Re: [PATCH] arm64/module: Support for patching modules during runtime

Linux-ARM-Kernel Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Will Deacon <will@kernel.org>
To: fanqincui@163.com
Cc: catalin.marinas@arm.com, linux-arm-kernel@lists.infradead.org,
	linux-kernel@vger.kernel.org, Fanqin Cui <cuifq1@chinatelecom.cn>,
	maz@kernel.org
Subject: Re: [PATCH] arm64/module: Support for patching modules during runtime
Date: Fri, 8 Aug 2025 12:54:34 +0100	[thread overview]
Message-ID: <aJXlegQfZTdimS3k@willie-the-truck> (raw)
In-Reply-To: <20250807072700.348514-1-fanqincui@163.com>

On Thu, Aug 07, 2025 at 03:27:00AM -0400, fanqincui@163.com wrote:
> From: Fanqin Cui <cuifq1@chinatelecom.cn>
> 
> If use the ALTERNATIVE_CB interface in a kernel module to
> patch code, the kernel will crash. The relevant log is as follows:
> 
>  Mem abort info:
>    ESR = 0x000000008600000f
>    EC = 0x21: IABT (current EL), IL = 32 bits
>    SET = 0, FnV = 0
>    EA = 0, S1PTW = 0
>    FSC = 0x0f: level 3 permission fault
>  swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000013cfbed000
>  [ffff80007b0b0000] pgd=0000000000000000, p4d=10000013d0d03003,
> pud=1000000103175403, pmd=1000000115804403, pte=0068000116b77703
>  Internal error: Oops: 000000008600000f [#1]  SMP
> 
>  Call trace:
>   0xffff80007b0b0000 (P)
>   apply_alternatives_module+0x48/0x7c
>   module_finalize+0xc0/0x134
>   load_module+0x15c0/0x1c08
>   init_module_from_file+0x8c/0xcc
>   __arm64_sys_finit_module+0x1c0/0x2d4
>   invoke_syscall+0x48/0x110
>   el0_svc_common.constprop.0+0xc0/0xe0
>   do_el0_svc+0x1c/0x28
>   el0_svc+0x34/0xf0
>   el0t_64_sync_handler+0xa0/0xe4
>   el0t_64_sync+0x198/0x19c
>  Code: 00000000 00000000 00000000 00000000 (d503233f)
>  ---[ end trace 0000000000000000 ]---
> 
> To avoid this problem, this commit supports add a new section.
> When the module is loading, this section will be found and the
> page table attributes will be set to executable state in advance.
> 
> Signed-off-by: Fanqin Cui <cuifq1@chinatelecom.cn>
> ---
>  arch/arm64/kernel/module.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c
> index 40148d2725ce..2160b2877935 100644
> --- a/arch/arm64/kernel/module.c
> +++ b/arch/arm64/kernel/module.c
> @@ -24,6 +24,7 @@
>  #include <asm/scs.h>
>  #include <asm/sections.h>
>  #include <asm/text-patching.h>
> +#include <asm-generic/set_memory.h>
>  
>  enum aarch64_reloc_op {
>  	RELOC_OP_NONE,
> @@ -477,6 +478,9 @@ int module_finalize(const Elf_Ehdr *hdr,
>  	const Elf_Shdr *s;
>  	int ret;
>  
> +	s = find_section(hdr, sechdrs, ".text.alternative_cb");
> +	if (s && s->sh_size > PAGE_SIZE && PAGE_ALIGNED(s->sh_addr))
> +		set_memory_x(s->sh_addr, s->sh_size >> PAGE_SHIFT);

Hmm, so the alternatives callback function lives in the module itself?
Which module does that? I'm a bit nervous about running module code
before the module has actually finished loading...

Does layout_sections() correctly map '.text.alternative_cb' as
executable later on?

Will

next prev parent reply	other threads:[~2025-08-08 12:24 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-08-07  7:27 [PATCH] arm64/module: Support for patching modules during runtime fanqincui
2025-08-08 11:54 ` Will Deacon [this message]
     [not found]   ` <3d4011c0.6aaa.198981027d7.Coremail.fanqincui@163.com>
2025-08-11  8:01     ` Marc Zyngier
2025-08-11  8:32       ` fanqincui
2025-08-11  8:55         ` Marc Zyngier
2025-08-11  9:57           ` fanqincui
2025-08-11 11:49             ` Marc Zyngier
2025-08-11 12:05       ` Will Deacon
2025-08-11 12:13         ` Mark Rutland

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aJXlegQfZTdimS3k@willie-the-truck \
    --to=will@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=cuifq1@chinatelecom.cn \
    --cc=fanqincui@163.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maz@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox