From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE1D9395DB7 for ; Mon, 6 Apr 2026 18:50:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775501435; cv=none; b=FYyD08J8pA4f7lOh811mlzwyrFK9BT9kGMVccsyFCqeXDrbPnQvxutS8JLdB+O6B6qPSMst+RX5GPHK1oSrqUXO3KNpt1Vo903qZrGYj1lcAPe6Is0cUrTrtrSz+qVu4aAnBsxlVLVgn4x2hHeFWKuUAOzR5mZuf6j6EGkTtl+w= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775501435; c=relaxed/simple; bh=+Nyb1e8zdiJwGD2eyvjV3Ua8oed1PtJ2SYHQkBs3gp4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FUqIrv96/CGdCD0XrNaRgd+iB8/c+s6MeDPOkvHqc0MbK31tM3gjUz4aRL7MU2xrQe0mUKdlaBdUxPQZ6JTcEoNap7NHqYuJibT7QyOUArKbGhrfgjsHxVjI+13ZjU8Cb4FfDOzVmzpcKSSqr2HvdP4+Sjz2eGO68xhUIsC2YoA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dylanbhatch.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=KL8iQ+tb; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dylanbhatch.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="KL8iQ+tb" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-82c613194caso2595561b3a.1 for ; Mon, 06 Apr 2026 11:50:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1775501433; x=1776106233; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=4f5UDmcibonmjOEiHrPfd3SDxe+C+ut81zyQMBFE3jI=; b=KL8iQ+tbrnYrh78jCLeudYgQtX7srb/EvtmqBzYC99UaXAdbA3EYrl2Xgr2NYBeShd /qdyxUeqX4ZWjf6QjBrVmGVRpiRNvbeg5y54fJFoRiEzgT3S2d7Ia7Wj2uG9m4Cf7mFX v1mnbWJEcVRQ/Z29uiI3WgiF/SrkTqDZLvxvjdGVPZdGlm86k/WYnLUScKfyqwdaeKe+ fraOF4WfNfTz7JjLeeShZ8kAlibAuXIRM0H4qKPkKRgP9v/mByFOSLlRaOYgg2VOZFvF 35Fvx+eLqpFPg8/h1uJbYuUUGk6d3j9iDK8Rh+cwLSup66CDtTfZYgzUWRMC5Sc2MAmk EPQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775501433; x=1776106233; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=4f5UDmcibonmjOEiHrPfd3SDxe+C+ut81zyQMBFE3jI=; b=F6Vaxh1VMxyvHmefM6dCClVwQNMxQ5SQGkWiGA1hA9S48L4P4G4lZH6/NdcUqk2r9A lioyvO+1C+XcPdaOeIcY9kqOfJMhuKVP95ohwhGam/Z6ZgSe3vPWqr3QUSdZ6ZRi5LB5 TcvvDWMouIOKHMdfolZ9jF+6jWd8wJFSFj1oxeVJowSQC9D6Wt+RnnwvqQd378qIbIKc QimM9lGEDAQBGVUOA2jr5Rdc4LczqXNGdgGasfiGa+yuhpGZysG1zkoYF/O7urUHGevh icgYBZ3kz4V5NApHYc8kNvL/xpTuXIcgZ8PeYx1YQNQukhk1f7pV02RuhXrOcsU90TtZ vnZA== X-Forwarded-Encrypted: i=1; AJvYcCWVyfyDwxiAk9wzImJNCkpDVMO5IaQzrVk1M2jVeXEsvDMcDeaUhn3/s1jfMqDPkQIJvOVB81kL8sAZHulphCG4@vger.kernel.org X-Gm-Message-State: AOJu0Yyl0RAKGkywyI0PPxNUDCSxE4FZVel/KIWYabbQA3kFIpefp8Eh 6NGouOX7kltSQeuR3upfkDvbVHkZXkSNBhlN/OGLn++qgwZt/YcnsHAU3+xkndZgL/I4X8ZnuBj L0Zp6DtOd98a8GFjt1cxwUbQoGg== X-Received: from pfob2.prod.google.com ([2002:aa7:8702:0:b0:829:880b:b4]) (user=dylanbhatch job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:bc0b:b0:82a:64c7:8c6d with SMTP id d2e1a72fcca58-82d0dacdbcemr13772509b3a.25.1775501432995; Mon, 06 Apr 2026 11:50:32 -0700 (PDT) Date: Mon, 6 Apr 2026 18:49:59 +0000 In-Reply-To: <20260406185000.1378082-1-dylanbhatch@google.com> Precedence: bulk X-Mailing-List: linux-toolchains@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260406185000.1378082-1-dylanbhatch@google.com> X-Mailer: git-send-email 2.53.0.1213.gd9a14994de-goog Message-ID: <20260406185000.1378082-8-dylanbhatch@google.com> Subject: [PATCH v3 7/8] sframe: Introduce