Commit e4f74400308c ("s390/archrandom: simplify back to earlier design and initialize earlier") has been backported to stable releases including 4.14 and 4.19. Backport for 4.19 Link: https://lore.kernel.org/all/20220704102416.326257-1-Jason@zx2c4.com/ Backport for 4.14 Link: https://lore.kernel.org/all/20220704102819.337213-1-Jason@zx2c4.com/
Unfortunately on stable 4.14 and stable 4.19 it missed dependencies which results in kernel warning and panic: [ 0.202386] static_key_enable_cpuslocked(): static key 's390_arch_random_available+0x0/0x10' used before call to jump_label_init() [ 0.202400] WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:131 static_key_enable_cpuslocked+0x56/0xc8 [ 0.202432] Modules linked in: [ 0.202451] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.275-25331-g5504146b2053 #2 [ 0.202467] Hardware name: IBM 3931 A01 701 (KVM/Linux) [ 0.202485] Krnl PSW : (____ptrval____) (____ptrval____) (static_key_enable_cpuslocked+0x56/0xc8) [ 0.202504] R:0 T:1 IO:0 EX:0 Key:0 M:0 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 [ 0.202526] Krnl GPRS: 00000000fffd3474 000000000133074c 0000000000000076 0000000000eaaab2 [ 0.202544] 0000000000000000 000000008e64b4cd ffffffffffffffff 0000000000000000 [ 0.202561] 0000003d13b13b13 0000000000f2eb88 0000000001113018 0000000002008488 [ 0.202579] 0000000001372380 0000000000bea608 00000000002e36ea 0000000000f0fe20 [ 0.202600] Krnl Code: 00000000002e36de: c0200059cf3b larl %r2,0000000000e1d554 [ 0.202600] 00000000002e36e4: c0e50045cf06 brasl %r14,0000000000b9d4f0 [ 0.202600] #00000000002e36ea: a7f40001 brc 15,00000000002e36ec [ 0.202600] >00000000002e36ee: c0e5fff33089 brasl %r14,0000000000149800 [ 0.202600] 00000000002e36f4: 5810c000 l %r1,0(%r12) [ 0.202600] 00000000002e36f8: ec1c000c007e cij %r1,0,12,00000000002e3710 [ 0.202600] 00000000002e36fe: 5810c000 l %r1,0(%r12) [ 0.202600] 00000000002e3702: ec180029017e cij %r1,1,8,00000000002e3754 [ 0.202636] Call Trace: [ 0.202654] ([<00000000002e36ea>] static_key_enable_cpuslocked+0x52/0xc8) [ 0.202672] [<00000000002e3858>] static_key_enable+0x38/0x48 [ 0.202691] [<00000000010b0a52>] setup_arch+0xb72/0xb80 [ 0.202709] [<00000000010aa966>] start_kernel+0x7e/0x540 [ 0.202728] [<000000000010008a>] startup_continue+0x8a/0x300
[ 0.207861] Jump label code mismatch at random_init+0x60/0x1a8 [00000000010f72f8] [ 0.207882] Found: c0 f4 00 00 00 21 [ 0.207899] Expected: c0 04 00 00 00 01 [ 0.207916] New: c0 04 00 00 00 00 [ 0.207935] Kernel panic - not syncing: Corrupted kernel text [ 0.207950] CPU: 0 PID: 0 Comm: swapper Tainted: G W 4.19.275-25331-g5504146b2053 #2 [ 0.207967] Hardware name: IBM 3931 A01 701 (KVM/Linux) [ 0.207984] Call Trace: [ 0.208002] ([<0000000000113f6a>] show_stack+0x8a/0xd8) [ 0.208021] [<0000000000badcba>] dump_stack+0xaa/0xe8 [ 0.208038] [<0000000000b9d68c>] panic+0x12c/0x270 [ 0.208055] [<0000000000b9d1c0>] dump_fault_info.isra.0+0x0/0x330 [ 0.208073] [<000000000011ec10>] __jump_label_transform+0x98/0xc8 [ 0.208090] [<00000000010c5810>] jump_label_init+0xd8/0x138 [ 0.208112] [<00000000010aaace>] start_kernel+0x1e6/0x540 [ 0.208130] [<000000000010008a>] startup_continue+0x8a/0x300
The following 2 patches are needed to solve the issue.
