modules_text_rw(); +} + +void arch_klp_code_modify_post_process(void) +{ + set_all_modules_text_ro(); + set_kernel_text_ro(); +} + +static inline int within(unsigned long addr, unsigned long start, + unsigned long end) +{ + return addr >= start && addr < end; +} + +static unsigned long text_ip_addr(unsigned long ip) +{ + if (within(ip, (unsigned long)_text, (unsigned long)_etext)) + ip = (unsigned long)__va(__pa_symbol(ip)); + + return ip; +} + +int arch_klp_patch_func(struct klp_func *func) +{ + struct klp_func_node *func_node; + unsigned long ip, new_addr; + const unsigned char *new; + + func_node = klp_find_func_node(func->old_addr); + ip = func->old_addr; + if (!func_node) { + func_node = kzalloc(sizeof(*func_node), GFP_ATOMIC); + if (!func_node) + return -ENOMEM; + + INIT_LIST_HEAD(&func_node->func_stack); + func_node->old_addr = func->old_addr; + probe_kernel_read(func_node->old_code, + (void *)ip, JMP_E9_INSN_SIZE); + list_add_rcu(&func_node->node, &klp_func_list); + } + + list_add_rcu(&func->stack_node, &func_node->func_stack); + + new_addr = (unsigned long)func->new_func; + new = klp_jmp_code(ip, new_addr); + + ip = text_ip_addr(ip); + if (probe_kernel_write((void *)ip, new, JMP_E9_INSN_SIZE)) + return -EPERM; + + sync_core(); + + return 0; +} + +void arch_klp_unpatch_func(struct klp_func *func) +{ + struct klp_func_node *func_node; + struct klp_func *next_func; + unsigned long ip, new_addr; + const unsigned char *new; + + func_node = klp_find_func_node(func->old_addr); + ip = func_node->old_addr; + if (list_is_singular(&func_node->func_stack)) { + list_del_rcu(&func->stack_node); + list_del_rcu(&func_node->node); + new = klp_old_code(func_node->old_code); + kfree(func_node); + } else { + list_del_rcu(&func->stack_node); + next_func = list_first_or_null_rcu(&func_node->func_stack, + struct klp_func, stack_node); + + new_addr = (unsigned long)next_func->new_func; + new = klp_jmp_code(ip, new_addr); + } + + ip = text_ip_addr(ip); + probe_kernel_write((void *)ip, new, JMP_E9_INSN_SIZE); + sync_core(); +} +#endif diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c index ca74203..1349063 100644 --- a/kernel/livepatch/core.c +++ b/kernel/livepatch/core.c @@ -438,6 +438,15 @@ int klp_try_disable_patch(void *data) return ret; }
+void __weak arch_klp_code_modify_prepare(void) +{ +} + +void __weak arch_klp_code_modify_post_process(void) +{ +} + + static int __klp_disable_patch(struct klp_patch *patch) { int ret; @@ -458,7 +467,9 @@ static int __klp_disable_patch(struct klp_patch *patch) } #endif
+ arch_klp_code_modify_prepare(); ret = stop_machine(klp_try_disable_patch, &patch_data, cpu_online_mask); + arch_klp_code_modify_post_process();
return ret; } @@ -662,7 +673,9 @@ static int __klp_enable_patch(struct klp_patch *patch) } #endif
+ arch_klp_code_modify_prepare(); ret = stop_machine(klp_try_enable_patch, &patch_data, cpu_online_mask); + arch_klp_code_modify_prepare(); if (ret) return ret;
From: Cheng Jian cj.chengjian@huawei.com
hulk inclusion category: bugfix bugzilla: 5507/31358 CVE: NA ---------------------------
When doing consistency stack checking, if we try to patch a function which has been patched already. We should check the new function(not the origin func) that is activeness currently, it's always the first entry in list func_node->func_stack.
Example : module : origin livepatch v1 livepatch v2 func : old func A -[enable]=> new func A' -[enable]=> new func A'' check : A A'
when we try to patch function A to new function A'' by livepatch v2, but the func A has already patched to function A' by livepatch v1, so function A' which provided in livepatch v1 is active in the stack instead of origin function A. Even if the long jump method is used, we jump to the new function A' using a call without LR, the origin function A will not appear in the stack. We must check the active function A' in consistency stack checking.