in-kernel SFRAME_VALIDATION. From: Dylan Hatch To: Roman Gushchin , Weinan Liu , Will Deacon , Josh Poimboeuf , Indu Bhagat , Peter Zijlstra , Steven Rostedt , Catalin Marinas , Jiri Kosina Cc: Dylan Hatch , Mark Rutland , Prasanna Kumar T S M , Puranjay Mohan , Song Liu , joe.lawrence@redhat.com, linux-toolchains@vger.kernel.org, linux-kernel@vger.kernel.org, live-patching@vger.kernel.org, Jens Remus , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Generalize the __safe* helpers to support a non-user-access code path. Allow for kernel FDE read failures due to the presence of .rodata.text. This section contains code that can't be executed by the kernel direclty, and thus lies ouside the normal kernel-text bounds. Signed-off-by: Dylan Hatch --- arch/Kconfig | 2 +- kernel/unwind/sframe.c | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/arch/Kconfig b/arch/Kconfig index c87e489fa978..6e9f21231b98 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -503,7 +503,7 @@ config HAVE_UNWIND_USER_SFRAME config SFRAME_VALIDATION bool "Enable .sframe section debugging" - depends on HAVE_UNWIND_USER_SFRAME + depends on SFRAME_LOOKUP depends on DYNAMIC_DEBUG help When adding an .sframe section for a task, validate the entire diff --git a/kernel/unwind/sframe.c b/kernel/unwind/sframe.c index 180f64040846..7096e0a244b4 100644 --- a/kernel/unwind/sframe.c +++ b/kernel/unwind/sframe.c @@ -638,6 +638,9 @@ static int safe_read_fde(struct sframe_section *sec, { int ret; + if (sec->sec_type == SFRAME_KERNEL) + return __read_fde(sec, fde_num, fde); + if (!user_read_access_begin((void __user *)sec->sframe_start, sec->sframe_end - sec->sframe_start)) return -EFAULT; @@ -653,6 +656,9 @@ static int safe_read_fre(struct sframe_section *sec, { int ret; + if (sec->sec_type == SFRAME_KERNEL) + return __read_fre(sec, fde, fre_addr, fre); + if (!user_read_access_begin((void __user *)sec->sframe_start, sec->sframe_end - sec->sframe_start)) return -EFAULT; @@ -667,6 +673,9 @@ static int safe_read_fre_datawords(struct sframe_section *sec, { int ret; + if (sec->sec_type == SFRAME_KERNEL) + return __read_fre_datawords(sec, fde, fre); + if (!user_read_access_begin((void __user *)sec->sframe_start, sec->sframe_end - sec->sframe_start)) return -EFAULT; @@ -690,6 +699,13 @@ static int sframe_validate_section(struct sframe_section *sec) int ret; ret = safe_read_fde(sec, i, &fde); + /* + * Code in .rodata.text is not considered part of normal kernel + * text, but there is no easy way to prevent sframe data from + * being generated for it. + */ + if (ret && sec->sec_type == SFRAME_KERNEL) + continue; if (ret) return ret; @@ -1015,6 +1031,8 @@ void __init init_sframe_table(void) if (WARN_ON(sframe_read_header(&kernel_sfsec))) return; + if (WARN_ON(sframe_validate_section(&kernel_sfsec))) + return; sframe_init = true; } @@ -1032,6 +1050,8 @@ void sframe_module_init(struct module *mod, void *sframe, size_t sframe_size, if (WARN_ON(sframe_read_header(&sec))) return; + if (WARN_ON(sframe_validate_section(&sec))) + return; mod->arch.sframe_sec = sec; mod->arch.sframe_init = true; -- 2.53.0.1213.gd9a14994de-goog