From nobody Fri Dec 19 20:59:43 2025 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 628B4189F3F for ; Wed, 8 Jan 2025 03:17:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.188.122 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736306273; cv=none; b=jaoyqG9ynJu36/f7lN4BA0/zAWC535mH0K8Cd5G/HPbcikQoCvisMHzp2H8qyiu6NOsh3Im8zLIGer34M6ZzOakB4nx64wwveEPOXiTbJmOzR0nCxgB2KmiqAINPb4/q9uA2IyMDxXk0oHz0rjbrJ+H1o/V8EKXGicyRycD13qQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736306273; c=relaxed/simple; bh=/WbFgZXKGcjYXzcBET0f893gCnIQz5OzZWKXFdZzAuc=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=YgiMRVO2gsGPR705SFVpXSpQTdq3nClf7+knRpW79uMYGr6ryPVrlJ57YIyCtuS1NxvWdulQmCStPD4SojZDZ9jDowgxMXgPB0pEreVC0W8spgseSDvpB3Jp7S1PHl5JzxBqMMQ+9t8OCx0dkosdJh+geqUTKXjcq8Cg4rbqUjg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com; spf=pass smtp.mailfrom=canonical.com; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b=ha8vIyYU; arc=none smtp.client-ip=185.125.188.122 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=canonical.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=canonical.com header.i=@canonical.com header.b="ha8vIyYU" Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 6D7083F688 for ; Wed, 8 Jan 2025 03:17:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1736306267; bh=4t/uOfc9VUNs921NK6Lx5J/n9gMhAHcagYHGPMIUcGA=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=ha8vIyYUZ6EAAyUq6gwH2vC6YerqHi0VQKZ6Qai+b8/MHSF1PLDAECJi+VWdnVdyt RtyBDQ5q47nD4b8D9DQza6YC+zrLw/pUs/Y3nUsF7hLcVzENwawqHsjmupMO/TDoan EGIIcSw5H0aChxS21WZI56J+CIs94vbWi8smuEsrB38JM+Nv4JhiC7EZtsdMiwi/ax QMMmJzsUTvfB+8T4KItVYVGPwPzD7vUUP4LkpahG7q8QQOi6hNnaCMIyEIbwr/h3OF SgH/zsnCVsxH+fE66n+91w1r0fWLNRi0D49JPd7Kh6u62gQJ77/qeRAQ1nf41vcdtL k6E14tMg3y/pg== Received: by mail-pl1-f200.google.com with SMTP id d9443c01a7336-2165433e229so240701915ad.1 for ; Tue, 07 Jan 2025 19:17:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736306266; x=1736911066; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4t/uOfc9VUNs921NK6Lx5J/n9gMhAHcagYHGPMIUcGA=; b=ce6EyiGCdQBf4pyXlJX7CB93Kz75DBbLBSw7uofEHlWRPvN1kpPPKLoKp9eZP9rWwQ LMt2SLMczO/HsIQSPApz3I4cu2NmZHPncA6kP4t560GkXYrCQALYZUHJD2vwn8/Fu8H2 y9G4F4Omw/sQhHSC4pQWL74xoT6ETTU1BtM29KaAsc2XS50a3hXEnuf6Fjd5nRfsPbhK lzI9KLz3hyQNu8JcdQ1nly4rq4Qwr7y1Bu+1QkY1oz9qFNATgGiz1DNtXN0l4I8DcQbl boEQIdwG2xM8qB4Oxo13O1oPnu2PzjHXfCkDjXUtFx4NvmA7UIcx6/sdxXzU7jCbj+yD VAeQ== X-Forwarded-Encrypted: i=1; AJvYcCXM2W0DyaBQBZeYA/wTVOkjfzTPHqp21qkQEqhG1KXsyDulHTtkWhCZAsy1Hr5dFGlP08iL28BtdVz4JUE=@vger.kernel.org X-Gm-Message-State: AOJu0YxUdubIh6r3P54+UYoRWwFlrimzauR/eibWw3hzqplihOv58Bhh I5C3yLzy2d1P2Wx5qlM+EFzrrHO4fHeX6hn3Bglv/eNaBok4W7TLrNYfgRwgc8rc6hq26az4jMP Tkdf/lBLdBrPj0M4PLmmFnN4OHWpnHPVGR6/fOtsNlW9jI7Q2pmCWJkfMSpTf9j2UeRp4bXkzPZ MEaA== X-Gm-Gg: ASbGncs7MPMFaXH96cdlBgXl3um2qGYlWs3M7XyivZ+hcEU/qBz7Buo4M7NZbMHQaaK KgHcI+5Q/Qa7Qtw+eV+TRyUWv/soXNfyRIcDbx6WiBeo4k+uK8Z4pCipqQfndNPvS8qJaHgub6O