x86/kernel/module.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /*  Kernel module help for x86.
0003     Copyright (C) 2001 Rusty Russell.
0004
0005 */
0006
0007 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0008
0009 #include <linux/moduleloader.h>
0010 #include <linux/elf.h>
0011 #include <linux/vmalloc.h>
0012 #include <linux/fs.h>
0013 #include <linux/string.h>
0014 #include <linux/kernel.h>
0015 #include <linux/kasan.h>
0016 #include <linux/bug.h>
0017 #include <linux/mm.h>
0018 #include <linux/gfp.h>
0019 #include <linux/jump_label.h>
0020 #include <linux/random.h>
0021 #include <linux/memory.h>
0022
0023 #include <asm/text-patching.h>
0024 #include <asm/page.h>
0025 #include <asm/setup.h>
0026 #include <asm/unwind.h>
0027
0028 #if 0
0029 #define DEBUGP(fmt, ...)                \
0030     printk(KERN_DEBUG fmt, ##__VA_ARGS__)
0031 #else
0032 #define DEBUGP(fmt, ...)                \
0033 do {                            \
0034     if (0)                      \
0035         printk(KERN_DEBUG fmt, ##__VA_ARGS__);  \
0036 } while (0)
0037 #endif
0038
0039 #ifdef CONFIG_RANDOMIZE_BASE
0040 static unsigned long module_load_offset;
0041
0042 /* Mutex protects the module_load_offset. */
0043 static DEFINE_MUTEX(module_kaslr_mutex);
0044
0045 static unsigned long int get_module_load_offset(void)
0046 {
0047     if (kaslr_enabled()) {
0048         mutex_lock(&module_kaslr_mutex);
0049         /*
0050          * Calculate the module_load_offset the first time this
0051          * code is called. Once calculated it stays the same until
0052          * reboot.
0053          */
0054         if (module_load_offset == 0)
0055             module_load_offset =
0056                 (get_random_int() % 1024 + 1) * PAGE_SIZE;
0057         mutex_unlock(&module_kaslr_mutex);
0058     }
0059     return module_load_offset;
0060 }
0061 #else
0062 static unsigned long int get_module_load_offset(void)
0063 {
0064     return 0;
0065 }
0066 #endif
0067
0068 void *module_alloc(unsigned long size)
0069 {
0070     gfp_t gfp_mask = GFP_KERNEL;
0071     void *p;
0072
0073     if (PAGE_ALIGN(size) > MODULES_LEN)
0074         return NULL;
0075
0076     p = __vmalloc_node_range(size, MODULE_ALIGN,
0077                     MODULES_VADDR + get_module_load_offset(),
0078                     MODULES_END, gfp_mask,
0079                     PAGE_KERNEL, VM_DEFER_KMEMLEAK, NUMA_NO_NODE,
0080                     __builtin_return_address(0));
0081     if (p && (kasan_alloc_module_shadow(p, size, gfp_mask) < 0)) {
0082         vfree(p);
0083         return NULL;
0084     }
0085
0086     return p;
0087 }
0088
0089 #ifdef CONFIG_X86_32
0090 int apply_relocate(Elf32_Shdr *sechdrs,
0091            const char *strtab,
0092            unsigned int symindex,
0093            unsigned int relsec,
0094            struct module *me)
0095 {
0096     unsigned int i;
0097     Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
0098     Elf32_Sym *sym;
0099     uint32_t *location;
0100
0101     DEBUGP("Applying relocate section %u to %u\n",
0102            relsec, sechdrs[relsec].sh_info);
0103     for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) {
0104         /* This is where to make the change */
0105         location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr
0106             + rel[i].r_offset;
0107         /* This is the symbol it is referring to.  Note that all
0108            undefined symbols have been resolved.  */
0109         sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
0110             + ELF32_R_SYM(rel[i].r_info);
0111
0112         switch (ELF32_R_TYPE(rel[i].r_info)) {
0113         case R_386_32:
0114             /* We add the value into the location given */
0115             *location += sym->st_value;
0116             break;
0117         case R_386_PC32:
