In kernel v4.16.0 the module .text address is displayed
wrong when using /sys/module/*/sections/.text file.
Commit ef0010a30935 ("vsprintf: don't use 'restricted_pointer()' when
not restricting")
is the first bad commit.
Here is the issue, using module qeth_l2 on s390 which is the
ethernet device driver:
[root@s35lp76 ~]# lsmod
Module Size Used by
qeth_l2 94208 1
...
[root@s35lp76 ~]# cat /proc/modules | egrep '^qeth_l2'
qeth_l2 94208 1 - Live 0x000003ff80401000
^ This is the correct address in memory
[root@s35lp76 ~]# cat /sys/module/qeth_l2/sections/.text
0x0000000018ea8363 <---- This is a wrong address
[root@s35lp76 ~]#
This breaks the perf tool which uses this address on s390
to calculate start of .text section in memory.
Fix this by printing the correct (unhashed) address.
Thanks to Jessica Yu for helping on this.
Suggested-by: Linus Torvalds <[email protected]>
Signed-off-by: Thomas Richter <[email protected]>
Cc: Jessica Yu <[email protected]>
---
kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index a6e43a5806a1..77ab7211ddef 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1472,7 +1472,7 @@ static ssize_t module_sect_show(struct module_attribute *mattr,
{
struct module_sect_attr *sattr =
container_of(mattr, struct module_sect_attr, mattr);
- return sprintf(buf, "0x%pK\n", (void *)sattr->address);
+ return sprintf(buf, "%#lx\n", kptr_restrict < 2 ? sattr->address : 0);
}
static void free_sect_attrs(struct module_sect_attrs *sect_attrs)
--
2.14.3
On 04/17/2018 10:20 AM, Thomas Richter wrote:
> In kernel v4.16.0 the module .text address is displayed
> wrong when using /sys/module/*/sections/.text file.
> Commit ef0010a30935 ("vsprintf: don't use 'restricted_pointer()' when
> not restricting")
> is the first bad commit.
>
> Here is the issue, using module qeth_l2 on s390 which is the
> ethernet device driver:
>
> [root@s35lp76 ~]# lsmod
> Module Size Used by
> qeth_l2 94208 1
> ...
>
> [root@s35lp76 ~]# cat /proc/modules | egrep '^qeth_l2'
> qeth_l2 94208 1 - Live 0x000003ff80401000
> ^ This is the correct address in memory
> [root@s35lp76 ~]# cat /sys/module/qeth_l2/sections/.text
> 0x0000000018ea8363 <---- This is a wrong address
> [root@s35lp76 ~]#
>
> This breaks the perf tool which uses this address on s390
> to calculate start of .text section in memory.
>
> Fix this by printing the correct (unhashed) address.
>
> Thanks to Jessica Yu for helping on this.
>
> Suggested-by: Linus Torvalds <[email protected]>
> Signed-off-by: Thomas Richter <[email protected]>
> Cc: Jessica Yu <[email protected]>
CC stable?
> ---
> kernel/module.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index a6e43a5806a1..77ab7211ddef 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -1472,7 +1472,7 @@ static ssize_t module_sect_show(struct module_attribute *mattr,
> {
> struct module_sect_attr *sattr =
> container_of(mattr, struct module_sect_attr, mattr);
> - return sprintf(buf, "0x%pK\n", (void *)sattr->address);
> + return sprintf(buf, "%#lx\n", kptr_restrict < 2 ? sattr->address : 0);
> }
>
> static void free_sect_attrs(struct module_sect_attrs *sect_attrs)
>
On Tue, Apr 17, 2018 at 1:24 AM, Christian Borntraeger
<[email protected]> wrote:
>
>
> On 04/17/2018 10:20 AM, Thomas Richter wrote:
>> In kernel v4.16.0 the module .text address is displayed
>> wrong when using /sys/module/*/sections/.text file.
>> Commit ef0010a30935 ("vsprintf: don't use 'restricted_pointer()' when
>> not restricting")
>> is the first bad commit.
>>
>> Here is the issue, using module qeth_l2 on s390 which is the
>> ethernet device driver:
>>
>> [root@s35lp76 ~]# lsmod
>> Module Size Used by
>> qeth_l2 94208 1
>> ...
>>
>> [root@s35lp76 ~]# cat /proc/modules | egrep '^qeth_l2'
>> qeth_l2 94208 1 - Live 0x000003ff80401000
>> ^ This is the correct address in memory
>> [root@s35lp76 ~]# cat /sys/module/qeth_l2/sections/.text
>> 0x0000000018ea8363 <---- This is a wrong address
>> [root@s35lp76 ~]#
>>
>> This breaks the perf tool which uses this address on s390
>> to calculate start of .text section in memory.
>>
>> Fix this by printing the correct (unhashed) address.
>>
>> Thanks to Jessica Yu for helping on this.
>>
>> Suggested-by: Linus Torvalds <[email protected]>
>> Signed-off-by: Thomas Richter <[email protected]>
>> Cc: Jessica Yu <[email protected]>
>
> CC stable?
