Make ftrace work with CONFIG_DEBUG_SET_MODULE_RONX by making module text
writable around the place where ftrace does its work, like it is done on
x86 in the patch which introduced CONFIG_DEBUG_SET_MODULE_RONX,
84e1c6bb38eb ("x86: Add RO/NX protection for loadable kernel modules").
Signed-off-by: Rabin Vincent <[email protected]>
---
arch/arm/kernel/ftrace.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/arm/kernel/ftrace.c b/arch/arm/kernel/ftrace.c
index 34e5664..70ce654 100644
--- a/arch/arm/kernel/ftrace.c
+++ b/arch/arm/kernel/ftrace.c
@@ -14,6 +14,7 @@
#include <linux/ftrace.h>
#include <linux/uaccess.h>
+#include <linux/module.h>
#include <asm/cacheflush.h>
#include <asm/opcodes.h>
@@ -63,6 +64,18 @@ static unsigned long adjust_address(struct dyn_ftrace *rec, unsigned long addr)
}
#endif
+int ftrace_arch_code_modify_prepare(void)
+{
+ set_all_modules_text_rw();
+ return 0;
+}
+
+int ftrace_arch_code_modify_post_process(void)
+{
+ set_all_modules_text_ro();
+ return 0;
+}
+
static unsigned long ftrace_call_replace(unsigned long pc, unsigned long addr)
{
return arm_gen_branch_link(pc, addr);
--
1.9.1
On 4/2/2014 3:10 PM, Rabin Vincent wrote:
> Make ftrace work with CONFIG_DEBUG_SET_MODULE_RONX by making module text
> writable around the place where ftrace does its work, like it is done on
> x86 in the patch which introduced CONFIG_DEBUG_SET_MODULE_RONX,
> 84e1c6bb38eb ("x86: Add RO/NX protection for loadable kernel modules").
>
> Signed-off-by: Rabin Vincent <[email protected]>
> ---
> arch/arm/kernel/ftrace.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/arch/arm/kernel/ftrace.c b/arch/arm/kernel/ftrace.c
> index 34e5664..70ce654 100644
> --- a/arch/arm/kernel/ftrace.c
> +++ b/arch/arm/kernel/ftrace.c
> @@ -14,6 +14,7 @@
>
> #include <linux/ftrace.h>
> #include <linux/uaccess.h>
> +#include <linux/module.h>
>
> #include <asm/cacheflush.h>
> #include <asm/opcodes.h>
> @@ -63,6 +64,18 @@ static unsigned long adjust_address(struct dyn_ftrace *rec, unsigned long addr)
> }
> #endif
>
> +int ftrace_arch_code_modify_prepare(void)
> +{
> + set_all_modules_text_rw();
> + return 0;
> +}
> +
> +int ftrace_arch_code_modify_post_process(void)
> +{
> + set_all_modules_text_ro();
> + return 0;
> +}
> +
> static unsigned long ftrace_call_replace(unsigned long pc, unsigned long addr)
> {
> return arm_gen_branch_link(pc, addr);
>
I think Mitch tested this on our internal targets. I'll let him reply with his Tested-by
Laura
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by The Linux Foundation
On Wed, Apr 02 2014 at 06:04:29 PM, Laura Abbott <[email protected]> wrote:
> I think Mitch tested this on our internal targets. I'll let him reply with his Tested-by
>
> Laura
Indeed:
Tested-by: Mitchel Humpherys <[email protected]>
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
hosted by The Linux Foundation
On Wed, Apr 2, 2014 at 3:10 PM, Rabin Vincent <[email protected]> wrote:
> Make ftrace work with CONFIG_DEBUG_SET_MODULE_RONX by making module text
> writable around the place where ftrace does its work, like it is done on
> x86 in the patch which introduced CONFIG_DEBUG_SET_MODULE_RONX,
> 84e1c6bb38eb ("x86: Add RO/NX protection for loadable kernel modules").
>
> Signed-off-by: Rabin Vincent <[email protected]>
This works for me as well. Thanks!
Tested-by: Kees Cook <[email protected]>
-Kees
> ---
> arch/arm/kernel/ftrace.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/arch/arm/kernel/ftrace.c b/arch/arm/kernel/ftrace.c
> index 34e5664..70ce654 100644
> --- a/arch/arm/kernel/ftrace.c
> +++ b/arch/arm/kernel/ftrace.c
> @@ -14,6 +14,7 @@
>
> #include <linux/ftrace.h>
> #include <linux/uaccess.h>
> +#include <linux/module.h>
>
> #include <asm/cacheflush.h>
> #include <asm/opcodes.h>
> @@ -63,6 +64,18 @@ static unsigned long adjust_address(struct dyn_ftrace *rec, unsigned long addr)
> }
> #endif
>
> +int ftrace_arch_code_modify_prepare(void)
> +{
> + set_all_modules_text_rw();
> + return 0;
> +}
> +
> +int ftrace_arch_code_modify_post_process(void)
> +{
> + set_all_modules_text_ro();
> + return 0;
> +}
> +
> static unsigned long ftrace_call_replace(unsigned long pc, unsigned long addr)
> {
> return arm_gen_branch_link(pc, addr);
> --
> 1.9.1
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> [email protected]
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
--
Kees Cook
Chrome OS Security