From patchwork Tue Jan 7 15:34:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Pavlu X-Patchwork-Id: 13929182 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E5B6DE77197 for ; Tue, 7 Jan 2025 15:35:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4181E6B00BE; Tue, 7 Jan 2025 10:35:49 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 3C8496B00BF; Tue, 7 Jan 2025 10:35:49 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 241946B00C1; Tue, 7 Jan 2025 10:35:49 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id CE8F46B00BE for ; Tue, 7 Jan 2025 10:35:48 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id F36B9809CB for ; Tue, 7 Jan 2025 15:35:47 +0000 (UTC) X-FDA: 82981055976.18.D6CB4ED Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by imf30.hostedemail.com (Postfix) with ESMTP id C97778000D for ; Tue, 7 Jan 2025 15:35:45 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=suse.com header.s=google header.b=KtcBNgaP; spf=pass (imf30.hostedemail.com: domain of petr.pavlu@suse.com designates 209.85.128.45 as permitted sender) smtp.mailfrom=petr.pavlu@suse.com; dmarc=pass (policy=quarantine) header.from=suse.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736264146; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=XZbzK7gNJ8VfH7wLPW3weuF06YbkZOBy++EFlcgPDK4=; b=FiF0pvWbqVqebOzBjSWmFxF7oUkKk/FAtwMTptmncssepc7OIYnLkkMqzYwVbUQ7fP44MU /wku7hz44ROZCUrbhHGqNQBwryDNXHotsFuogJ5vzRKSt8DbHrJq3urxcwU4yh7miy/JVy 0I3aOSlkFB0IK/agbDm5aQJMp4cdQM8= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=suse.com header.s=google header.b=KtcBNgaP; spf=pass (imf30.hostedemail.com: domain of petr.pavlu@suse.com designates 209.85.128.45 as permitted sender) smtp.mailfrom=petr.pavlu@suse.com; dmarc=pass (policy=quarantine) header.from=suse.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736264146; a=rsa-sha256; cv=none; b=FdFcX/QMIEyG/hK4PC7ljquo+H5jdWi9dWlPz3HxfHqUuG2G9QAiSjrKZKJur53U391l+P cW5cBXOrKLdsqzuSxUsxlTqXw1l6CBrFlDvdA6NqP5hNhbec2X7yddsiFFIUkFlRVXeZJb M2R1jbmM2dymNsbS5+a8eXQFQPnk9wo= Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-436202dd7f6so177844995e9.0 for ; Tue, 07 Jan 2025 07:35:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1736264144; x=1736868944; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XZbzK7gNJ8VfH7wLPW3weuF06YbkZOBy++EFlcgPDK4=; b=KtcBNgaPAvMbKvKi074QLOfGmcWv6y9S934aK0UPX5LfzQjRJQGHKgLF+LdVsfCfxA SryfqR5OCeIkhWUD90WQkuJ96y8mgKuSg+dGqN2+6GlAM5ljv9uNpya7SwmFM2ENWujb JYdSsJCafB4twxLEKh2ltdWnwnI0UFBWsGrD262SkADW08rOeK0ZDMTyIF83D8JIpDUc OdZqZqmljF+v+UgTJSsFaEsDwWinxcCboMv5GUC8ML9aL25nHTi8zhOaZAZZJ6mP+oWD E2XLEzJyJAS4FunRS3smKmZX4R/NJvf7bhh6aH3XfJsQJ06x0yDseYSo39Hj4Okb4tnO Rlhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736264144; x=1736868944; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XZbzK7gNJ8VfH7wLPW3weuF06YbkZOBy++EFlcgPDK4=; b=XZJROf4HBSvvj/Wiy+CQBiawGWTowwisNyVOaeav6BoCcuWc2fA3tvkTN+cu8dt37H iJb4Blw3FcQbbJVe4zVZx8+gSwK0KX9lxz4rPTIoc/NTwj84fRuViFEdJDOCRKnqeEae 3sxlzimkEGb7yk2EeEQPcJayonA3ZZvTPggnZ+WBl44qLB50O/rMJpF6eB2CORWxrMOF l6F7GDmBUSnlc7tcCMsyeQiCbO4cTuji2uuim5G9cmhRlEWXfZPpEhXfEsSBw8NGaUWV 6g6IKL8FknQzei+e4T1yLkDlJ6dx6cG7Mh6vNx4TJNfFXRZ1RHp+TEepwHnExdULWA7I wiWw== X-Forwarded-Encrypted: i=1; AJvYcCU7/3mh4byD2qz9ZIfBz55jHMUcc0dkhL37H3w2ZFhQQr/7zpMcdkQiESHWyFYTrzF0tS6A3yQ+zQ==@kvack.org X-Gm-Message-State: AOJu0YyTg9Q1UaDdnxR9QhQKdywHtkeBHSwFsuIztYLmJVWlyHwQo5ex sAFpRmxbuPotH1hE2O17JCRzCYxzxk45vo+6j+p+mJRMryaeoryEzs2vsEYoBkw= X-Gm-Gg: ASbGncuTLUCjV2s+hIORJY5kq8boyWBzMPlPZCW62U9flOue0wSQ3aTI3hdjDSZYREq KKBA7K9SFsvTHE8EDlWMab+xbDDAVWIp/GD+kGNuZHNCazWFaRSWlm5UE4JDBP5rLhR7Y16Ak9F oms9MpP7Ip6XAqkgfez28dhAheQB9EcVwHt+4ep2NjuNXOK/nH6AuBY5cCSOK1t/oPk4o6CVFMs Ngs3Rk08WFannT7xDvQABwVX2RHbkIs+crPz4bo2CgDtuKc1io1iWgUZZQS X-Google-Smtp-Source: AGHT+IHT+uGKdYWP32nNdYuxCzKEUEtl7jwYI4PJVc6e7CGReWgq+hVxrrrOXvulnKWZaYLl+U73CA== X-Received: by 2002:a05:600c:4f84:b0:434:f7ea:fb44 with SMTP id 5b1f17b1804b1-43668644255mr533777585e9.14.1736264144046; Tue, 07 Jan 2025 07:35:44 -0800 (PST) Received: from dhcp161.suse.cz ([193.86.92.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a1c833149sm50170082f8f.39.2025.01.07.07.35.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2025 07:35:43 -0800 (PST) From: Petr Pavlu To: petr.pavlu@suse.com, rppt@kernel.org, akpm@linux-foundation.org Cc: mmaslanka@google.com, mcgrof@kernel.org, regressions@lists.linux.dev, linux-modules@vger.kernel.org, linux-mm@kvack.org, live-patching@vger.kernel.org, joe.lawrence@redhat.com, jpoimboe@kernel.org, pmladek@suse.com Subject: [PATCH] module: Fix writing of livepatch relocations in ROX text Date: Tue, 7 Jan 2025 16:34:57 +0100 Message-ID: <20250107153507.14733-1-petr.pavlu@suse.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <0530eee7-f329-4786-bea3-c9c66d5f0bed@suse.com> References: <0530eee7-f329-4786-bea3-c9c66d5f0bed@suse.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: C97778000D X-Rspamd-Server: rspam12 X-Stat-Signature: zoehciqqbq8hz5y4te3gqbcxewz1ese1 X-Rspam-User: X-HE-Tag: 1736264145-827094 X-HE-Meta: U2FsdGVkX19KPHlrefv8dD2ARozkvWDGcjhmmjlODDlH4eiFIB5mzAzD9SRpyTZ/suckoBIGrDwTwSis7ZCqxyPKaLs9mVNYSq+Ot4faxmt6NMZacB32NhGAL+fUceTHmUE2lBEdzvdb1mSzXDLxZh0N/3fWizAIV+Rcd/mXkPs61kQRN17E0Yd23MknhyPx1zDkk4q+9sNQ99nW0E2CiAX+jiRSLVCV+MBCyIjjWZeTwCWKUAA7E7QkVBTD/sECVdXaq9YONZ6BkNwaUZrr3bEl2Z+iU/x+/Pjsump4aLeTPevVEhT0iursDgbkHo3FwNHdtzjtz3VNl5hHUqQAiNwOByx519+NR4iigGgE6Vih8D15cOdRTuZs2YlaiZmZdV7TJ1zBvtYwe066WBW+cmx3/ohxcCHXClJdFPd4mWPyAcEoESNEexwVAqMu5JwZJcdxIKsrVn4PGpow7SzFi2Jm3G1XLGN5hRV2er0ZbMWQPhSdsvU9Wx3SRF9EYXfz7yJl13/46XQweudVwcSVbJRmHEjgRDHfJI4FT7326SKuezZd3ihAFphYtz1rh4lz/yh6JnkNADFdgpETXYNpwIXWQgLY/ItBoP+xrwLyF03JeZcRsXJqxD1ZZ92hkI66nCGOR9VUi8fc0DvFnOF0pEvSTfW6X86nksDQX3AlCUq9idGnXHlCU+AVqVVyJXpuW6u1t9WkUxNEEoDryUOspD1CXtN4v5t7o/GycEZCyQwxRq7CW5gNxTIKd9z6co03JcmgmbX5fVKFrOaj3P9skuXgzFkW7BH2IqBoGdcys0i6vdCcYkWtY88lo7lFdOXtDeh+Y907nUpYdjde7R1N5H5S7dGgkFcWoPxQJaEoq/VpNmMFtCekM+OVxn50BMWMZ+NaO1eHTN0scTcgmaCKem7dEs5ahXNMJY69PWm29dIvvIewi2dxkQjJgQuxmQpEccMbhcET1i7tlPXUnUz XhRD5+kM 8OSUF4AA7AdaeOI8Mixs5g89ts+P595Tt4P8FIFC2vXznIqrwtlJbqU/t8Jx8Eyo2lG8AFyAC7YEQ+mA69zQsnKCRn06MzXHX1ZYvM16pSjMiyDqXoF4KHfavD37KlooYIqKpxKJu3tt1BR+CwLLffdhR/KDeHdrp5hvm0tJxrhlQWdhD+TQjjcir9Kor1x3JB07+A+aT2PlP4Rb0rsSWb7O6w7FQOL19s1DCznECiSDvqVy7cwAAFnriGS8K6w+FGQ+js+C5wdKvX30QwTi8SI3mgF+SaF87r9wDZz5MgDjcpKhbEe8Hy2ll+ARMUqoBpRvNZfmJXUJPyQfHR8JRyIwtdy6zK/fQbFpGPR66N7PDOx4A+jVo9fdXHCwLAoLFURXn0+4VbTDL5ZPZ52+Fxy5L5Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: A livepatch module can contain a special relocation section .klp.rela.. to apply its relocations at the appropriate time and to additionally access local and unexported symbols. When points to another module, such relocations are processed separately from the regular module relocation process. For instance, only when the target actually becomes loaded. With CONFIG_STRICT_MODULE_RWX, when the livepatch core decides to apply these relocations, their processing results in the following bug: [ 25.827238] BUG: unable to handle page fault for address: 00000000000012ba [ 25.827819] #PF: supervisor read access in kernel mode [ 25.828153] #PF: error_code(0x0000) - not-present page [ 25.828588] PGD 0 P4D 0 [ 25.829063] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ 25.829742] CPU: 2 UID: 0 PID: 452 Comm: insmod Tainted: G O K 6.13.0-rc4-00078-g059dd502b263 #7820 [ 25.830417] Tainted: [O]=OOT_MODULE, [K]=LIVEPATCH [ 25.830768] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 [ 25.831651] RIP: 0010:memcmp+0x24/0x60 [ 25.832190] Code: [...] [ 25.833378] RSP: 0018:ffffa40b403a3ae8 EFLAGS: 00000246 [ 25.833637] RAX: 0000000000000000 RBX: ffff93bc81d8e700 RCX: ffffffffc0202000 [ 25.834072] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000000012ba [ 25.834548] RBP: ffffa40b403a3b68 R08: ffffa40b403a3b30 R09: 0000004a00000002 [ 25.835088] R10: ffffffffffffd222 R11: f000000000000000 R12: 0000000000000000 [ 25.835666] R13: ffffffffc02032ba R14: ffffffffc007d1e0 R15: 0000000000000004 [ 25.836139] FS: 00007fecef8c3080(0000) GS:ffff93bc8f900000(0000) knlGS:0000000000000000 [ 25.836519] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.836977] CR2: 00000000000012ba CR3: 0000000002f24000 CR4: 00000000000006f0 [ 25.837442] Call