>
>> ---
>> kernel/module.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/kernel/module.c b/kernel/module.c
>> index a6e43a5806a1..77ab7211ddef 100644
>> --- a/kernel/module.c
>> +++ b/kernel/module.c
>> @@ -1472,7 +1472,7 @@ static ssize_t module_sect_show(struct module_attribute *mattr,
>> {
>> struct module_sect_attr *sattr =
>> container_of(mattr, struct module_sect_attr, mattr);
>> - return sprintf(buf, "0x%pK\n", (void *)sattr->address);
>> + return sprintf(buf, "%#lx\n", kptr_restrict < 2 ? sattr->address : 0);
Can we use %px instead, just to make the hash-bypass reports easier to grep for?
-Kees
>> }
>>
>> static void free_sect_attrs(struct module_sect_attrs *sect_attrs)
>>
>
--
Kees Cook
Pixel Security
Em Tue, Apr 17, 2018 at 10:24:35AM +0200, Christian Borntraeger escreveu:
>
>
> On 04/17/2018 10:20 AM, Thomas Richter wrote:
> > In kernel v4.16.0 the module .text address is displayed
> > wrong when using /sys/module/*/sections/.text file.
> > Commit ef0010a30935 ("vsprintf: don't use 'restricted_pointer()' when
> > not restricting")
> > is the first bad commit.
> >
> > Here is the issue, using module qeth_l2 on s390 which is the
> > ethernet device driver:
> >
> > [root@s35lp76 ~]# lsmod
> > Module Size Used by
> > qeth_l2 94208 1
> > ...
> >
> > [root@s35lp76 ~]# cat /proc/modules | egrep '^qeth_l2'
> > qeth_l2 94208 1 - Live 0x000003ff80401000
> > ^ This is the correct address in memory
> > [root@s35lp76 ~]# cat /sys/module/qeth_l2/sections/.text
> > 0x0000000018ea8363 <---- This is a wrong address
> > [root@s35lp76 ~]#
> >
> > This breaks the perf tool which uses this address on s390
> > to calculate start of .text section in memory.
> >
> > Fix this by printing the correct (unhashed) address.
> >
> > Thanks to Jessica Yu for helping on this.
> >
> > Suggested-by: Linus Torvalds <[email protected]>
> > Signed-off-by: Thomas Richter <[email protected]>
> > Cc: Jessica Yu <[email protected]>
>
> CC stable?
Adding the missing:
Fixes: ef0010a30935 ("vsprintf: don't use 'restricted_pointer()' when not restricting")
Should be enough?
- Arnaldo
> > ---
> > kernel/module.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/kernel/module.c b/kernel/module.c
> > index a6e43a5806a1..77ab7211ddef 100644
> > --- a/kernel/module.c
> > +++ b/kernel/module.c
> > @@ -1472,7 +1472,7 @@ static ssize_t module_sect_show(struct module_attribute *mattr,
> > {
> > struct module_sect_attr *sattr =
> > container_of(mattr, struct module_sect_attr, mattr);
> > - return sprintf(buf, "0x%pK\n", (void *)sattr->address);
> > + return sprintf(buf, "%#lx\n", kptr_restrict < 2 ? sattr->address : 0);
> > }
> >
> > static void free_sect_attrs(struct module_sect_attrs *sect_attrs)
> >
On 04/17/2018 06:20 PM, Arnaldo Carvalho de Melo wrote:
> Em Tue, Apr 17, 2018 at 10:24:35AM +0200, Christian Borntraeger escreveu:
>>
>>
>> On 04/17/2018 10:20 AM, Thomas Richter wrote:
>>> In kernel v4.16.0 the module .text address is displayed
>>> wrong when using /sys/module/*/sections/.text file.
>>> Commit ef0010a30935 ("vsprintf: don't use 'restricted_pointer()' when
>>> not restricting")
>>> is the first bad commit.
>>>
>>> Here is the issue, using module qeth_l2 on s390 which is the
>>> ethernet device driver:
>>>
>>> [root@s35lp76 ~]# lsmod
>>> Module Size Used by
>>> qeth_l2 94208 1
>>> ...
>>>
>>> [root@s35lp76 ~]# cat /proc/modules | egrep '^qeth_l2'
>>> qeth_l2 94208 1 - Live 0x000003ff80401000
>>> ^ This is the correct address in memory
>>> [root@s35lp76 ~]# cat /sys/module/qeth_l2/sections/.text
>>> 0x0000000018ea8363 <---- This is a wrong address
>>> [root@s35lp76 ~]#
>>>
>>> This breaks the perf tool which uses this address on s390
>>> to calculate start of .text section in memory.
>>>
>>> Fix this by printing the correct (unhashed) address.
>>>
>>> Thanks to Jessica Yu for helping on this.
>>>
>>> Suggested-by: Linus Torvalds <[email protected]>
>>> Signed-off-by: Thomas Richter <[email protected]>
>>> Cc: Jessica Yu <[email protected]>
>>
>> CC stable?
>
> Adding the missing:
>
> Fixes: ef0010a30935 ("vsprintf: don't use 'restricted_pointer()' when not restricting")
>
> Should be enough?
Even better.