From: Steven Rostedt <rostedt@goodmis.org>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Kees Cook <keescook@chromium.org>,
LKML <linux-kernel@vger.kernel.org>,
x86@kernel.org, Masami Hiramatsu <mhiramat@kernel.org>,
"Luis R. Rodriguez" <mcgrof@kernel.org>,
Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH] x86/ftrace: Make sure that ftrace trampolines are not RWX
Date: Wed, 24 May 2017 11:04:25 -0400 [thread overview]
Message-ID: <20170524110425.4d7916b8@vmware.local.home> (raw)
In-Reply-To: <alpine.DEB.2.20.1705241459480.2201@nanos>
On Wed, 24 May 2017 15:47:17 +0200 (CEST)
Thomas Gleixner <tglx@linutronix.de> wrote:
> ftrace uses module_alloc() to allocate trampoline pages. The mapping
> of module_alloc() is RWX, which makes sense as the memory is written
> to right after allocation. But nothing makes these pages RO after
> writing to them.
>
> This problem exists since ftrace uses trampolines on x86, but it went
> unnoticed because the W=X sanity check only triggers when the tracer
> builtin selftests are enabled. Though the mappings are also created
> W+X w/o the self tests when the tracer is used after booting.
>
> Add proper set_memory_rw/ro() calls to [un]protect the trampolines
> before and after modification.
>
> Fixes: f3bea49115b2 ("ftrace/x86: Add dynamic allocated trampoline
> for ftrace_ops") Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Thanks! I was thinking that this was the issue after your last reply.
I'll send this to my box at home and run my tests against it. I'll let
you know tomorrow the results.
-- Steve
> ---
> arch/x86/kernel/ftrace.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> --- a/arch/x86/kernel/ftrace.c
> +++ b/arch/x86/kernel/ftrace.c
> @@ -839,7 +839,7 @@ void arch_ftrace_update_trampoline(struc
> unsigned long offset;
> unsigned long ip;
> unsigned int size;
> - int ret;
> + int ret, npages;
>
> if (ops->trampoline) {
> /*
> @@ -848,11 +848,14 @@ void arch_ftrace_update_trampoline(struc
> */
> if (!(ops->flags & FTRACE_OPS_FL_ALLOC_TRAMP))
> return;
> + npages = PAGE_ALIGN(ops->trampoline_size) >>
> PAGE_SHIFT;
> + set_memory_rw(ops->trampoline, npages);
> } else {
> ops->trampoline = create_trampoline(ops, &size);
> if (!ops->trampoline)
> return;
> ops->trampoline_size = size;
> + npages = PAGE_ALIGN(size) >> PAGE_SHIFT;
> }
>
> offset = calc_trampoline_call_offset(ops->flags &
> FTRACE_OPS_FL_SAVE_REGS); @@ -863,6 +866,7 @@ void
> arch_ftrace_update_trampoline(struc /* Do a safe modify in case the
> trampoline is executing */ new = ftrace_call_replace(ip, (unsigned
> long)func); ret = update_ftrace_func(ip, new);
> + set_memory_ro(ops->trampoline, npages);
>
> /* The update should never fail */
> WARN_ON(ret);
next prev parent reply other threads:[~2017-05-24 15:04 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-24 13:47 [PATCH] x86/ftrace: Make sure that ftrace trampolines are not RWX Thomas Gleixner
2017-05-24 14:33 ` Masami Hiramatsu
2017-05-24 15:04 ` Steven Rostedt [this message]
2017-05-24 17:47 ` Steven Rostedt
2017-05-24 18:16 ` Luis R. Rodriguez
2017-05-24 18:53 ` Thomas Gleixner
2017-05-24 19:34 ` Luis R. Rodriguez
2017-05-24 19:13 ` Thomas Gleixner
2017-05-24 22:25 ` Steven Rostedt
2017-05-24 23:18 ` Luis R. Rodriguez
2017-05-25 6:25 ` Thomas Gleixner
2017-05-25 8:57 ` [PATCH V2] " Thomas Gleixner
2017-05-25 15:15 ` Steven Rostedt
2017-05-25 17:46 ` Luis R. Rodriguez
2017-05-25 19:51 ` Kees Cook
2017-05-26 7:03 ` Thomas Gleixner
2017-05-26 9:27 ` Heiko Carstens
2017-05-26 9:56 ` Thomas Gleixner
2017-05-26 11:40 ` Michael Ellerman
2017-05-26 9:49 ` Masami Hiramatsu
2017-05-26 13:37 ` Steven Rostedt
2017-05-26 13:50 ` Thomas Gleixner
2017-05-26 13:58 ` Steven Rostedt
2017-05-25 9:09 ` [PATCH] " Masami Hiramatsu
2017-05-25 10:34 ` Masami Hiramatsu
2017-05-25 15:18 ` Steven Rostedt
2017-05-26 1:34 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170524110425.4d7916b8@vmware.local.home \
--to=rostedt@goodmis.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mhiramat@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.