diff options
Diffstat (limited to '0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch')
| -rw-r--r-- | 0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch b/0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch deleted file mode 100644 index 27784b501..000000000 --- a/0001-arm64-Fix-text-patching-logic-when-using-fixmap.patch +++ /dev/null @@ -1,68 +0,0 @@ -From a79ebe4eb65331733803df4a7fd634d3b709af7b Mon Sep 17 00:00:00 2001 -From: Marc Zyngier <marc.zyngier@arm.com> -Date: Tue, 24 Feb 2015 16:30:21 +0000 -Subject: [PATCH] arm64: Fix text patching logic when using fixmap - -Patch 2f896d586610 ("arm64: use fixmap for text patching") changed -the way we patch the kernel text, using a fixmap when the kernel or -modules are flagged as read only. - -Unfortunately, a flaw in the logic makes it fall over when patching -modules without CONFIG_DEBUG_SET_MODULE_RONX enabled: - -[...] -[ 32.032636] Call trace: -[ 32.032716] [<fffffe00003da0dc>] __copy_to_user+0x2c/0x60 -[ 32.032837] [<fffffe0000099f08>] __aarch64_insn_write+0x94/0xf8 -[ 32.033027] [<fffffe000009a0a0>] aarch64_insn_patch_text_nosync+0x18/0x58 -[ 32.033200] [<fffffe000009c3ec>] ftrace_modify_code+0x58/0x84 -[ 32.033363] [<fffffe000009c4e4>] ftrace_make_nop+0x3c/0x58 -[ 32.033532] [<fffffe0000164420>] ftrace_process_locs+0x3d0/0x5c8 -[ 32.033709] [<fffffe00001661cc>] ftrace_module_init+0x28/0x34 -[ 32.033882] [<fffffe0000135148>] load_module+0xbb8/0xfc4 -[ 32.034044] [<fffffe0000135714>] SyS_finit_module+0x94/0xc4 -[...] - -This is triggered by the use of virt_to_page() on a module address, -which ends to pointing to Nowhereland if you're lucky, or corrupt -your precious data if not. - -This patch fixes the logic by mimicking what is done on arm: -- If we're patching a module and CONFIG_DEBUG_SET_MODULE_RONX is set, - use vmalloc_to_page(). -- If we're patching the kernel and CONFIG_DEBUG_RODATA is set, - use virt_to_page(). -- Otherwise, use the provided address, as we can write to it directly. - -Tested on 4.0-rc1 as a KVM guest. - -Reported-by: Richard W.M. Jones <rjones@redhat.com> -Cc: Kees Cook <keescook@chromium.org> -Cc: Mark Rutland <mark.rutland@arm.com> -Cc: Laura Abbott <lauraa@codeaurora.org> -Cc: Catalin Marinas <catalin.marinas@arm.com> -Cc: Will Deacon <will.deacon@arm.com> -Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> ---- - arch/arm64/kernel/insn.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/arch/arm64/kernel/insn.c b/arch/arm64/kernel/insn.c -index 27d4864..c8eca88 100644 ---- a/arch/arm64/kernel/insn.c -+++ b/arch/arm64/kernel/insn.c -@@ -87,8 +87,10 @@ static void __kprobes *patch_map(void *addr, int fixmap) - - if (module && IS_ENABLED(CONFIG_DEBUG_SET_MODULE_RONX)) - page = vmalloc_to_page(addr); -- else -+ else if (!module && IS_ENABLED(CONFIG_DEBUG_RODATA)) - page = virt_to_page(addr); -+ else -+ return addr; - - BUG_ON(!page); - set_fixmap(fixmap, page_to_phys(page)); --- -2.3.0 - |