Vasily Gorbik (2): s390/maccess: add no DAT mode to kernel_write s390/setup: init jump labels before command line parsing
arch/s390/kernel/setup.c | 1 + arch/s390/mm/maccess.c | 16 +++++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-)
commit d6df52e9996dcc2062c3d9c9123288468bb95b52 upstream.
The backport has been slightly adjusted to avoid a dependency on the s390/jump_label rework. Specifically, commit a646ef398e72 ("s390/jump_label: replace stop_machine with smp_call_function") depends on HAVE_ARCH_JUMP_LABEL_RELATIVE, which has not been backported to versions 4.19 and earlier.
To be able to patch kernel code before paging is initialized do plain memcpy if DAT is off. This is required to enable early jump label initialization.
Reviewed-by: Heiko Carstens heiko.carstens@de.ibm.com Signed-off-by: Vasily Gorbik gor@linux.ibm.com Signed-off-by: Heiko Carstens heiko.carstens@de.ibm.com --- arch/s390/mm/maccess.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/arch/s390/mm/maccess.c b/arch/s390/mm/maccess.c index 7be06475809b..a40739ea3805 100644 --- a/arch/s390/mm/maccess.c +++ b/arch/s390/mm/maccess.c @@ -58,13 +58,19 @@ static notrace long s390_kernel_write_odd(void *dst, const void *src, size_t siz */ void notrace s390_kernel_write(void *dst, const void *src, size_t size) { + unsigned long flags; long copied;
- while (size) { - copied = s390_kernel_write_odd(dst, src, size); - dst += copied; - src += copied; - size -= copied; + flags = arch_local_save_flags(); + if (!(flags & PSW_MASK_DAT)) { + memcpy(dst, src, size); + } else { + while (size) { + copied = s390_kernel_write_odd(dst, src, size); + dst += copied; + src += copied; + size -= copied; + } } }
commit 95e61b1b5d6394b53d147c0fcbe2ae70fbe09446 upstream.
Command line parameters might set static keys. This is true for s390 at least since commit 6471384af2a6 ("mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options"). To avoid the following WARN:
static_key_enable_cpuslocked(): static key 'init_on_alloc+0x0/0x40' used before call to jump_label_init()
call jump_label_init() just before parse_early_param(). jump_label_init() is safe to call multiple times (x86 does that), doesn't do any memory allocations and hence should be safe to call that early.
Fixes: 6471384af2a6 ("mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options") Cc: stable@vger.kernel.org # 5.3: d6df52e9996d: s390/maccess: add no DAT mode to kernel_write Cc: stable@vger.kernel.org # 5.3 Reviewed-by: Heiko Carstens heiko.carstens@de.ibm.com Signed-off-by: Vasily Gorbik gor@linux.ibm.com Signed-off-by: Heiko Carstens heiko.carstens@de.ibm.com --- arch/s390/kernel/setup.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c index bfd6c01a68f0..f54f5bfd83ad 100644 --- a/arch/s390/kernel/setup.c +++ b/arch/s390/kernel/setup.c @@ -909,6 +909,7 @@ void __init setup_arch(char **cmdline_p) if (IS_ENABLED(CONFIG_EXPOLINE_AUTO)) nospec_auto_detect();
+ jump_label_init(); parse_early_param(); #ifdef CONFIG_CRASH_DUMP /* Deactivate elfcorehdr= kernel parameter */
On Wed, Mar 08, 2023 at 07:12:24PM +0100, Vasily Gorbik wrote:
Commit e4f74400308c ("s390/archrandom: simplify back to earlier design and initialize earlier") has been backported to stable releases including 4.14 and 4.19. Backport for 4.19 Link: https://lore.kernel.org/all/20220704102416.326257-1-Jason@zx2c4.com/ Backport for 4.14 Link: https://lore.kernel.org/all/20220704102819.337213-1-Jason@zx2c4.com/
