From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S967987AbdEXPEd (ORCPT ); Wed, 24 May 2017 11:04:33 -0400 Received: from smtprelay0177.hostedemail.com ([216.40.44.177]:43273 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933672AbdEXPEb (ORCPT ); Wed, 24 May 2017 11:04:31 -0400 X-Session-Marker: 726F737465647440676F6F646D69732E6F7267 X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,rostedt@goodmis.org,:::::::::::::,RULES_HIT:41:355:379:541:599:800:960:988:989:1260:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1534:1542:1593:1594:1711:1730:1747:1777:1792:2194:2198:2199:2200:2393:2553:2559:2562:2895:2897:3138:3139:3140:3141:3142:3354:3622:3865:3866:3867:3868:3870:3871:3872:3873:3874:4250:4362:4559:5007:6248:6261:7875:7903:8603:9040:10004:10400:10848:10967:11026:11232:11473:11658:11914:12043:12438:12555:12740:12760:12895:13439:14096:14097:14181:14659:14721:21080:21433:21451:21627:30054:30070:30083:30090:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:3,LUA_SUMMARY:none X-HE-Tag: water25_2717f758c055a X-Filterd-Recvd-Size: 3308 Date: Wed, 24 May 2017 11:04:25 -0400 From: Steven Rostedt To: Thomas Gleixner Cc: Kees Cook , LKML , x86@kernel.org, Masami Hiramatsu , "Luis R. Rodriguez" , Peter Zijlstra Subject: Re: [PATCH] x86/ftrace: Make sure that ftrace trampolines are not RWX Message-ID: <20170524110425.4d7916b8@vmware.local.home> In-Reply-To: References: X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 24 May 2017 15:47:17 +0200 (CEST) Thomas Gleixner wrote: > ftrace uses module_alloc() to allocate trampoline pages. The mapping > of module_alloc() is RWX, which makes sense as the memory is written > to right after allocation. But nothing makes these pages RO after > writing to them. > > This problem exists since ftrace uses trampolines on x86, but it went > unnoticed because the W=X sanity check only triggers when the tracer > builtin selftests are enabled. Though the mappings are also created > W+X w/o the self tests when the tracer is used after booting. > > Add proper set_memory_rw/ro() calls to [un]protect the trampolines > before and after modification. > > Fixes: f3bea49115b2 ("ftrace/x86: Add dynamic allocated trampoline > for ftrace_ops") Signed-off-by: Thomas Gleixner Thanks! I was thinking that this was the issue after your last reply. I'll send this to my box at home and run my tests against it. I'll let you know tomorrow the results. -- Steve > --- > arch/x86/kernel/ftrace.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > --- a/arch/x86/kernel/ftrace.c > +++ b/arch/x86/kernel/ftrace.c > @@ -839,7 +839,7 @@ void arch_ftrace_update_trampoline(struc > unsigned long offset; > unsigned long ip; > unsigned int size; > - int ret; > + int ret, npages; > > if (ops->trampoline) { > /* > @@ -848,11 +848,14 @@ void arch_ftrace_update_trampoline(struc > */ > if (!(ops->flags & FTRACE_OPS_FL_ALLOC_TRAMP)) > return; > + npages = PAGE_ALIGN(ops->trampoline_size) >> > PAGE_SHIFT; > + set_memory_rw(ops->trampoline, npages); > } else { > ops->trampoline = create_trampoline(ops, &size); > if (!ops->trampoline) > return; > ops->trampoline_size = size; > + npages = PAGE_ALIGN(size) >> PAGE_SHIFT; > } > > offset = calc_trampoline_call_offset(ops->flags & > FTRACE_OPS_FL_SAVE_REGS); @@ -863,6 +866,7 @@ void > arch_ftrace_update_trampoline(struc /* Do a safe modify in case the > trampoline is executing */ new = ftrace_call_replace(ip, (unsigned > long)func); ret = update_ftrace_func(ip, new); > + set_memory_ro(ops->trampoline, npages); > > /* The update should never fail */ > WARN_ON(ret);