From: Steven Rostedt <rostedt@goodmis.org>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Kees Cook <keescook@chromium.org>,
LKML <linux-kernel@vger.kernel.org>,
x86@kernel.org, Masami Hiramatsu <mhiramat@kernel.org>,
"Luis R. Rodriguez" <mcgrof@kernel.org>,
Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH] x86/ftrace: Make sure that ftrace trampolines are not RWX
Date: Wed, 24 May 2017 18:25:47 -0400 [thread overview]
Message-ID: <20170524182547.5c085dc7@vmware.local.home> (raw)
In-Reply-To: <alpine.DEB.2.20.1705242112210.2283@nanos>
On Wed, 24 May 2017 21:13:27 +0200 (CEST)
Thomas Gleixner <tglx@linutronix.de> wrote:
> > Oops: 0003 [#1] SMP
> > Modules linked in:
> > CPU: 3 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc2-test+ #42
> > Hardware name: MSI MS-7823/CSM-H87M-G43 (MS-7823), BIOS V1.6
> > 02/22/2014 task: ffff8802153a8000 task.stack: ffffc90000c74000
> > RIP: 0010:new_slab+0x1e8/0x2b4
> > RSP: 0000:ffffc90000c77b28 EFLAGS: 00010282
> > RAX: 0000000040040000 RBX: ffff880216003f00 RCX: ffff880214f5c058
> > RDX: 0000000000000000 RSI: ffff880214f5c000 RDI: ffff880216003f00
> > RBP: ffffc90000c77b70 R08: 000000000000002a R09: 0000000000000000
> > R10: 00000000000201e2 R11: 0000000000020190 R12: ffff880214f5c000
> > R13: 000000000000002e R14: 0000000000000001 R15: ffffea000853d700
> > FS: 0000000000000000(0000) GS:ffff88021eb80000(0000)
> > knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0:
> > 0000000080050033 CR2: ffff880214f5c000 CR3: 000000000221d000 CR4:
> > 00000000001406e0 Call Trace:
> > ? interleave_nodes+0x29/0x40
> > ___slab_alloc+0x2e8/0x49e
>
> That does not make any sense, but I'm digging into it.
The trampolines uses the module allocation, and it appears, that needs
to become rw before freeing again.
I applied this patch, and it appears to fix the bug for me.
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
-- Steve
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 663a35d..5e93a9a 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -689,8 +689,12 @@ static inline void *alloc_tramp(unsigned long size)
{
return module_alloc(size);
}
-static inline void tramp_free(void *tramp)
+static inline void tramp_free(void *tramp, int size)
{
+ int npages;
+
+ npages = PAGE_ALIGN(size) >> PAGE_SHIFT;
+ set_memory_rw((unsigned long)tramp, npages);
module_memfree(tramp);
}
#else
@@ -699,7 +703,7 @@ static inline void *alloc_tramp(unsigned long size)
{
return NULL;
}
-static inline void tramp_free(void *tramp) { }
+static inline void tramp_free(void *tramp, int size) { }
#endif
/* Defined as markers to the end of the ftrace default trampolines */
@@ -771,7 +775,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
/* Copy ftrace_caller onto the trampoline memory */
ret = probe_kernel_read(trampoline, (void *)start_offset, size);
if (WARN_ON(ret < 0)) {
- tramp_free(trampoline);
+ tramp_free(trampoline, *tramp_size);
return 0;
}
@@ -797,7 +801,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
/* Are we pointing to the reference? */
if (WARN_ON(memcmp(op_ptr.op, op_ref, 3) != 0)) {
- tramp_free(trampoline);
+ tramp_free(trampoline, *tramp_size);
return 0;
}
@@ -943,7 +947,7 @@ void arch_ftrace_trampoline_free(struct ftrace_ops *ops)
if (!ops || !(ops->flags & FTRACE_OPS_FL_ALLOC_TRAMP))
return;
- tramp_free((void *)ops->trampoline);
+ tramp_free((void *)ops->trampoline, ops->trampoline_size);
ops->trampoline = 0;
}
next prev parent reply other threads:[~2017-05-24 22:26 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-24 13:47 [PATCH] x86/ftrace: Make sure that ftrace trampolines are not RWX Thomas Gleixner
2017-05-24 14:33 ` Masami Hiramatsu
2017-05-24 15:04 ` Steven Rostedt
2017-05-24 17:47 ` Steven Rostedt
2017-05-24 18:16 ` Luis R. Rodriguez
2017-05-24 18:53 ` Thomas Gleixner
2017-05-24 19:34 ` Luis R. Rodriguez
2017-05-24 19:13 ` Thomas Gleixner
2017-05-24 22:25 ` Steven Rostedt [this message]
2017-05-24 23:18 ` Luis R. Rodriguez
2017-05-25 6:25 ` Thomas Gleixner
2017-05-25 8:57 ` [PATCH V2] " Thomas Gleixner
2017-05-25 15:15 ` Steven Rostedt
2017-05-25 17:46 ` Luis R. Rodriguez
2017-05-25 19:51 ` Kees Cook
2017-05-26 7:03 ` Thomas Gleixner
2017-05-26 9:27 ` Heiko Carstens
2017-05-26 9:56 ` Thomas Gleixner
2017-05-26 11:40 ` Michael Ellerman
2017-05-26 9:49 ` Masami Hiramatsu
2017-05-26 13:37 ` Steven Rostedt
2017-05-26 13:50 ` Thomas Gleixner
2017-05-26 13:58 ` Steven Rostedt
2017-05-25 9:09 ` [PATCH] " Masami Hiramatsu
2017-05-25 10:34 ` Masami Hiramatsu
2017-05-25 15:18 ` Steven Rostedt
2017-05-26 1:34 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170524182547.5c085dc7@vmware.local.home \
--to=rostedt@goodmis.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mhiramat@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.