From patchwork Wed Dec 6 16:54:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexandre Ghiti X-Patchwork-Id: 174674 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp4236780vqy; Wed, 6 Dec 2023 08:55:09 -0800 (PST) X-Google-Smtp-Source: AGHT+IGmxs0fLvl27WkmeImzieU8kEf++aaFEG/xEqr28D01uTmzy9b2Gtcwh890zNMIsYOE1Zou X-Received: by 2002:a05:6a20:7f98:b0:18f:97c:8a33 with SMTP id d24-20020a056a207f9800b0018f097c8a33mr1613371pzj.94.1701881708810; Wed, 06 Dec 2023 08:55:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701881708; cv=none; d=google.com; s=arc-20160816; b=abZ6AZb8CoFM/xUBbozPaFVadMHCSQrUO/kXbiQDTVq5OS6aXbdckeOORqbFn7xeP9 0836onGF+lDEOToZ5ftbwYoVGTtloCP62cBlrhAlSDa+zmDkA62J2DcRx28Is0Udu3Ui ez2erzUdj09J0pjNTBR9/cFBzIOV/PLqGZCtSR84Ke7Rlj5TUyA8tK8n0RUyIR6qNmlP Swldox/mixeAYH7zK8NPTR6VkDBLlBYUCahFza80u8asvf7qxWp3mJ36Kh2+IhLQCdop +im81i5I1UZxSAvLutUMySsPLiozi19tM9huAT7D/4wnFNAnBUdzhD72SSGgjBL6VjOU psnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=11Qvm73V/R4oS4z1zzbUqHU36xrwvK0hc2TtJL/D01A=; fh=OXDo4GnjCmURhot/ltn77oQiX6y+HNZ7W/dc5HH+pWw=; b=BkYwRCZ17LhdDdvYeQDzHYUgfPtincYCEI30Xoa3Hta9k6nrrJmp7CFo7RS5m1nmv1 lrW2ft7rLXK2elhLunDGjK43RFESOrJaBKM636zV0xNKrfUXEYiEUXNV5AWOdKkyyZkD WfsHkB7nbpZQlNUkbByNO1uPHvW7yplWP4XDk/omvB3TmcmKKellEsQO/Q+AelvmHYp1 Zk7wlbBos5LwOCMZj4pMJlWF/8dWQ9nAQLczyNTlfXCT+7lKPTNmOHYD2motWtJDOAHa caLjbBt3rxJ51a4dhPUS3Z3MpooWINlegZC5TibD+iU1024g6iNircX/0kK9csOXlqhZ sNYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b="Q2xpQM7/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id jc23-20020a056a006c9700b006ce78530015si219525pfb.129.2023.12.06.08.55.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Dec 2023 08:55:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b="Q2xpQM7/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 4E59280941C5; Wed, 6 Dec 2023 08:55:07 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1442621AbjLFQy5 (ORCPT + 99 others); Wed, 6 Dec 2023 11:54:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35840 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379719AbjLFQy4 (ORCPT ); Wed, 6 Dec 2023 11:54:56 -0500 Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 03CF0D4E for ; Wed, 6 Dec 2023 08:55:02 -0800 (PST) Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-332d5c852a0so993366f8f.3 for ; Wed, 06 Dec 2023 08:55:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1701881700; x=1702486500; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=11Qvm73V/R4oS4z1zzbUqHU36xrwvK0hc2TtJL/D01A=; b=Q2xpQM7/SePVQLCLgneWl/RfzS4khoExkdozP89U1ALawV6MKouCxR+CJDN5q7LlEx QO2Pxj05+lqDH9mCp2d+In8KAJJ584MMqB+wmG6/qOF25gjORvMXi90tjAxf0IXesu7C lkm/DvK66Z0dQxeN5Z7Isbyc9pMY8YqDt5P8JLk1wkdn1awU5Mwwji8K+K28D4emAYUM 46OSwS1E73VEXf7nreoSV1Q+eIypGpH9IsErV+KOhn+CqcFyKXj6/Hd+jGqH1HNW+FNA oW6hL49wGvbtHRhffvcP9vZvwqvKMj+om0cqYC/q0cz3m6ieX19zt7MDM1Qibot5lTQJ cPWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701881700; x=1702486500; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=11Qvm73V/R4oS4z1zzbUqHU36xrwvK0hc2TtJL/D01A=; b=kfNCWVL3fjUUiH6un+vz/bnhPubk6H73AiBTCsB+wW/EFeePXU6QTU8oLLgH2hVbQe rMib0ry5HVL+lFXKFhI/s+bbCSQHYI+4E7n7bQi7cTrl/ggCctIVehRfQOIIeycpc7wL J7Sg4dT9OBfQNzIiQ+XK3QfYwEmrhqT73XDN1g51tOXtJq9GZYiTaItjRa12jzYRWpRn KCYcaFQjxQfSuVeGXHhBhRyfamY2HSE12CWqvGwBGwE6/nMkfiWN3ycLev1w3y9Y4wpX LeNYfG5pImdUPZ/+v9uFJFgC4OJQ+Z+9zG8cgvpJAfznnLB0RTxZDDYaLTfy8Og6Fyz7 qZQg== X-Gm-Message-State: AOJu0YxkFu9UJps53sAR45I+spgT79JICi8Y7hkNKRQlehi1YoL0woTI owmQ/tLdvrtOF756YG68q6f02w== X-Received: by 2002:adf:a3cc:0:b0:333:10f6:29c8 with SMTP id m12-20020adfa3cc000000b0033310f629c8mr1093444wrb.20.1701881700471; Wed, 06 Dec 2023 08:55:00 -0800 (PST) Received: from alex-rivos.ba.rivosinc.com (amontpellier-656-1-456-62.w92-145.abo.wanadoo.fr. [92.145.124.62]) by smtp.gmail.com with ESMTPSA id g9-20020a5d5409000000b0033349de2622sm108599wrv.94.2023.12.06.08.55.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Dec 2023 08:55:00 -0800 (PST) From: Alexandre Ghiti To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Zong Li , linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org Cc: Alexandre Ghiti , syzbot+2c2a76232878c44e0eae@syzkaller.appspotmail.com Subject: [PATCH -fixes] riscv: Check if the code to patch lies in the exit section Date: Wed, 6 Dec 2023 17:54:58 +0100 Message-Id: <20231206165458.40610-1-alexghiti@rivosinc.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 06 Dec 2023 08:55:07 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1784552314861891697 X-GMAIL-MSGID: 1784552314861891697 Otherwise we fall through to vmalloc_to_page() which panics since the address does not lie in the vmalloc region. Fixes: 043cb41a85de ("riscv: introduce interfaces to patch kernel code") Reported-by: syzbot+2c2a76232878c44e0eae@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000ce4a27060b39ed34@google.com/T/ Signed-off-by: Alexandre Ghiti --- arch/riscv/include/asm/sections.h | 1 + arch/riscv/kernel/patch.c | 11 ++++++++++- arch/riscv/kernel/vmlinux.lds.S | 2 ++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/arch/riscv/include/asm/sections.h b/arch/riscv/include/asm/sections.h index 32336e8a17cb..a393d5035c54 100644 --- a/arch/riscv/include/asm/sections.h +++ b/arch/riscv/include/asm/sections.h @@ -13,6 +13,7 @@ extern char _start_kernel[]; extern char __init_data_begin[], __init_data_end[]; extern char __init_text_begin[], __init_text_end[]; extern char __alt_start[], __alt_end[]; +extern char __exittext_begin[], __exittext_end[]; static inline bool is_va_kernel_text(uintptr_t va) { diff --git a/arch/riscv/kernel/patch.c b/arch/riscv/kernel/patch.c index 13ee7bf589a1..37e87fdcf6a0 100644 --- a/arch/riscv/kernel/patch.c +++ b/arch/riscv/kernel/patch.c @@ -14,6 +14,7 @@ #include #include #include +#include struct patch_insn { void *addr; @@ -25,6 +26,14 @@ struct patch_insn { int riscv_patch_in_stop_machine = false; #ifdef CONFIG_MMU + +static inline bool is_kernel_exittext(uintptr_t addr) +{ + return system_state < SYSTEM_RUNNING && + addr >= (uintptr_t)__exittext_begin && + addr < (uintptr_t)__exittext_end; +} + /* * The fix_to_virt(, idx) needs a const value (not a dynamic variable of * reg-a0) or BUILD_BUG_ON failed with "idx >= __end_of_fixed_addresses". @@ -35,7 +44,7 @@ static __always_inline void *patch_map(void *addr, const unsigned int fixmap) uintptr_t uintaddr = (uintptr_t) addr; struct page *page; - if (core_kernel_text(uintaddr)) + if (core_kernel_text(uintaddr) || is_kernel_exittext(uintaddr)) page = phys_to_page(__pa_symbol(addr)); else if (IS_ENABLED(CONFIG_STRICT_MODULE_RWX)) page = vmalloc_to_page(addr); diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S index 492dd4b8f3d6..002ca58dd998 100644 --- a/arch/riscv/kernel/vmlinux.lds.S +++ b/arch/riscv/kernel/vmlinux.lds.S @@ -69,10 +69,12 @@ SECTIONS __soc_builtin_dtb_table_end = .; } /* we have to discard exit text and such at runtime, not link time */ + __exittext_begin = .; .exit.text : { EXIT_TEXT } + __exittext_end = .; __init_text_end = .; . = ALIGN(SECTION_ALIGN);