From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1CBDDC41604 for ; Tue, 6 Oct 2020 16:50:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B2AE5206F7 for ; Tue, 6 Oct 2020 16:50:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1602003021; bh=fUDOPjppDFzL87N9Dd1uJ0Zglfzl2ngSEmYFW2hqeck=; h=From:To:Cc:Subject:Date:List-ID:From; b=LkEYLa1bu560zpwzOXaJFNuBEwgQ7ZGRx1Xnbx39u57Itwj/Gw0QCUlXzx+G1VNC5 GGhE1O2FBKX31Rut9rotZIj3C7vM4kBJEb5T8BJR74pbL4P9ggMZMZRiACxUDwYBr4 qWKUhW3uZnOhi8dikfr5yqv2YV7Ea1phRvkAG2n0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726060AbgJFQuU (ORCPT ); Tue, 6 Oct 2020 12:50:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:33410 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725769AbgJFQuU (ORCPT ); Tue, 6 Oct 2020 12:50:20 -0400 Received: from localhost.localdomain (89.208.247.74.16clouds.com [89.208.247.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A67FB206DD; Tue, 6 Oct 2020 16:50:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1602003019; bh=fUDOPjppDFzL87N9Dd1uJ0Zglfzl2ngSEmYFW2hqeck=; h=From:To:Cc:Subject:Date:From; b=UZAVeNEYd9XfC/QRn/EDII23lJPw4vwE3gtJnkVy9XlEDGbsQCGdwkdM6gexm1eY/ XU1QQ6nBLRbOzCosJS6vhN67eVOrLdwi4+or/zvb4evQG0NjwaBayH5W/ARHW0KhUr RLII8DvytlrmPR6RSg0m2jfB9QkSICEWrpO9y3JI= From: guoren@kernel.org To: palmerdabbelt@google.com Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, Guo Ren , Atish Patra , Andreas Schwab Subject: [PATCH] riscv: Fixup bootup failure with HARDENED_USERCOPY Date: Tue, 6 Oct 2020 16:49:33 +0000 Message-Id: <1602002973-92934-1-git-send-email-guoren@kernel.org> X-Mailer: git-send-email 2.7.4 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Guo Ren As Aurelien has reported: [ 3.484586] AppArmor: AppArmor sha1 policy hashing enabled [ 4.749835] Freeing unused kernel memory: 492K [ 4.752017] Run /init as init process [ 4.753571] usercopy: Kernel memory overwrite attempt detected to kernel text (offset 507879, size 11)! [ 4.754838] ------------[ cut here ]------------ [ 4.755651] kernel BUG at mm/usercopy.c:99! [ 4.756445] Kernel BUG [#1] [ 4.756815] Modules linked in: [ 4.757542] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.8.0-1-riscv64 #1 Debian 5.8.7-1 [ 4.758372] epc: ffffffe0003b5120 ra : ffffffe0003b5120 sp : ffffffe07f783ca0 [ 4.758960] gp : ffffffe000cc7230 tp : ffffffe07f77cec0 t0 : ffffffe000cdafc0 [ 4.759772] t1 : 0000000000000064 t2 : 0000000000000000 s0 : ffffffe07f783cf0 [ 4.760534] s1 : ffffffe00095d780 a0 : 000000000000005b a1 : 0000000000000020 [ 4.761309] a2 : 0000000000000005 a3 : 0000000000000000 a4 : ffffffe000c1f340 [ 4.761848] a5 : ffffffe000c1f340 a6 : 0000000000000000 a7 : 0000000000000087 [ 4.762684] s2 : ffffffe000941848 s3 : 000000000007bfe7 s4 : 000000000000000b [ 4.763500] s5 : 0000000000000000 s6 : ffffffe00091cc00 s7 : fffffffffffff000 [ 4.764376] s8 : 0000003ffffff000 s9 : ffffffe0769f3200 s10: 000000000000000b [ 4.765208] s11: ffffffe07d548c40 t3 : 0000000000000000 t4 : 000000000001dcd0 [ 4.766059] t5 : ffffffe000cc8510 t6 : ffffffe000cd64aa [ 4.766712] status: 0000000000000120 badaddr: 0000000000000000 cause: 0000000000000003 [ 4.768308] ---[ end trace 1f8e733e834d4c3e ]--- [ 4.769129] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 4.770070] SMP: stopping secondary CPUs [ 4.771110] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]--- Above failure is relate to commit: a0fa4027dc911 (riscv: Fixup static_obj() fail). When we expand static_obj include INIT_DATA, we also include INIT_TEXT into usercopy check kernel text: /* Is this address range in the kernel text area? */ static inline void check_kernel_text_object(const unsigned long ptr, unsigned long n, bool to_user) { unsigned long textlow = (unsigned long)_stext; unsigned long texthigh = (unsigned long)_etext; unsigned long textlow_linear, texthigh_linear; if (overlaps(ptr, n, textlow, texthigh)) usercopy_abort("kernel text", NULL, to_user, ptr - textlow, n); When INIT_TEXT/DATA are freed, new allocation will reuse these memory and overlaps check will be triggered. The patch met static_obj and check_kernel_text_object requirements. Link: https://lore.kernel.org/linux-riscv/1593266228-61125-1-git-send-email-guoren@kernel.org/T/#t Signed-off-by: Guo Ren Reported-by: Aurelien Jarno Tested-by: Aurelien Jarno Cc: Palmer Dabbelt Cc: Atish Patra Cc: Andreas Schwab --- arch/riscv/kernel/vmlinux.lds.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S index f3586e3..34d00d9 100644 --- a/arch/riscv/kernel/vmlinux.lds.S +++ b/arch/riscv/kernel/vmlinux.lds.S @@ -22,13 +22,11 @@ SECTIONS /* Beginning of code and text segment */ . = LOAD_OFFSET; _start = .; - _stext = .; HEAD_TEXT_SECTION . = ALIGN(PAGE_SIZE); __init_begin = .; INIT_TEXT_SECTION(PAGE_SIZE) - INIT_DATA_SECTION(16) . = ALIGN(8); __soc_early_init_table : { __soc_early_init_table_start = .; @@ -55,6 +53,7 @@ SECTIONS . = ALIGN(SECTION_ALIGN); .text : { _text = .; + _stext = .; TEXT_TEXT SCHED_TEXT CPUIDLE_TEXT @@ -67,6 +66,8 @@ SECTIONS _etext = .; } + INIT_DATA_SECTION(16) + /* Start of data section */ _sdata = .; RO_DATA(SECTION_ALIGN) -- 2.7.4