On Thursday 03/07 at 14:43 +0000, Christophe Leroy wrote: > Hi Calvin, > > Le 06/03/2024 à 21:05, Calvin Owens a écrit : > > [Vous ne recevez pas souvent de courriers de jcalvinow...@gmail.com. > > Découvrez pourquoi ceci est important à > > https://aka.ms/LearnAboutSenderIdentification ] > > > > Both BPF_JIT and KPROBES depend on CONFIG_MODULES, but only require > > module_alloc() itself, which can be easily separated into a standalone > > allocator for executable kernel memory. > > Easily maybe, but not as easily as you think, see below. > > > > > Thomas Gleixner sent a patch to do that for x86 as part of a larger > > series a couple years ago: > > > > https://lore.kernel.org/all/20220716230953.442937...@linutronix.de/ > > > > I've simply extended that approach to the whole kernel. > > > > Signed-off-by: Calvin Owens <jcalvinow...@gmail.com> > > --- > > arch/Kconfig | 2 +- > > arch/arm/kernel/module.c | 35 --------- > > arch/arm/mm/Makefile | 2 + > > arch/arm/mm/module_alloc.c | 40 ++++++++++ > > arch/arm64/kernel/module.c | 127 ------------------------------ > > arch/arm64/mm/Makefile | 1 + > > arch/arm64/mm/module_alloc.c | 130 +++++++++++++++++++++++++++++++ > > arch/loongarch/kernel/module.c | 6 -- > > arch/loongarch/mm/Makefile | 2 + > > arch/loongarch/mm/module_alloc.c | 10 +++ > > arch/mips/kernel/module.c | 10 --- > > arch/mips/mm/Makefile | 2 + > > arch/mips/mm/module_alloc.c | 13 ++++ > > arch/nios2/kernel/module.c | 20 ----- > > arch/nios2/mm/Makefile | 2 + > > arch/nios2/mm/module_alloc.c | 22 ++++++ > > arch/parisc/kernel/module.c | 12 --- > > arch/parisc/mm/Makefile | 1 + > > arch/parisc/mm/module_alloc.c | 15 ++++ > > arch/powerpc/kernel/module.c | 36 --------- > > arch/powerpc/mm/Makefile | 1 + > > arch/powerpc/mm/module_alloc.c | 41 ++++++++++ > > Missing several powerpc changes to make it work. You must audit every > use of CONFIG_MODULES inside powerpc. Here are a few exemples: > > Function get_patch_pfn() to enable text code patching. > > arch/powerpc/Kconfig : select KASAN_VMALLOC if > KASAN && MODULES > > arch/powerpc/include/asm/kasan.h: > > #if defined(CONFIG_MODULES) && defined(CONFIG_PPC32) > #define KASAN_KERN_START ALIGN_DOWN(PAGE_OFFSET - SZ_256M, SZ_256M) > #else > #define KASAN_KERN_START PAGE_OFFSET > #endif > > arch/powerpc/kernel/head_8xx.S and arch/powerpc/kernel/head_book3s_32.S: > InstructionTLBMiss interrupt handler must know that there is executable > kernel text outside kernel core. > > Function is_module_segment() to identified segments used for module text > and set NX (NoExec) MMU flag on non-module segments.
Thanks Christophe, I'll fix that up. I'm sure there are many other issues like this in the arch stuff here, I'm going to run them all through QEMU to catch everything I can before the next respin. > > arch/riscv/kernel/module.c | 11 --- > > arch/riscv/mm/Makefile | 1 + > > arch/riscv/mm/module_alloc.c | 17 ++++ > > arch/s390/kernel/module.c | 37 --------- > > arch/s390/mm/Makefile | 1 + > > arch/s390/mm/module_alloc.c | 42 ++++++++++ > > arch/sparc/kernel/module.c | 31 -------- > > arch/sparc/mm/Makefile | 2 + > > arch/sparc/mm/module_alloc.c | 31 ++++++++ > > arch/x86/kernel/ftrace.c | 2 +- > > arch/x86/kernel/module.c | 56 ------------- > > arch/x86/mm/Makefile | 2 + > > arch/x86/mm/module_alloc.c | 59 ++++++++++++++ > > fs/proc/kcore.c | 2 +- > > kernel/module/Kconfig | 1 + > > kernel/module/main.c | 17 ---- > > mm/Kconfig | 3 + > > mm/Makefile | 1 + > > mm/module_alloc.c | 21 +++++ > > mm/vmalloc.c | 2 +- > > 42 files changed, 467 insertions(+), 402 deletions(-) > > ... > > > diff --git a/mm/Kconfig b/mm/Kconfig > > index ffc3a2ba3a8c..92bfb5ae2e95 100644 > > --- a/mm/Kconfig > > +++ b/mm/Kconfig > > @@ -1261,6 +1261,9 @@ config LOCK_MM_AND_FIND_VMA > > config IOMMU_MM_DATA > > bool > > > > +config MODULE_ALLOC > > + def_bool n > > + > > I'd call it something else than CONFIG_MODULE_ALLOC as you want to use > it when CONFIG_MODULE is not selected. > > Something like CONFIG_EXECMEM_ALLOC or CONFIG_DYNAMIC_EXECMEM ? > > > > Christophe