Signed-off-by: Cheng Jian cj.chengjian@huawei.com Reviewed-By: Xie XiuQi xiexiuqi@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- arch/x86/kernel/livepatch.c | 99 ++++++++++++++++++++++++++++----------------- 1 file changed, 63 insertions(+), 36 deletions(-)
diff --git a/arch/x86/kernel/livepatch.c b/arch/x86/kernel/livepatch.c index 1fbfa62..c853ac5 100644 --- a/arch/x86/kernel/livepatch.c +++ b/arch/x86/kernel/livepatch.c @@ -70,6 +70,40 @@ void arch_klp_init_object_loaded(struct klp_patch *patch,
#ifdef CONFIG_LIVEPATCH_WO_FTRACE +#include <linux/slab.h> +#include <asm/nops.h> +#include <asm/sections.h> + +#define JMP_E9_INSN_SIZE 5 +union klp_code_union { + char code[JMP_E9_INSN_SIZE]; + struct { + unsigned char e9; + int offset; + } __packed; +}; + +struct klp_func_node { + struct list_head node; + struct list_head func_stack; + unsigned long old_addr; + unsigned char old_code[JMP_E9_INSN_SIZE]; +}; + +static LIST_HEAD(klp_func_list); + +static struct klp_func_node *klp_find_func_node(unsigned long old_addr) +{ + struct klp_func_node *func_node; + + list_for_each_entry(func_node, &klp_func_list, node) { + if (func_node->old_addr == old_addr) + return func_node; + } + + return NULL; +} + static inline int klp_compare_address(unsigned long stack_addr, unsigned long func_addr, unsigned long func_size, const char *func_name) @@ -81,11 +115,14 @@ static inline int klp_compare_address(unsigned long stack_addr, return 0; }
+static struct klp_func_node *klp_find_func_node(unsigned long old_addr); + static int klp_check_stack_func(struct klp_func *func, struct stack_trace *trace, int enable) { unsigned long func_addr, func_size, address; const char *func_name; + struct klp_func_node *func_node; int i;
for (i = 0; i < trace->nr_entries; i++) { @@ -94,9 +131,33 @@ static int klp_check_stack_func(struct klp_func *func, if (enable) { if (func->force) continue; - func_addr = func->old_addr; - func_size = func->old_size; + /* + * When enable, checking the currently active + * functions. + */ + func_node = klp_find_func_node(func->old_addr); + if (!func_node || + list_empty(&func_node->func_stack)) { + func_addr = func->old_addr; + func_size = func->old_size; + } else { + /* + * Previously patched function + * [the active one] + */ + struct klp_func *prev; + + prev = list_first_or_null_rcu( + &func_node->func_stack, + struct klp_func, stack_node); + func_addr = (unsigned long)prev->new_func; + func_size = prev->new_size; + } } else { + /* + * When disable, check for the function itself + * which to be unpatched. + */ func_addr = (unsigned long)func->new_func; func_size = func->new_size; } @@ -188,40 +249,6 @@ int klp_check_calltrace(struct klp_patch *patch, int enable) return ret; }
-#include <linux/slab.h> -#include <asm/nops.h> -#include <asm/sections.h> - -#define JMP_E9_INSN_SIZE 5 -union klp_code_union { - char code[JMP_E9_INSN_SIZE]; - struct { - unsigned char e9; - int offset; - } __packed; -}; - -struct klp_func_node { - struct list_head node; - struct list_head func_stack; - unsigned long old_addr; - unsigned char old_code[JMP_E9_INSN_SIZE]; -}; - -static LIST_HEAD(klp_func_list); - -static struct klp_func_node *klp_find_func_node(unsigned long old_addr) -{ - struct klp_func_node *func_node; - - list_for_each_entry(func_node, &klp_func_list, node) { - if (func_node->old_addr == old_addr) - return func_node; - } - - return NULL; -} - int arch_klp_init_func(struct klp_object *obj, struct klp_func *func) { return 0;
From: Cheng Jian cj.chengjian@huawei.com
hulk inclusion category: bugfix bugzilla: 5507/31358 CVE: NA ---------------------------
When doing consistency stack checking, if we try to patch a function which has been patched already. We should check the new function(not the origin func) that is activeness currently, it's always the first entry in list func_node->func_stack.
Example : module : origin livepatch v1 livepatch v2 func : old func A -[enable]=> new func A' -[enable]=> new func A'' check : A A'
when we try to patch function A to new function A'' by livepatch v2, but the func A has already patched to function A' by livepatch v1, so function A' which provided in livepatch v1 is active in the stack instead of origin function A. Even if the long jump method is used, we jump to the new function A' using a call without LR, the origin function A will not appear in the stack. We must check the active function A' in consistency stack checking.