Trace: [ 25.838297] [ 25.841083] __write_relocate_add.constprop.0+0xc7/0x2b0 [ 25.841701] apply_relocate_add+0x75/0xa0 [ 25.841973] klp_write_section_relocs+0x10e/0x140 [ 25.842304] klp_write_object_relocs+0x70/0xa0 [ 25.842682] klp_init_object_loaded+0x21/0xf0 [ 25.842972] klp_enable_patch+0x43d/0x900 [ 25.843572] do_one_initcall+0x4c/0x220 [ 25.844186] do_init_module+0x6a/0x260 [ 25.844423] init_module_from_file+0x9c/0xe0 [ 25.844702] idempotent_init_module+0x172/0x270 [ 25.845008] __x64_sys_finit_module+0x69/0xc0 [ 25.845253] do_syscall_64+0x9e/0x1a0 [ 25.845498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 25.846056] RIP: 0033:0x7fecef9eb25d [ 25.846444] Code: [...] [ 25.847563] RSP: 002b:00007ffd0c5d6de8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 25.848082] RAX: ffffffffffffffda RBX: 000055b03f05e470 RCX: 00007fecef9eb25d [ 25.848456] RDX: 0000000000000000 RSI: 000055b001e74e52 RDI: 0000000000000003 [ 25.848969] RBP: 00007ffd0c5d6ea0 R08: 0000000000000040 R09: 0000000000004100 [ 25.849411] R10: 00007fecefac7b20 R11: 0000000000000246 R12: 000055b001e74e52 [ 25.849905] R13: 0000000000000000 R14: 000055b03f05e440 R15: 0000000000000000 [ 25.850336] [ 25.850553] Modules linked in: deku(OK+) uinput [ 25.851408] CR2: 00000000000012ba [ 25.852085] ---[ end trace 0000000000000000 ]--- The problem is that the .klp.rela.. relocations are processed after the module was already formed and mod->rw_copy was reset. However, the code in __write_relocate_add() calls module_writable_address() which translates the target address 'loc' still to 'loc + (mem->rw_copy - mem->base)', with mem->rw_copy now being 0. Fix the problem by returning directly 'loc' in module_writable_address() when the module is already formed. Function __write_relocate_add() knows to use text_poke() in such a case. Fixes: 0c133b1e78cd ("module: prepare to handle ROX allocations for text") Reported-by: Marek Maslanka Closes: https://lore.kernel.org/linux-modules/CAGcaFA2hdThQV6mjD_1_U+GNHThv84+MQvMWLgEuX+LVbAyDxg@mail.gmail.com/ Signed-off-by: Petr Pavlu Reviewed-by: Petr Mladek Tested-by: Petr Mladek --- include/linux/module.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) base-commit: 9d89551994a430b50c4fffcb1e617a057fa76e20 diff --git a/include/linux/module.h b/include/linux/module.h index 94acbacdcdf1..b3a643435357 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -773,7 +773,8 @@ void *__module_writable_address(struct module *mod, void *loc); static inline void *module_writable_address(struct module *mod, void *loc) { - if (!IS_ENABLED(CONFIG_ARCH_HAS_EXECMEM_ROX) || !mod) + if (!IS_ENABLED(CONFIG_ARCH_HAS_EXECMEM_ROX) || !mod || + mod->state != MODULE_STATE_UNFORMED) return loc; return __module_writable_address(mod, loc); }