Received: by 2002:a05:6358:e9c4:b0:b2:91dc:71ab with SMTP id hc4csp2010427rwb; Fri, 5 Aug 2022 11:30:57 -0700 (PDT) X-Google-Smtp-Source: AA6agR5/ApMFfGyUWKcprYkl2+GUgRT0M81egxqZnU9/OUYGzSiSCeyX0uEPlTN8Sqs12vfnE8Di X-Received: by 2002:a17:906:cc0c:b0:730:8bbb:69ac with SMTP id ml12-20020a170906cc0c00b007308bbb69acmr6115571ejb.392.1659724257166; Fri, 05 Aug 2022 11:30:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659724257; cv=none; d=google.com; s=arc-20160816; b=PBNrzuUveNS7//YsOauHGy9Wl82QmAAzkHvix/lCNn/sq9CP9V8FgAOaTwqBjk1dk3 tdFo/r9DD0bjBKHtzQz9oV1AQBQBjSHV6fEQDihvY92ADFpw2AocUMaeNcsN8piVF2ck K8GzP26XwZWrtTSl04OqBOrqtNS0kXAAyvi6QANL0QWxgdDGroo1DJjWx/lmC4kuPYwF H42oNkbtNIuC38/jg3bMiuf/Gfm9exNnCIN6KOiUXFEYzH4vrt5CfkQ+JhCl06ufC8i8 ixUtjv5oDvRr/CuELV+o62apYMAWyhlXvg/BZ2tPZXPiJWp1gBsJ680U9CVfqC9ZL3qh tM4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=txBSSlPi9N0tLAXNG57y6lypgehVa7JGTAdbDr+j5+8=; b=dS3SRI0ftG/gS98H/Gr1YcnkrLyUnkwebTXRmz0U9NIq94zuN6W7E7w6g3CuVrOexW qEzS5Rr+Yk5kyPQkna60iLqmViTjy1Nr7I7wCVb83E6tyzDAZF1zhgj94uftFxaeaS3w 0tZvubvOYr+iWCQKFtcOl6c4iD0OiEjT8njP6T9H9YjpcoQurxYPb8NxYD9bd+EhtKWm 1M9WBQueXsYUJBN+O+xwUmhz2nXH5IFzPGjyk2y3KA7pJnPuRZgRJWvu5KIpF3x5WJ8q IpdGqBaa735R0QmUrg8u7nGqfaewMpIqkh4zPWN7E38SW0n8eD1ZdUwC5Sd31XJmYrix A90g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=fQ7RIIHr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v15-20020a056402348f00b0043d6706d0c6si421487edc.144.2022.08.05.11.30.30; Fri, 05 Aug 2022 11:30:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=fQ7RIIHr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241150AbiHESTU (ORCPT + 99 others); Fri, 5 Aug 2022 14:19:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54276 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241121AbiHESTP (ORCPT ); Fri, 5 Aug 2022 14:19:15 -0400 Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E9B57A517 for ; Fri, 5 Aug 2022 11:19:11 -0700 (PDT) Received: by mail-pl1-x632.google.com with SMTP id z19so3325546plb.1 for ; Fri, 05 Aug 2022 11:19:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=txBSSlPi9N0tLAXNG57y6lypgehVa7JGTAdbDr+j5+8=; b=fQ7RIIHrOL1i9QeCS7tZjsW67dtHMIhDDo4bjG5JUp9Q5HNatNLQAnXxPK4mckKylz Lb+/kokSY56il+IAOJwwyNZshWvuZCuqG/cjhbdARX8vPuU+MzpSqcEJ3LqRf9/nyqyC qwkGYzcAuW0O9ZjhoDnGDCEfuMW5C6FZHro1Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=txBSSlPi9N0tLAXNG57y6lypgehVa7JGTAdbDr+j5+8=; b=mnPSp9OZgpA9rwWncSya59WRQq3VdYjfkTstBBEFaxQkZZFji4mUzIE162MyKeZ/t5 CJS4WpIO6uEQT3fMfChInfo1Wft3nWB+/7ncyORf4oeoKUHszDQsEnwGcMb6bo3gCWgR ljnJOzcNOKpOpbtZ6Iwp9LejEsZwcSE50qWdQ8BcqhFwz0zx7szWpxIySspGbdnBzCr2 z6nWzBi3GqdOmV4pRW9mzYPwacmvtQ07yMU+JfoiDbdfJLyD1NQGZcE4hRRRvfnioGMp ree1YO/s1xZ55DwYuXoRk5AcFPdTmF7HZr5BDVsLQqUkisfKg0YIpqDMaDywLXZFCktb 7f4w== X-Gm-Message-State: ACgBeo3A4rXJAh2J2TbQqYva5CIOOg1GcBdo53Bc7MV7D32/fJj0AMsA 1dfOIuPeoCG7W4qDUGCvtJp73KUQgroEKA== X-Received: by 2002:a17:90a:ca85:b0:1f3:1058:5048 with SMTP id y5-20020a17090aca8500b001f310585048mr8882686pjt.40.1659723550262; Fri, 05 Aug 2022 11:19:10 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id e17-20020a63e011000000b0041a8f882e5bsm1780730pgh.42.2022.08.05.11.19.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Aug 2022 11:19:09 -0700 (PDT) Date: Fri, 5 Aug 2022 11:19:08 -0700 From: Kees Cook To: "Rafael J. Wysocki" Cc: "Rafael J. Wysocki" , Linux PM , LKML , Greg Kroah-Hartman Subject: Re: [PATCH] PM: core: Do not randomize struct dev_pm_ops layout Message-ID: <202208051111.F6768D49@keescook> References: <2643836.mvXUDI8C0e@kreacher> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Aug 05, 2022 at 04:10:29PM +0200, Rafael J. Wysocki wrote: > On Fri, Aug 5, 2022 at 4:12 AM Kees Cook wrote: > > > > > > > > On August 4, 2022 10:15:08 AM PDT, "Rafael J. Wysocki" wrote: > > >From: Rafael J. Wysocki > > > > > >Because __rpm_get_callback() uses offsetof() to compute the address of > > >the callback in question in struct dev_pm_ops, randomizing the layout > > >of the latter leads to interesting, but unfortunately also undesirable > > >results in some cases. > > > > How does this manifest? This is a compile-time randomization, so offsetof() will find the correct location. > > Well, I would think so. > > > Is struct dev_pm_ops created or consumed externally from the kernel at any point? > > I'm not sure TBH. I have seen a trace where pci_pm_resume_noirq() is > evidently called via rpm_callback() which should never happen if the > offset computation is correct. > > The driver in question (which is out of the tree for now) is modular, I'm not a fan of making core kernel changes for out of tree modules, but that said, there is clearly a bug somewhere that I'd like to help solve. > so in theory it could be built separately from the rest of the kernel, > but I think that this still should work, shouldn't it? It should work, yes. This implies something is not working in the build process, though. Either the external module was built without randstruct and was somehow allowed to be loaded, or the kernel's randstruct seed was not present in the module build so a new one was chosen. What do modinfo -F vermagic name-of-out-of-tree-module and modinfo -F vermagic some-module-built-with-kernel show? -- Kees Cook