Signed-off-by: Cheng Jian cj.chengjian@huawei.com Reviewed-By: Xie XiuQi xiexiuqi@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- arch/arm64/kernel/livepatch.c | 84 ++++++++++++++++++++++++++++--------------- 1 file changed, 55 insertions(+), 29 deletions(-)
diff --git a/arch/arm64/kernel/livepatch.c b/arch/arm64/kernel/livepatch.c index 49f0a79..d966d476 100644 --- a/arch/arm64/kernel/livepatch.c +++ b/arch/arm64/kernel/livepatch.c @@ -47,6 +47,33 @@ static inline bool offset_in_range(unsigned long pc, unsigned long addr, } #endif
+#define LJMP_INSN_SIZE 4 + +struct klp_func_node { + struct list_head node; + struct list_head func_stack; + unsigned long old_addr; +#ifdef CONFIG_ARM64_MODULE_PLTS + u32 old_insns[LJMP_INSN_SIZE]; +#else + u32 old_insn; +#endif +}; + +static LIST_HEAD(klp_func_list); + +static struct klp_func_node *klp_find_func_node(unsigned long old_addr) +{ + struct klp_func_node *func_node; + + list_for_each_entry(func_node, &klp_func_list, node) { + if (func_node->old_addr == old_addr) + return func_node; + } + + return NULL; +} + struct walk_stackframe_args { struct klp_patch *patch; int enable; @@ -71,6 +98,7 @@ static int klp_check_activeness_func(struct stackframe *frame, void *data) struct klp_func *func; unsigned long func_addr, func_size; const char *func_name; + struct klp_func_node *func_node;
if (args->ret) return args->ret; @@ -80,9 +108,34 @@ static int klp_check_activeness_func(struct stackframe *frame, void *data) if (args->enable) { if (func->force) continue; - func_addr = func->old_addr; - func_size = func->old_size; + + /* + * When enable, checking the currently + * active functions. + */ + func_node = klp_find_func_node(func->old_addr); + if (!func_node || + list_empty(&func_node->func_stack)) { + func_addr = func->old_addr; + func_size = func->old_size; + } else { + /* + * Previously patched function + * [the active one] + */ + struct klp_func *prev; + + prev = list_first_or_null_rcu( + &func_node->func_stack, + struct klp_func, stack_node); + func_addr = (unsigned long)prev->new_func; + func_size = prev->new_size; + } } else { + /* + * When disable, check for the function + * itself which to be unpatched. + */ func_addr = (unsigned long)func->new_func; func_size = func->new_size; } @@ -153,33 +206,6 @@ int klp_check_calltrace(struct klp_patch *patch, int enable) }
#ifdef CONFIG_LIVEPATCH_WO_FTRACE -#define LJMP_INSN_SIZE 4 - -struct klp_func_node { - struct list_head node; - struct list_head func_stack; - unsigned long old_addr; -#ifdef CONFIG_ARM64_MODULE_PLTS - u32 old_insns[LJMP_INSN_SIZE]; -#else - u32 old_insn; -#endif -}; - -static LIST_HEAD(klp_func_list); - -static struct klp_func_node *klp_find_func_node(unsigned long old_addr) -{ - struct klp_func_node *func_node; - - list_for_each_entry(func_node, &klp_func_list, node) { - if (func_node->old_addr == old_addr) - return func_node; - } - - return NULL; -} - int arch_klp_patch_func(struct klp_func *func) { struct klp_func_node *func_node;
From: Cheng Jian cj.chengjian@huawei.com
hulk inclusion category: feature bugzilla: 5507 CVE: NA
---------------------------
We have completed the livepatch without ftrace for x86_64, we can now enable it.