JIUMzn+hEiW9apLd2YqFMWRvelWvqbM1v9xXmbBog2mqrsQhqZTJnaEyeJ3vMx9rBhFXEVTpVwx dUt1bTU9YIli3EoTeLO0AWOSgu1fP4sqcrLIyECCBoe/mHhQlreWkM+KA== X-Received: by 2002:a05:6a20:1589:b0:1e1:ae68:d8f5 with SMTP id adf61e73a8af0-1e88d12c15amr2416418637.26.1736306265847; Tue, 07 Jan 2025 19:17:45 -0800 (PST) X-Google-Smtp-Source: AGHT+IGRthgxMACPB5dv1Q3iyN7OaE/oSTOZt5h3AhEAU6QH5njnVBnhmyxlJ3Xh1T89ACeeJqFHOw== X-Received: by 2002:a05:6a20:1589:b0:1e1:ae68:d8f5 with SMTP id adf61e73a8af0-1e88d12c15amr2416400637.26.1736306265561; Tue, 07 Jan 2025 19:17:45 -0800 (PST) Received: from z790sl.. ([240f:74:7be:1:4e52:6214:fe82:b2d3]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8dbafesm34973926b3a.128.2025.01.07.19.17.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 19:17:45 -0800 (PST) From: Koichiro Den To: gregkh@linuxfoundation.org, stable@vger.kernel.org Cc: rostedt@goodmis.org, mhiramat@kernel.org, mark.rutland@arm.com, mathieu.desnoyers@efficios.com, zhengyejian1@huawei.com, hagarhem@amazon.com, linux-kernel@vger.kernel.org Subject: [PATCH 5.4] ftrace: use preempt_enable/disable notrace macros to avoid double fault Date: Wed, 8 Jan 2025 12:17:36 +0900 Message-ID: <20250108031736.3318120-1-koichiro.den@canonical.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Since the backport commit eea46baf1451 ("ftrace: Fix possible use-after-free issue in ftrace_location()") on linux-5.4.y branch, the old ftrace_int3_handler()->ftrace_location() path has included rcu_read_lock(), which has mcount location inside and leads to potential double fault. Replace rcu_read_lock/unlock with preempt_enable/disable notrace macros so that the mcount location does not appear on the int3 handler path. This fix is specific to linux-5.4.y branch, the only branch still using ftrace_int3_handler with commit e60b613df8b6 ("ftrace: Fix possible use-after-free issue in ftrace_location()") backported. It also avoids the need to backport the code conversion to text_poke() on this branch. Reported-by: Koichiro Den Closes: https://lore.kernel.org/all/74gjhwxupvozwop7ndhrh7t5qeckomt7yqvkkbm= 5j2tlx6dkfk@rgv7sijvry2k Fixes: eea46baf1451 ("ftrace: Fix possible use-after-free issue in ftrace_l= ocation()") # linux-5.4.y Signed-off-by: Steven Rostedt (Google) Signed-off-by: Koichiro Den --- kernel/trace/ftrace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 380032a27f98..2eb1a8ec5755 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1554,7 +1554,7 @@ unsigned long ftrace_location_range(unsigned long sta= rt, unsigned long end) struct dyn_ftrace key; unsigned long ip =3D 0; =20 - rcu_read_lock(); + preempt_disable_notrace(); key.ip =3D start; key.flags =3D end; /* overload flags, as it is unsigned long */ =20 @@ -1572,7 +1572,7 @@ unsigned long ftrace_location_range(unsigned long sta= rt, unsigned long end) break; } } - rcu_read_unlock(); + preempt_enable_notrace(); return ip; } =20 --=20 2.43.0