• Marc Zyngier's avatar
    arm64: Fix text patching logic when using fixmap · f6242cac
    Marc Zyngier authored
    Patch 2f896d58 ("arm64: use fixmap for text patching") changed
    the way we patch the kernel text, using a fixmap when the kernel or
    modules are flagged as read only.
    
    Unfortunately, a flaw in the logic makes it fall over when patching
    modules without CONFIG_DEBUG_SET_MODULE_RONX enabled:
    
    [...]
    [   32.032636] Call trace:
    [   32.032716] [<fffffe00003da0dc>] __copy_to_user+0x2c/0x60
    [   32.032837] [<fffffe0000099f08>] __aarch64_insn_write+0x94/0xf8
    [   32.033027] [<fffffe000009a0a0>] aarch64_insn_patch_text_nosync+0x18/0x58
    [   32.033200] [<fffffe000009c3ec>] ftrace_modify_code+0x58/0x84
    [   32.033363] [<fffffe000009c4e4>] ftrace_make_nop+0x3c/0x58
    [   32.033532] [<fffffe0000164420>] ftrace_process_locs+0x3d0/0x5c8
    [   32.033709] [<fffffe00001661cc>] ftrace_module_init+0x28/0x34
    [   32.033882] [<fffffe0000135148>] load_module+0xbb8/0xfc4
    [   32.034044] [<fffffe0000135714>] SyS_finit_module+0x94/0xc4
    [...]
    
    This is triggered by the use of virt_to_page() on a module address,
    which ends to pointing to Nowhereland if you're lucky, or corrupt
    your precious data if not.
    
    This patch fixes the logic by mimicking what is done on arm:
    - If we're patching a module and CONFIG_DEBUG_SET_MODULE_RONX is set,
      use vmalloc_to_page().
    - If we're patching the kernel and CONFIG_DEBUG_RODATA is set,
      use virt_to_page().
    - Otherwise, use the provided address, as we can write to it directly.
    
    Tested on 4.0-rc1 as a KVM guest.
    Reported-by: default avatarRichard W.M. Jones <rjones@redhat.com>
    Reviewed-by: default avatarKees Cook <keescook@chromium.org>
    Acked-by: default avatarMark Rutland <mark.rutland@arm.com>
    Acked-by: default avatarLaura Abbott <lauraa@codeaurora.org>
    Tested-by: default avatarRichard W.M. Jones <rjones@redhat.com>
    Cc: Will Deacon <will.deacon@arm.com>
    Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
    Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    f6242cac
insn.c 23.9 KB