[PATCH] arm64/module: Support for patching modules during runtime
Will Deacon
will at kernel.org
Fri Aug 8 04:54:34 PDT 2025
On Thu, Aug 07, 2025 at 03:27:00AM -0400, fanqincui at 163.com wrote:
> From: Fanqin Cui <cuifq1 at chinatelecom.cn>
>
> If use the ALTERNATIVE_CB interface in a kernel module to
> patch code, the kernel will crash. The relevant log is as follows:
>
> Mem abort info:
> ESR = 0x000000008600000f
> EC = 0x21: IABT (current EL), IL = 32 bits
> SET = 0, FnV = 0
> EA = 0, S1PTW = 0
> FSC = 0x0f: level 3 permission fault
> swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000013cfbed000
> [ffff80007b0b0000] pgd=0000000000000000, p4d=10000013d0d03003,
> pud=1000000103175403, pmd=1000000115804403, pte=0068000116b77703
> Internal error: Oops: 000000008600000f [#1] SMP
>
> Call trace:
> 0xffff80007b0b0000 (P)
> apply_alternatives_module+0x48/0x7c
> module_finalize+0xc0/0x134
> load_module+0x15c0/0x1c08
> init_module_from_file+0x8c/0xcc
> __arm64_sys_finit_module+0x1c0/0x2d4
> invoke_syscall+0x48/0x110
> el0_svc_common.constprop.0+0xc0/0xe0
> do_el0_svc+0x1c/0x28
> el0_svc+0x34/0xf0
> el0t_64_sync_handler+0xa0/0xe4
> el0t_64_sync+0x198/0x19c
> Code: 00000000 00000000 00000000 00000000 (d503233f)
> ---[ end trace 0000000000000000 ]---
>
> To avoid this problem, this commit supports add a new section.
> When the module is loading, this section will be found and the
> page table attributes will be set to executable state in advance.
>
> Signed-off-by: Fanqin Cui <cuifq1 at chinatelecom.cn>
> ---
> arch/arm64/kernel/module.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c
> index 40148d2725ce..2160b2877935 100644
> --- a/arch/arm64/kernel/module.c
> +++ b/arch/arm64/kernel/module.c
> @@ -24,6 +24,7 @@
> #include <asm/scs.h>
> #include <asm/sections.h>
> #include <asm/text-patching.h>
> +#include <asm-generic/set_memory.h>
>
> enum aarch64_reloc_op {
> RELOC_OP_NONE,
> @@ -477,6 +478,9 @@ int module_finalize(const Elf_Ehdr *hdr,
> const Elf_Shdr *s;
> int ret;
>
> + s = find_section(hdr, sechdrs, ".text.alternative_cb");
> + if (s && s->sh_size > PAGE_SIZE && PAGE_ALIGNED(s->sh_addr))
> + set_memory_x(s->sh_addr, s->sh_size >> PAGE_SHIFT);
Hmm, so the alternatives callback function lives in the module itself?
Which module does that? I'm a bit nervous about running module code
before the module has actually finished loading...
Does layout_sections() correctly map '.text.alternative_cb' as
executable later on?
Will
More information about the linux-arm-kernel
mailing list