Signed-off-by: Cheng Jian cj.chengjian@huawei.com Reviewed-By: Xie XiuQi xiexiuqi@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- arch/x86/configs/hulk_defconfig | 54 +++++++++++++++++++++++------------- arch/x86/configs/syzkaller_defconfig | 53 ++++++++++++++++++++++------------- 2 files changed, 68 insertions(+), 39 deletions(-)
diff --git a/arch/x86/configs/hulk_defconfig b/arch/x86/configs/hulk_defconfig index ec8dcd7..26a21dd 100644 --- a/arch/x86/configs/hulk_defconfig +++ b/arch/x86/configs/hulk_defconfig @@ -1,14 +1,15 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.19.21 Kernel Configuration +# Linux/x86_64 4.19.106 Kernel Configuration #
# -# Compiler: gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-28) +# Compiler: gcc (Ubuntu 5.5.0-12ubuntu5~16.04) 5.5.0 20171010 # CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=40805 +CONFIG_GCC_VERSION=50500 CONFIG_CLANG_VERSION=0 +CONFIG_CC_HAS_ASM_GOTO=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_EXTABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y @@ -46,6 +47,7 @@ CONFIG_HAVE_ARCH_AUDITSYSCALL=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y +# CONFIG_KTASK is not set
# # IRQ subsystem @@ -150,6 +152,7 @@ CONFIG_CGROUP_PERF=y CONFIG_CGROUP_BPF=y # CONFIG_CGROUP_DEBUG is not set CONFIG_SOCK_CGROUP_DATA=y +# CONFIG_CGROUP_FILES is not set CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y @@ -372,8 +375,8 @@ CONFIG_X86_DIRECT_GBPAGES=y CONFIG_ARCH_HAS_MEM_ENCRYPT=y CONFIG_AMD_MEM_ENCRYPT=y # CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT is not set -CONFIG_ARCH_USE_MEMREMAP_PROT=y CONFIG_NUMA=y +# CONFIG_NUMA_AWARE_SPINLOCKS is not set CONFIG_AMD_NUMA=y CONFIG_X86_64_ACPI_NUMA=y CONFIG_NODES_SPAN_OTHER_NODES=y @@ -401,6 +404,9 @@ CONFIG_X86_SMAP=y CONFIG_X86_INTEL_UMIP=y # CONFIG_X86_INTEL_MPX is not set CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_EFI_MIXED=y @@ -435,14 +441,17 @@ CONFIG_LEGACY_VSYSCALL_EMULATE=y # CONFIG_CMDLINE_BOOL is not set CONFIG_MODIFY_LDT_SYSCALL=y CONFIG_HAVE_LIVEPATCH_FTRACE=y +CONFIG_HAVE_LIVEPATCH_WO_FTRACE=y
# # Enable Livepatch # CONFIG_LIVEPATCH=y -CONFIG_LIVEPATCH_FTRACE=y -CONFIG_LIVEPATCH_PER_TASK_CONSISTENCY=y -CONFIG_LIVEPATCH_STACK=y +# CONFIG_LIVEPATCH_FTRACE is not set +CONFIG_LIVEPATCH_WO_FTRACE=y +CONFIG_LIVEPATCH_STOP_MACHINE_CONSISTENCY=y +# CONFIG_LIVEPATCH_STACK is not set +CONFIG_LIVEPATCH_RESTRICT_KPROBE=y CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y @@ -633,6 +642,7 @@ CONFIG_VMD=y # DesignWare PCI Core Support # # CONFIG_PCIE_DW_PLAT_HOST is not set +CONFIG_HISILICON_PCIE_CAE=m
# # PCI Endpoint @@ -665,7 +675,6 @@ CONFIG_YENTA_TOSHIBA=y # Binary Emulations # CONFIG_IA32_EMULATION=y -# CONFIG_IA32_AOUT is not set # CONFIG_X86_X32 is not set CONFIG_COMPAT_32=y CONFIG_COMPAT=y @@ -830,6 +839,7 @@ CONFIG_STRICT_MODULE_RWX=y CONFIG_ARCH_HAS_REFCOUNT=y # CONFIG_REFCOUNT_FULL is not set CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_USE_MEMREMAP_PROT=y
# # GCOV-based kernel profiling @@ -991,6 +1001,7 @@ CONFIG_THP_SWAP=y CONFIG_TRANSPARENT_HUGE_PAGECACHE=y