Unfortunately on stable 4.14 and stable 4.19 it missed dependencies which results in kernel warning and panic: [ 0.202386] static_key_enable_cpuslocked(): static key 's390_arch_random_available+0x0/0x10' used before call to jump_label_init() [ 0.202400] WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:131 static_key_enable_cpuslocked+0x56/0xc8 [ 0.202432] Modules linked in: [ 0.202451] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.275-25331-g5504146b2053 #2 [ 0.202467] Hardware name: IBM 3931 A01 701 (KVM/Linux) [ 0.202485] Krnl PSW : (____ptrval____) (____ptrval____) (static_key_enable_cpuslocked+0x56/0xc8) [ 0.202504] R:0 T:1 IO:0 EX:0 Key:0 M:0 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 [ 0.202526] Krnl GPRS: 00000000fffd3474 000000000133074c 0000000000000076 0000000000eaaab2 [ 0.202544] 0000000000000000 000000008e64b4cd ffffffffffffffff 0000000000000000 [ 0.202561] 0000003d13b13b13 0000000000f2eb88 0000000001113018 0000000002008488 [ 0.202579] 0000000001372380 0000000000bea608 00000000002e36ea 0000000000f0fe20 [ 0.202600] Krnl Code: 00000000002e36de: c0200059cf3b larl %r2,0000000000e1d554 [ 0.202600] 00000000002e36e4: c0e50045cf06 brasl %r14,0000000000b9d4f0 [ 0.202600] #00000000002e36ea: a7f40001 brc 15,00000000002e36ec [ 0.202600] >00000000002e36ee: c0e5fff33089 brasl %r14,0000000000149800 [ 0.202600] 00000000002e36f4: 5810c000 l %r1,0(%r12) [ 0.202600] 00000000002e36f8: ec1c000c007e cij %r1,0,12,00000000002e3710 [ 0.202600] 00000000002e36fe: 5810c000 l %r1,0(%r12) [ 0.202600] 00000000002e3702: ec180029017e cij %r1,1,8,00000000002e3754 [ 0.202636] Call Trace: [ 0.202654] ([<00000000002e36ea>] static_key_enable_cpuslocked+0x52/0xc8) [ 0.202672] [<00000000002e3858>] static_key_enable+0x38/0x48 [ 0.202691] [<00000000010b0a52>] setup_arch+0xb72/0xb80 [ 0.202709] [<00000000010aa966>] start_kernel+0x7e/0x540 [ 0.202728] [<000000000010008a>] startup_continue+0x8a/0x300
[ 0.207861] Jump label code mismatch at random_init+0x60/0x1a8 [00000000010f72f8] [ 0.207882] Found: c0 f4 00 00 00 21 [ 0.207899] Expected: c0 04 00 00 00 01 [ 0.207916] New: c0 04 00 00 00 00 [ 0.207935] Kernel panic - not syncing: Corrupted kernel text [ 0.207950] CPU: 0 PID: 0 Comm: swapper Tainted: G W 4.19.275-25331-g5504146b2053 #2 [ 0.207967] Hardware name: IBM 3931 A01 701 (KVM/Linux) [ 0.207984] Call Trace: [ 0.208002] ([<0000000000113f6a>] show_stack+0x8a/0xd8) [ 0.208021] [<0000000000badcba>] dump_stack+0xaa/0xe8 [ 0.208038] [<0000000000b9d68c>] panic+0x12c/0x270 [ 0.208055] [<0000000000b9d1c0>] dump_fault_info.isra.0+0x0/0x330 [ 0.208073] [<000000000011ec10>] __jump_label_transform+0x98/0xc8 [ 0.208090] [<00000000010c5810>] jump_label_init+0xd8/0x138 [ 0.208112] [<00000000010aaace>] start_kernel+0x1e6/0x540 [ 0.208130] [<000000000010008a>] startup_continue+0x8a/0x300
The following 2 patches are needed to solve the issue.
Vasily Gorbik (2): s390/maccess: add no DAT mode to kernel_write s390/setup: init jump labels before command line parsing
arch/s390/kernel/setup.c | 1 + arch/s390/mm/maccess.c | 16 +++++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-)
Both now queued up, thanks.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Vasily Gorbik