Add patch to fix aarch64 KVM bug with module loading (rhbz 1194366).

0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch

@@ -0,0 +1,68 @@
+From a79ebe4eb65331733803df4a7fd634d3b709af7b Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Tue, 24 Feb 2015 16:30:21 +0000
+Subject: [PATCH] arm64: Fix text patching logic when using fixmap
+
+Patch 2f896d586610 ("arm64: use fixmap for text patching") changed
+the way we patch the kernel text, using a fixmap when the kernel or
+modules are flagged as read only.
+
+Unfortunately, a flaw in the logic makes it fall over when patching
+modules without CONFIG_DEBUG_SET_MODULE_RONX enabled:
+
+[...]
+[   32.032636] Call trace:
+[   32.032716] [<fffffe00003da0dc>] __copy_to_user+0x2c/0x60
+[   32.032837] [<fffffe0000099f08>] __aarch64_insn_write+0x94/0xf8
+[   32.033027] [<fffffe000009a0a0>] aarch64_insn_patch_text_nosync+0x18/0x58
+[   32.033200] [<fffffe000009c3ec>] ftrace_modify_code+0x58/0x84
+[   32.033363] [<fffffe000009c4e4>] ftrace_make_nop+0x3c/0x58
+[   32.033532] [<fffffe0000164420>] ftrace_process_locs+0x3d0/0x5c8
+[   32.033709] [<fffffe00001661cc>] ftrace_module_init+0x28/0x34
+[   32.033882] [<fffffe0000135148>] load_module+0xbb8/0xfc4
+[   32.034044] [<fffffe0000135714>] SyS_finit_module+0x94/0xc4
+[...]
+
+This is triggered by the use of virt_to_page() on a module address,
+which ends to pointing to Nowhereland if you're lucky, or corrupt
+your precious data if not.
+
+This patch fixes the logic by mimicking what is done on arm:
+- If we're patching a module and CONFIG_DEBUG_SET_MODULE_RONX is set,
+  use vmalloc_to_page().
+- If we're patching the kernel and CONFIG_DEBUG_RODATA is set,
+  use virt_to_page().
+- Otherwise, use the provided address, as we can write to it directly.
+
+Tested on 4.0-rc1 as a KVM guest.
+
+Reported-by: Richard W.M. Jones <rjones@redhat.com>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Laura Abbott <lauraa@codeaurora.org>
+Cc: Catalin Marinas <catalin.marinas@arm.com>
+Cc: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+---
+ arch/arm64/kernel/insn.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm64/kernel/insn.c b/arch/arm64/kernel/insn.c
+index 27d4864..c8eca88 100644
+--- a/arch/arm64/kernel/insn.c
++++ b/arch/arm64/kernel/insn.c
+@@ -87,8 +87,10 @@ static void __kprobes *patch_map(void *addr, int fixmap)
+ 
+ 	if (module && IS_ENABLED(CONFIG_DEBUG_SET_MODULE_RONX))
+ 		page = vmalloc_to_page(addr);
+-	else
++	else if (!module && IS_ENABLED(CONFIG_DEBUG_RODATA))
+ 		page = virt_to_page(addr);
++	else
++		return addr;
+ 
+ 	BUG_ON(!page);
+ 	set_fixmap(fixmap, page_to_phys(page));
+-- 
+2.3.0
+

kernel.spec

@@ -42,7 +42,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 1
+%global baserelease 2
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -627,6 +627,9 @@ Patch26139: HID-i2c-hid-Limit-reads-to-wMaxInputLength-bytes-for.patch
 Patch30000: kernel-arm64.patch
 Patch30001: kernel-arm64-fix-psci-when-pg.patch
 
+# Not yet upstream, for https://bugzilla.redhat.com/show_bug.cgi?id=1194366#c12
+Patch30002: 0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1359,6 +1362,8 @@ ApplyPatch kernel-arm64.patch -R
 %endif
 %endif
 ApplyPatch kernel-arm64-fix-psci-when-pg.patch
+# Not yet upstream, for https://bugzilla.redhat.com/show_bug.cgi?id=1194366#c12
+ApplyPatch 0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch
 
 # END OF PATCH APPLICATIONS
 
@@ -2210,6 +2215,9 @@ fi
 #
 # 
 %changelog
+* Tue Feb 24 2015 Richard W.M. Jones <rjones@redhat.com> - 4.0.0-0.rc1.git0.2
+- Add patch to fix aarch64 KVM bug with module loading (rhbz 1194366).
+
 * Tue Feb 24 2015 Peter Robinson <pbrobinson@fedoraproject.org>
 - Minor ARM config update