CONFIG_CLEANCACHE=y CONFIG_FRONTSWAP=y +# CONFIG_SHRINK_PAGECACHE is not set # CONFIG_CMA is not set CONFIG_MEM_SOFT_DIRTY=y CONFIG_ZSWAP=y @@ -1934,6 +1945,7 @@ CONFIG_MTD_UBI_BEB_LIMIT=20 # CONFIG_MTD_UBI_FASTMAP is not set # CONFIG_MTD_UBI_GLUEBI is not set # CONFIG_MTD_UBI_BLOCK is not set +CONFIG_MTD_HISILICON_SFC=m # CONFIG_OF is not set CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y CONFIG_PARPORT=m @@ -2641,7 +2653,7 @@ CONFIG_LED_TRIGGER_PHY=y # CONFIG_AMD_PHY=m CONFIG_AQUANTIA_PHY=m -CONFIG_ASIX_PHY=m +# CONFIG_AX88796B_PHY is not set CONFIG_AT803X_PHY=m CONFIG_BCM7XXX_PHY=m CONFIG_BCM87XX_PHY=m @@ -3280,6 +3292,7 @@ CONFIG_NOZOMI=m CONFIG_N_HDLC=m CONFIG_N_GSM=m # CONFIG_TRACE_SINK is not set +CONFIG_LDISC_AUTOLOAD=y CONFIG_DEVMEM=y # CONFIG_DEVKMEM is not set
@@ -3352,7 +3365,6 @@ CONFIG_HW_RANDOM_AMD=m CONFIG_HW_RANDOM_VIA=m CONFIG_HW_RANDOM_VIRTIO=y CONFIG_NVRAM=y -# CONFIG_R3964 is not set # CONFIG_APPLICOM is not set # CONFIG_MWAVE is not set CONFIG_RAW_DRIVER=y @@ -3958,8 +3970,6 @@ CONFIG_MFD_CORE=y # CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set CONFIG_LPC_ICH=m CONFIG_LPC_SCH=m -# CONFIG_INTEL_SOC_PMIC is not set -# CONFIG_INTEL_SOC_PMIC_CHTWC is not set # CONFIG_INTEL_SOC_PMIC_CHTDC_TI is not set CONFIG_MFD_INTEL_LPSS=y CONFIG_MFD_INTEL_LPSS_ACPI=y @@ -4004,7 +4014,6 @@ CONFIG_MFD_SM501_GPIO=y # CONFIG_TPS6507X is not set # CONFIG_MFD_TPS65086 is not set # CONFIG_MFD_TPS65090 is not set -# CONFIG_MFD_TPS68470 is not set # CONFIG_MFD_TI_LP873X is not set # CONFIG_MFD_TPS6586X is not set # CONFIG_MFD_TPS65910 is not set @@ -4701,6 +4710,7 @@ CONFIG_CHASH=m # CONFIG_CHASH_STATS is not set # CONFIG_CHASH_SELFTEST is not set CONFIG_DRM_NOUVEAU=m +CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y CONFIG_NOUVEAU_DEBUG=5 CONFIG_NOUVEAU_DEBUG_DEFAULT=3 # CONFIG_NOUVEAU_DEBUG_MMU is not set @@ -4749,10 +4759,10 @@ CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y # # Frame buffer Devices # -CONFIG_FB=y -# CONFIG_FIRMWARE_EDID is not set CONFIG_FB_CMDLINE=y CONFIG_FB_NOTIFY=y +CONFIG_FB=y +# CONFIG_FIRMWARE_EDID is not set CONFIG_FB_BOOT_VESA_SUPPORT=y CONFIG_FB_CFB_FILLRECT=y CONFIG_FB_CFB_COPYAREA=y @@ -5553,7 +5563,6 @@ CONFIG_USB_EMI62=m CONFIG_USB_EMI26=m CONFIG_USB_ADUTUX=m CONFIG_USB_SEVSEG=m -# CONFIG_USB_RIO500 is not set CONFIG_USB_LEGOTOWER=m CONFIG_USB_LCD=m # CONFIG_USB_CYPRESS_CY7C63 is not set @@ -5942,7 +5951,6 @@ CONFIG_VFIO_PCI_INTX=y # CONFIG_VFIO_PCI_IGD is not set CONFIG_VFIO_MDEV=m CONFIG_VFIO_MDEV_DEVICE=m -# CONFIG_VFIO_SPIMDEV is not set CONFIG_IRQ_BYPASS_MANAGER=m # CONFIG_VIRT_DRIVERS is not set CONFIG_VIRTIO=y @@ -6059,6 +6067,7 @@ CONFIG_PVPANIC=y CONFIG_MLX_PLATFORM=m CONFIG_INTEL_TURBO_MAX_3=y # CONFIG_I2C_MULTI_INSTANTIATE is not set +# CONFIG_INTEL_ATOMISP2_PM is not set CONFIG_PMC_ATOM=y # CONFIG_CHROME_PLATFORMS is not set CONFIG_MELLANOX_PLATFORM=y @@ -6094,6 +6103,10 @@ CONFIG_IOMMU_SUPPORT=y # # Generic IOMMU Pagetable Support # + +# +# Generic PASID table support +# # CONFIG_IOMMU_DEBUGFS is not set CONFIG_IOMMU_DEFAULT_PASSTHROUGH=y CONFIG_IOMMU_IOVA=y @@ -6105,6 +6118,7 @@ CONFIG_INTEL_IOMMU=y # CONFIG_INTEL_IOMMU_DEFAULT_ON is not set CONFIG_INTEL_IOMMU_FLOPPY_WA=y CONFIG_IRQ_REMAP=y +# CONFIG_SMMU_BYPASS_DEV is not set
