| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Feb 2022 17:27:33 -0800
From: Stephen Boyd <swboyd@...omium.org>
To: stable@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, Steven Rostedt <rostedt@...dmis.org>,
Joel Fernandes <joel@...lfernandes.org>,
Mark Rutland <mark.rutland@....com>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Sami Tolvanen <samitolvanen@...gle.com>
Subject: arm64 ftrace fixes for v5.4.y
Hi stable maintainers,
I recently ran into an issue where trying to load a module with jump
table entries crashes the system when function tracing is enabled. The
crash happens because ftrace is modifying the code and then marking it
as read-only too early. ftrace_make_call() calls module_enable_ro(mod,
true) before module init is over because ftrace_module_enable() calls
__ftrace_replace_code() which does FTRACE_UPDATE_MAKE_CALL. All this
code is gone now upstream but is still present on v5.4 stable kernels. I
picked this set of patches to v5.4 and it fixed it for me.
fbf6c73c5b26 ftrace: add ftrace_init_nop()
a1326b17ac03 module/ftrace: handle patchable-function-entry
bd8b21d3dd66 arm64: module: rework special section handling
f1a54ae9af0d arm64: module/ftrace: intialize PLT at load time
after doing that I ran into another issue because I'm using clang. Would
it be possible to pick two more patches to the stable tree to silence
this module warning from sysfs complaining about
/module/<modname>/sections/__patchable_function_entries being
duplicated?
dd2776222abb kbuild: lto: merge module sections
6a3193cdd5e5 kbuild: lto: Merge module sections if and only if
CONFIG_LTO_CLANG is enabled
All of these apply cleanly to v5.4.y stable branch.
Crash below.
Unable to handle kernel write to read-only memory at virtual address
ffffffd1b81fc0b0
Mem abort info:
ESR = 0x9600004f
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
Data abort info:
ISV = 0, ISS = 0x0000004f
CM = 0, WnR = 1
swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000081bc1000
[ffffffd1b81fc0b0] pgd=0000000271858003, pud=0000000271858003,
pmd=0000000266c05003, pte=00600001f3f4df93
Internal error: Oops: 9600004f [#1] PREEMPT SMP
Modules linked in: vsock(+) <a bunch more modules>
CPU: 5 PID: 6254 Comm: modprobe Not tainted 5.4.177 #19
Hardware name: Google Lazor (rev3 - 8) with KB Backlight (DT)
pstate: 60400009 (nZCv daif +PAN -UAO)
pc : jump_label_swap+0x2c/0x68
lr : jump_label_swap+0x18/0x68
sp : ffffffc01946bb10
x29: ffffffc01946bb10 x28: 00000000000000b0
x27: 0000000000000010 x26: 00000000000000b0
x25: 00000000000001a0 x24: ffffffd1b81fc180
x23: ffffffd2036540fc x22: ffffffd1b81fc000
x21: 0000000000000010 x20: ffffffd1b81fc0b0
x19: ffffffd1b81fc180 x18: 0000000000000000
x17: ffffffd204006e08 x16: 0000000000006000
x15: ffffffd1b8209000 x14: 0066ba79a6ffffff
x13: 0000000000000004 x12: 000000004c55e4d8
x11: 00000000ffffd9f0 x10: 00000000ffffd754
x9 : ffffffffffffff30 x8 : 00000000ffffe2ec
x7 : fefefefefefefefe x6 : 00000000000341d5
x5 : ffffffd203654164 x4 : ffffffd2036540fc
x3 : 0000000000000000 x2 : ffffffc01946bb30
x1 : ffffffd203654110 x0 : 00000000fffffff0
Call trace:
jump_label_swap+0x2c/0x68
do_swap+0x98/0xa0
sort_r+0x178/0x1a0
sort+0x14/0x1c
jump_label_module_notify+0x7c/0x2c0
notifier_call_chain+0x58/0x90
__blocking_notifier_call_chain+0x58/0x84
blocking_notifier_call_chain+0x38/0x48
prepare_coming_module+0x30/0x3c
load_module+0xda4/0xf8c
__arm64_sys_finit_module+0xa4/0xdc
el0_svc_common+0xb4/0x17c
el0_svc_compat_handler+0x2c/0x58
el0_svc_compat+0x8/0x2c
Code: cb130289 29402e8a f940068c 4b090108 (b9000288)
Powered by blists - more mailing lists