From patchwork Tue Oct 6 16:49:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guo Ren X-Patchwork-Id: 11819003 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 35CFD139A for ; Tue, 6 Oct 2020 16:50:28 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EC83A206DD for ; Tue, 6 Oct 2020 16:50:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="B09d2UnM"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="UZAVeNEY" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EC83A206DD Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-riscv-bounces+patchwork-linux-riscv=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:MIME-Version:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=pc6rsOG1Y2ftxnI+yy5/PBIhoUjjVPFyoR7/1DEy7Yg=; b=B09d2UnMKWL9HgpMgYASOc8lKh pR6FRfbxO0xCEteeThqDAHu9M8g6AtxI8yug0MmfXEN+9/D9hv5JR1tzepHcdoBXMtWwwTUNeNK6B fA6kyHn8x4wjZD8I1tp31L5TAaDYlwBkmENccqCrN7AQ4qlayOAm1nR9PqsDnNP/xctQb5vqsNKxW g5keWa7bOdHE4MIXpYg0FuEzEAV+EwDJSDq9xa0nBjBkUKRm7nuEUwRjSc7m56Gm8LDwXw24Eu2dH l6Hk7+KWsxNyW3EB3C6Tk/vLRii8Xvg1+WxSUHnwj9Wf8Z66wH1phsdYKxvYfCyfvqUUmeQB2375v GskXGnaA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kPqAS-0001Af-Hn; Tue, 06 Oct 2020 16:50:24 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kPqAP-0001A8-Eo for linux-riscv@lists.infradead.org; Tue, 06 Oct 2020 16:50:22 +0000 Received: from localhost.localdomain (89.208.247.74.16clouds.com [89.208.247.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A67FB206DD; Tue, 6 Oct 2020 16:50:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1602003019; bh=fUDOPjppDFzL87N9Dd1uJ0Zglfzl2ngSEmYFW2hqeck=; h=From:To:Cc:Subject:Date:From; b=UZAVeNEYd9XfC/QRn/EDII23lJPw4vwE3gtJnkVy9XlEDGbsQCGdwkdM6gexm1eY/ XU1QQ6nBLRbOzCosJS6vhN67eVOrLdwi4+or/zvb4evQG0NjwaBayH5W/ARHW0KhUr RLII8DvytlrmPR6RSg0m2jfB9QkSICEWrpO9y3JI= From: guoren@kernel.org To: palmerdabbelt@google.com Subject: [PATCH] riscv: Fixup bootup failure with HARDENED_USERCOPY Date: Tue, 6 Oct 2020 16:49:33 +0000 Message-Id: <1602002973-92934-1-git-send-email-guoren@kernel.org> X-Mailer: git-send-email 2.7.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201006_125021_631487_D9F89876 X-CRM114-Status: GOOD ( 14.08 ) X-Spam-Score: -5.9 (-----) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-5.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/, high trust [198.145.29.99 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.7 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-riscv@lists.infradead.org, Guo Ren , Andreas Schwab , linux-kernel@vger.kernel.org, Atish Patra MIME-Version: 1.0 Sender: "linux-riscv" Errors-To: linux-riscv-bounces+patchwork-linux-riscv=patchwork.kernel.org@lists.infradead.org From: Guo Ren As Aurelien has reported: [ 3.484586] AppArmor: AppArmor sha1 policy hashing enabled [ 4.749835] Freeing unused kernel memory: 492K [ 4.752017] Run /init as init process [ 4.753571] usercopy: Kernel memory overwrite attempt detected to kernel text (offset 507879, size 11)! [ 4.754838] ------------[ cut here ]------------ [ 4.755651] kernel BUG at mm/usercopy.c:99! [ 4.756445] Kernel BUG [#1] [ 4.756815] Modules linked in: [ 4.757542] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.8.0-1-riscv64 #1 Debian 5.8.7-1 [ 4.758372] epc: ffffffe0003b5120 ra : ffffffe0003b5120 sp : ffffffe07f783ca0 [ 4.758960] gp : ffffffe000cc7230 tp : ffffffe07f77cec0 t0 : ffffffe000cdafc0 [ 4.759772] t1 : 0000000000000064 t2 : 0000000000000000 s0 : ffffffe07f783cf0 [ 4.760534] s1 : ffffffe00095d780 a0 : 000000000000005b a1 : 0000000000000020 [ 4.761309] a2 : 0000000000000005 a3 : 0000000000000000 a4 : ffffffe000c1f340 [ 4.761848] a5 : ffffffe000c1f340 a6 : 0000000000000000 a7 : 0000000000000087 [ 4.762684] s2 : ffffffe000941848 s3 : 000000000007bfe7 s4 : 000000000000000b [ 4.763500] s5 : 0000000000000000 s6 : ffffffe00091cc00 s7 : fffffffffffff000 [ 4.764376] s8 : 0000003ffffff000 s9 : ffffffe0769f3200 s10: 000000000000000b [ 4.765208] s11: ffffffe07d548c40 t3 : 0000000000000000 t4 : 000000000001dcd0 [ 4.766059] t5 : ffffffe000cc8510 t6 : ffffffe000cd64aa [ 4.766712] status: 0000000000000120 badaddr: 0000000000000000 cause: 0000000000000003 [ 4.768308] ---[ end trace 1f8e733e834d4c3e ]--- [ 4.769129] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 4.770070] SMP: stopping secondary CPUs [ 4.771110] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]--- Above failure is relate to commit: a0fa4027dc911 (riscv: Fixup static_obj() fail). When we expand static_obj include INIT_DATA, we also include INIT_TEXT into usercopy check kernel text: /* Is this address range in the kernel text area? */ static inline void check_kernel_text_object(const unsigned long ptr, unsigned long n, bool to_user) { unsigned long textlow = (unsigned long)_stext; unsigned long texthigh = (unsigned long)_etext; unsigned long textlow_linear, texthigh_linear; if (overlaps(ptr, n, textlow, texthigh)) usercopy_abort("kernel text", NULL, to_user, ptr - textlow, n); When INIT_TEXT/DATA are freed, new allocation will reuse these memory and overlaps check will be triggered. The patch met static_obj and check_kernel_text_object requirements. Link: https://lore.kernel.org/linux-riscv/1593266228-61125-1-git-send-email-guoren@kernel.org/T/#t Signed-off-by: Guo Ren Reported-by: Aurelien Jarno Tested-by: Aurelien Jarno Cc: Palmer Dabbelt Cc: Atish Patra Cc: Andreas Schwab --- arch/riscv/kernel/vmlinux.lds.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S index f3586e3..34d00d9 100644 --- a/arch/riscv/kernel/vmlinux.lds.S +++ b/arch/riscv/kernel/vmlinux.lds.S @@ -22,13 +22,11 @@ SECTIONS /* Beginning of code and text segment */ . = LOAD_OFFSET; _start = .; - _stext = .; HEAD_TEXT_SECTION . = ALIGN(PAGE_SIZE); __init_begin = .; INIT_TEXT_SECTION(PAGE_SIZE) - INIT_DATA_SECTION(16) . = ALIGN(8); __soc_early_init_table : { __soc_early_init_table_start = .; @@ -55,6 +53,7 @@ SECTIONS . = ALIGN(SECTION_ALIGN); .text : { _text = .; + _stext = .; TEXT_TEXT SCHED_TEXT CPUIDLE_TEXT @@ -67,6 +66,8 @@ SECTIONS _etext = .; } + INIT_DATA_SECTION(16) + /* Start of data section */ _sdata = .; RO_DATA(SECTION_ALIGN)