# # Remoteproc drivers @@ -6147,6 +6161,8 @@ CONFIG_IRQ_REMAP=y # Xilinx SoC drivers # # CONFIG_XILINX_VCU is not set +CONFIG_SOC_HISILICON_LBC=m +CONFIG_SOC_HISILICON_SYSCTL=m # CONFIG_PM_DEVFREQ is not set # CONFIG_EXTCON is not set # CONFIG_MEMORY is not set @@ -6575,6 +6591,7 @@ CONFIG_NVMEM=y # CONFIG_FPGA is not set # CONFIG_UNISYS_VISORBUS is not set # CONFIG_SIOX is not set +# CONFIG_UACCE is not set # CONFIG_SLIMBUS is not set
# @@ -6670,7 +6687,6 @@ CONFIG_VFAT_FS=m CONFIG_FAT_DEFAULT_CODEPAGE=437 CONFIG_FAT_DEFAULT_IOCHARSET="ascii" # CONFIG_FAT_DEFAULT_UTF8 is not set -# CONFIG_NTFS_FS is not set
# # Pseudo filesystems @@ -7140,7 +7156,6 @@ CONFIG_CRYPTO_DEV_CHELSIO=m CONFIG_CHELSIO_IPSEC_INLINE=y # CONFIG_CRYPTO_DEV_CHELSIO_TLS is not set CONFIG_CRYPTO_DEV_VIRTIO=m -# CONFIG_CRYPTO_DEV_HISILICON is not set CONFIG_ASYMMETRIC_KEY_TYPE=y CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y CONFIG_X509_CERTIFICATE_PARSER=y @@ -7189,6 +7204,7 @@ CONFIG_CRC32_SLICEBY8=y CONFIG_CRC7=m CONFIG_LIBCRC32C=m CONFIG_CRC8=m +CONFIG_XXHASH=y # CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y diff --git a/arch/x86/configs/syzkaller_defconfig b/arch/x86/configs/syzkaller_defconfig index d7444f8..d1bb31c 100644 --- a/arch/x86/configs/syzkaller_defconfig +++ b/arch/x86/configs/syzkaller_defconfig @@ -1,14 +1,15 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.19.32 Kernel Configuration +# Linux/x86_64 4.19.106 Kernel Configuration #
# -# Compiler: gcc (Ubuntu 7.3.0-27ubuntu1~18.04) 7.3.0 +# Compiler: gcc (Ubuntu 5.5.0-12ubuntu5~16.04) 5.5.0 20171010 # CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=70300 +CONFIG_GCC_VERSION=50500 CONFIG_CLANG_VERSION=0 +CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CONSTRUCTORS=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_EXTABLE_SORT=y @@ -47,6 +48,7 @@ CONFIG_HAVE_ARCH_AUDITSYSCALL=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y +# CONFIG_KTASK is not set
# # IRQ subsystem @@ -377,6 +379,7 @@ CONFIG_X86_DIRECT_GBPAGES=y CONFIG_ARCH_HAS_MEM_ENCRYPT=y # CONFIG_AMD_MEM_ENCRYPT is not set CONFIG_NUMA=y +# CONFIG_NUMA_AWARE_SPINLOCKS is not set CONFIG_AMD_NUMA=y CONFIG_X86_64_ACPI_NUMA=y CONFIG_NODES_SPAN_OTHER_NODES=y @@ -403,6 +406,9 @@ CONFIG_X86_SMAP=y CONFIG_X86_INTEL_UMIP=y CONFIG_X86_INTEL_MPX=y CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_EFI_MIXED=y @@ -433,14 +439,17 @@ CONFIG_LEGACY_VSYSCALL_EMULATE=y # CONFIG_CMDLINE_BOOL is not set CONFIG_MODIFY_LDT_SYSCALL=y CONFIG_HAVE_LIVEPATCH_FTRACE=y +CONFIG_HAVE_LIVEPATCH_WO_FTRACE=y
# # Enable Livepatch # CONFIG_LIVEPATCH=y -CONFIG_LIVEPATCH_FTRACE=y -CONFIG_LIVEPATCH_PER_TASK_CONSISTENCY=y -CONFIG_LIVEPATCH_STACK=y +# CONFIG_LIVEPATCH_FTRACE is not set +CONFIG_LIVEPATCH_WO_FTRACE=y +CONFIG_LIVEPATCH_STOP_MACHINE_CONSISTENCY=y +# CONFIG_LIVEPATCH_STACK is not set +CONFIG_LIVEPATCH_RESTRICT_KPROBE=y CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y @@ -618,6 +627,7 @@ CONFIG_HOTPLUG_PCI_ACPI=y # DesignWare PCI Core Support # # CONFIG_PCIE_DW_PLAT_HOST is not set +CONFIG_HISILICON_PCIE_CAE=m
# # PCI Endpoint @@ -645,7 +655,6 @@ CONFIG_CARDBUS=y # Binary Emulations # CONFIG_IA32_EMULATION=y -# CONFIG_IA32_AOUT is not set # CONFIG_X86_X32 is not set CONFIG_COMPAT_32=y CONFIG_COMPAT=y @@ -664,7 +673,6 @@ CONFIG_FIRMWARE_MEMMAP=y CONFIG_DMIID=y CONFIG_DMI_SYSFS=y CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y -CONFIG_ISCSI_IBFT_FIND=y # CONFIG_ISCSI_IBFT is not set # CONFIG_FW_CFG_SYSFS is not set # CONFIG_GOOGLE_FIRMWARE is not set @@ -789,8 +797,9 @@ CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y # # CONFIG_GCOV_KERNEL is not set CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y -CONFIG_PLUGIN_HOSTCC="" +CONFIG_PLUGIN_HOSTCC="g++" CONFIG_HAVE_GCC_PLUGINS=y +# CONFIG_GCC_PLUGINS is not set CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 CONFIG_MODULES=y @@ -1608,6 +1617,7 @@ CONFIG_IPVLAN=y # CONFIG_IPVTAP is not set # CONFIG_VXLAN is not set # CONFIG_GENEVE is not set +# CONFIG_GTP is not set # CONFIG_MACSEC is not set # CONFIG_NETCONSOLE is not set CONFIG_TUN=y @@ -1793,7 +1803,7 @@ CONFIG_SWPHY=y # # CONFIG_AMD_PHY is not set # CONFIG_AQUANTIA_PHY is not set -# CONFIG_ASIX_PHY is not set +# CONFIG_AX88796B_PHY is not set # CONFIG_AT803X_PHY is not set # CONFIG_BCM7XXX_PHY is not set # CONFIG_BCM87XX_PHY is not set @@ -2037,6 +2047,7 @@ CONFIG_SERIAL_NONSTANDARD=y # CONFIG_N_HDLC is not set # CONFIG_N_GSM is not set # CONFIG_TRACE_SINK is not set +CONFIG_LDISC_AUTOLOAD=y CONFIG_DEVMEM=y # CONFIG_DEVKMEM is not set
@@ -2096,7 +2107,6 @@ CONFIG_HW_RANDOM_INTEL=y CONFIG_HW_RANDOM_AMD=y CONFIG_HW_RANDOM_VIA=y CONFIG_NVRAM=y -# CONFIG_R3964 is not set # CONFIG_APPLICOM is not set # CONFIG_MWAVE is not set CONFIG_RAW_DRIVER=y @@ -2473,10 +2483,10 @@ CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y # # Frame buffer Devices # -CONFIG_FB=y -# CONFIG_FIRMWARE_EDID is not set CONFIG_FB_CMDLINE=y CONFIG_FB_NOTIFY=y +CONFIG_FB=y +# CONFIG_FIRMWARE_EDID is not set CONFIG_FB_BOOT_VESA_SUPPORT=y CONFIG_FB_CFB_FILLRECT=y CONFIG_FB_CFB_COPYAREA=y @@ -2823,7 +2833,6 @@ CONFIG_USB_SERIAL_GENERIC=y # CONFIG_USB_EMI26 is not set # CONFIG_USB_ADUTUX is not set # CONFIG_USB_SEVSEG is not set -# CONFIG_USB_RIO500 is not set # CONFIG_USB_LEGOTOWER is not set # CONFIG_USB_LCD is not set # CONFIG_USB_CYPRESS_CY7C63 is not set @@ -3106,7 +3115,6 @@ CONFIG_STAGING=y # Gasket devices # # CONFIG_STAGING_GASKET_FRAMEWORK is not set -# CONFIG_XIL_AXIS_FIFO is not set # CONFIG_EROFS_FS is not set CONFIG_X86_PLATFORM_DEVICES=y # CONFIG_ACER_WIRELESS is not set @@ -3146,6 +3154,7 @@ CONFIG_PVPANIC=y # CONFIG_SURFACE_PRO3_BUTTON is not set # CONFIG_INTEL_PUNIT_IPC is not set # CONFIG_INTEL_TURBO_MAX_3 is not set +# CONFIG_INTEL_ATOMISP2_PM is not set CONFIG_PMC_ATOM=y # CONFIG_CHROME_PLATFORMS is not set # CONFIG_MELLANOX_PLATFORM is not set @@ -3174,6 +3183,10 @@ CONFIG_IOMMU_SUPPORT=y # # Generic IOMMU Pagetable Support # + +# +# Generic PASID table support +# # CONFIG_IOMMU_DEBUGFS is not set # CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set CONFIG_IOMMU_IOVA=y @@ -3185,6 +3198,7 @@ CONFIG_INTEL_IOMMU=y # CONFIG_INTEL_IOMMU_DEFAULT_ON is not set CONFIG_INTEL_IOMMU_FLOPPY_WA=y CONFIG_IRQ_REMAP=y +# CONFIG_SMMU_BYPASS_DEV is not set
