1. Patchew
  2. linux
  3. View series

[PATCH] arm64/module: Support for patching modules during runtime

fanqincui@163.com posted 1 patch 1 month, 4 weeks ago 
arch/arm64/kernel/module.c | 4 ++++
1 file changed, 4 insertions(+)
[PATCH] arm64/module: Support for patching modules during runtime
Posted by fanqincui@163.com 1 month, 4 weeks ago 
From: Fanqin Cui <cuifq1@chinatelecom.cn>

If use the ALTERNATIVE_CB interface in a kernel module to
patch code, the kernel will crash. The relevant log is as follows:

 Mem abort info:
   ESR = 0x000000008600000f
   EC = 0x21: IABT (current EL), IL = 32 bits
   SET = 0, FnV = 0
   EA = 0, S1PTW = 0
   FSC = 0x0f: level 3 permission fault
 swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000013cfbed000
 [ffff80007b0b0000] pgd=0000000000000000, p4d=10000013d0d03003,
pud=1000000103175403, pmd=1000000115804403, pte=0068000116b77703
 Internal error: Oops: 000000008600000f [#1]  SMP

 Call trace:
  0xffff80007b0b0000 (P)
  apply_alternatives_module+0x48/0x7c
  module_finalize+0xc0/0x134
  load_module+0x15c0/0x1c08
  init_module_from_file+0x8c/0xcc
  __arm64_sys_finit_module+0x1c0/0x2d4
  invoke_syscall+0x48/0x110
  el0_svc_common.constprop.0+0xc0/0xe0
  do_el0_svc+0x1c/0x28
  el0_svc+0x34/0xf0
  el0t_64_sync_handler+0xa0/0xe4
  el0t_64_sync+0x198/0x19c
 Code: 00000000 00000000 00000000 00000000 (d503233f)
 ---[ end trace 0000000000000000 ]---

To avoid this problem, this commit supports add a new section.
When the module is loading, this section will be found and the
page table attributes will be set to executable state in advance.

Signed-off-by: Fanqin Cui <cuifq1@chinatelecom.cn>
---
 arch/arm64/kernel/module.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c
index 40148d2725ce..2160b2877935 100644
--- a/arch/arm64/kernel/module.c
+++ b/arch/arm64/kernel/module.c
@@ -24,6 +24,7 @@
 #include <asm/scs.h>
 #include <asm/sections.h>
 #include <asm/text-patching.h>
+#include <asm-generic/set_memory.h>
 
 enum aarch64_reloc_op {
 	RELOC_OP_NONE,
@@ -477,6 +478,9 @@ int module_finalize(const Elf_Ehdr *hdr,
 	const Elf_Shdr *s;
 	int ret;
 
+	s = find_section(hdr, sechdrs, ".text.alternative_cb");
+	if (s && s->sh_size > PAGE_SIZE && PAGE_ALIGNED(s->sh_addr))
+		set_memory_x(s->sh_addr, s->sh_size >> PAGE_SHIFT);
 	s = find_section(hdr, sechdrs, ".altinstructions");
 	if (s)
 		apply_alternatives_module((void *)s->sh_addr, s->sh_size);
-- 
2.27.0
Re: [PATCH] arm64/module: Support for patching modules during runtime
Posted by Will Deacon 1 month, 3 weeks ago 
On Thu, Aug 07, 2025 at 03:27:00AM -0400, fanqincui@163.com wrote:
> From: Fanqin Cui <cuifq1@chinatelecom.cn>
> 
> If use the ALTERNATIVE_CB interface in a kernel module to
> patch code, the kernel will crash. The relevant log is as follows:
> 
>  Mem abort info:
>    ESR = 0x000000008600000f
>    EC = 0x21: IABT (current EL), IL = 32 bits
>    SET = 0, FnV = 0
>    EA = 0, S1PTW = 0
>    FSC = 0x0f: level 3 permission fault
>  swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000013cfbed000
>  [ffff80007b0b0000] pgd=0000000000000000, p4d=10000013d0d03003,
> pud=1000000103175403, pmd=1000000115804403, pte=0068000116b77703
>  Internal error: Oops: 000000008600000f [#1]  SMP
> 
>  Call trace:
>   0xffff80007b0b0000 (P)
>   apply_alternatives_module+0x48/0x7c
>   module_finalize+0xc0/0x134
>   load_module+0x15c0/0x1c08
>   init_module_from_file+0x8c/0xcc
>   __arm64_sys_finit_module+0x1c0/0x2d4
>   invoke_syscall+0x48/0x110
>   el0_svc_common.constprop.0+0xc0/0xe0
>   do_el0_svc+0x1c/0x28
>   el0_svc+0x34/0xf0
>   el0t_64_sync_handler+0xa0/0xe4
>   el0t_64_sync+0x198/0x19c
>  Code: 00000000 00000000 00000000 00000000 (d503233f)
>  ---[ end trace 0000000000000000 ]---
> 
> To avoid this problem, this commit supports add a new section.
> When the module is loading, this section will be found and the
> page table attributes will be set to executable state in advance.
> 
> Signed-off-by: Fanqin Cui <cuifq1@chinatelecom.cn>
> ---
>  arch/arm64/kernel/module.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c
> index 40148d2725ce..2160b2877935 100644
> --- a/arch/arm64/kernel/module.c
> +++ b/arch/arm64/kernel/module.c
> @@ -24,6 +24,7 @@
>  #include <asm/scs.h>
>  #include <asm/sections.h>
>  #include <asm/text-patching.h>
> +#include <asm-generic/set_memory.h>
>  
>  enum aarch64_reloc_op {
>  	RELOC_OP_NONE,
> @@ -477,6 +478,9 @@ int module_finalize(const Elf_Ehdr *hdr,
>  	const Elf_Shdr *s;
>  	int ret;
>  
> +	s = find_section(hdr, sechdrs, ".text.alternative_cb");
> +	if (s && s->sh_size > PAGE_SIZE && PAGE_ALIGNED(s->sh_addr))
> +		set_memory_x(s->sh_addr, s->sh_size >> PAGE_SHIFT);

Hmm, so the alternatives callback function lives in the module itself?
Which module does that? I'm a bit nervous about running module code
before the module has actually finished loading...

Does layout_sections() correctly map '.text.alternative_cb' as
executable later on?

Will

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.