# # Remoteproc drivers @@ -3227,6 +3241,8 @@ CONFIG_IRQ_REMAP=y # Xilinx SoC drivers # # CONFIG_XILINX_VCU is not set +CONFIG_SOC_HISILICON_LBC=m +CONFIG_SOC_HISILICON_SYSCTL=m CONFIG_PM_DEVFREQ=y
# @@ -3297,6 +3313,7 @@ CONFIG_NVMEM=y CONFIG_PM_OPP=y # CONFIG_UNISYS_VISORBUS is not set # CONFIG_SIOX is not set +# CONFIG_UACCE is not set # CONFIG_SLIMBUS is not set
# @@ -3357,7 +3374,6 @@ CONFIG_AUTOFS_FS=y # # CONFIG_MSDOS_FS is not set # CONFIG_VFAT_FS is not set -# CONFIG_NTFS_FS is not set
# # Pseudo filesystems @@ -3728,7 +3744,6 @@ CONFIG_CRYPTO_HW=y # CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set # CONFIG_CRYPTO_DEV_QAT_C62XVF is not set # CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set -# CONFIG_CRYPTO_DEV_HISILICON is not set CONFIG_ASYMMETRIC_KEY_TYPE=y CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y CONFIG_X509_CERTIFICATE_PARSER=y @@ -3775,6 +3790,7 @@ CONFIG_CRC32_SLICEBY8=y # CONFIG_CRC7 is not set # CONFIG_LIBCRC32C is not set # CONFIG_CRC8 is not set +CONFIG_XXHASH=y # CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y @@ -3905,9 +3921,6 @@ CONFIG_KASAN=y CONFIG_KASAN_INLINE=y # CONFIG_TEST_KASAN is not set CONFIG_ARCH_HAS_KCOV=y -CONFIG_CC_HAS_SANCOV_TRACE_PC=y -CONFIG_KCOV=y -CONFIG_KCOV_INSTRUMENT_ALL=y CONFIG_DEBUG_SHIRQ=y
#
From: Cheng Jian cj.chengjian@huawei.com
hulk inclusion category: feature bugzilla: 5507 CVE: NA
---------------------------
We have completed the livepatch without ftrace for x86_64, we can now enable it.
Signed-off-by: Cheng Jian cj.chengjian@huawei.com Reviewed-By: Xie XiuQi xiexiuqi@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- arch/x86/configs/openeuler_defconfig | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/arch/x86/configs/openeuler_defconfig b/arch/x86/configs/openeuler_defconfig index 1cf7b97..f76c144 100644 --- a/arch/x86/configs/openeuler_defconfig +++ b/arch/x86/configs/openeuler_defconfig @@ -1,5 +1,13 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86_64 4.19.106 Kernel Configuration +# + +# +# Compiler: gcc (Ubuntu 5.5.0-12ubuntu5~16.04) 5.5.0 20171010 +# CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=50400 +CONFIG_GCC_VERSION=50500 CONFIG_CLANG_VERSION=0 CONFIG_CC_HAS_ASM_GOTO=y CONFIG_IRQ_WORK=y @@ -433,11 +441,17 @@ CONFIG_LEGACY_VSYSCALL_EMULATE=y # CONFIG_CMDLINE_BOOL is not set CONFIG_MODIFY_LDT_SYSCALL=y CONFIG_HAVE_LIVEPATCH_FTRACE=y +CONFIG_HAVE_LIVEPATCH_WO_FTRACE=y
# # Enable Livepatch # -# CONFIG_LIVEPATCH is not set +CONFIG_LIVEPATCH=y +# CONFIG_LIVEPATCH_FTRACE is not set +CONFIG_LIVEPATCH_WO_FTRACE=y +CONFIG_LIVEPATCH_STOP_MACHINE_CONSISTENCY=y +# CONFIG_LIVEPATCH_STACK is not set +CONFIG_LIVEPATCH_RESTRICT_KPROBE=y CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
-
Yang Yingliang