0118         case R_386_PLT32:
0119             /* Add the value, subtract its position */
0120             *location += sym->st_value - (uint32_t)location;
0121             break;
0122         default:
0123             pr_err("%s: Unknown relocation: %u\n",
0124                    me->name, ELF32_R_TYPE(rel[i].r_info));
0125             return -ENOEXEC;
0126         }
0127     }
0128     return 0;
0129 }
0130 #else /*X86_64*/
0131 static int __apply_relocate_add(Elf64_Shdr *sechdrs,
0132            const char *strtab,
0133            unsigned int symindex,
0134            unsigned int relsec,
0135            struct module *me,
0136            void *(*write)(void *dest, const void *src, size_t len))
0137 {
0138     unsigned int i;
0139     Elf64_Rela *rel = (void *)sechdrs[relsec].sh_addr;
0140     Elf64_Sym *sym;
0141     void *loc;
0142     u64 val;
0143
0144     DEBUGP("Applying relocate section %u to %u\n",
0145            relsec, sechdrs[relsec].sh_info);
0146     for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) {
0147         /* This is where to make the change */
0148         loc = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr
0149             + rel[i].r_offset;
0150
0151         /* This is the symbol it is referring to.  Note that all
0152            undefined symbols have been resolved.  */
0153         sym = (Elf64_Sym *)sechdrs[symindex].sh_addr
0154             + ELF64_R_SYM(rel[i].r_info);
0155
0156         DEBUGP("type %d st_value %Lx r_addend %Lx loc %Lx\n",
0157                (int)ELF64_R_TYPE(rel[i].r_info),
0158                sym->st_value, rel[i].r_addend, (u64)loc);
0159
0160         val = sym->st_value + rel[i].r_addend;
0161
0162         switch (ELF64_R_TYPE(rel[i].r_info)) {
0163         case R_X86_64_NONE:
0164             break;
0165         case R_X86_64_64:
0166             if (*(u64 *)loc != 0)
0167                 goto invalid_relocation;
0168             write(loc, &val, 8);
0169             break;
0170         case R_X86_64_32:
0171             if (*(u32 *)loc != 0)
0172                 goto invalid_relocation;
0173             write(loc, &val, 4);
0174             if (val != *(u32 *)loc)
0175                 goto overflow;
0176             break;
0177         case R_X86_64_32S:
0178             if (*(s32 *)loc != 0)
0179                 goto invalid_relocation;
0180             write(loc, &val, 4);
0181             if ((s64)val != *(s32 *)loc)
0182                 goto overflow;
0183             break;
0184         case R_X86_64_PC32:
0185         case R_X86_64_PLT32:
0186             if (*(u32 *)loc != 0)
0187                 goto invalid_relocation;
0188             val -= (u64)loc;
0189             write(loc, &val, 4);
0190 #if 0
0191             if ((s64)val != *(s32 *)loc)
0192                 goto overflow;
0193 #endif
0194             break;
0195         case R_X86_64_PC64:
0196             if (*(u64 *)loc != 0)
0197                 goto invalid_relocation;
0198             val -= (u64)loc;
0199             write(loc, &val, 8);
0200             break;
0201         default:
0202             pr_err("%s: Unknown rela relocation: %llu\n",
0203                    me->name, ELF64_R_TYPE(rel[i].r_info));
0204             return -ENOEXEC;
0205         }
0206     }
0207     return 0;
0208
0209 invalid_relocation:
0210     pr_err("x86/modules: Skipping invalid relocation target, existing value is nonzero for type %d, loc %p, val %Lx\n",
0211            (int)ELF64_R_TYPE(rel[i].r_info), loc, val);
0212     return -ENOEXEC;
0213
0214 overflow:
0215     pr_err("overflow in relocation type %d val %Lx\n",
0216            (int)ELF64_R_TYPE(rel[i].r_info), val);
0217     pr_err("`%s' likely not compiled with -mcmodel=kernel\n",
0218            me->name);
0219     return -ENOEXEC;
0220 }
0221
0222 int apply_relocate_add(Elf64_Shdr *sechdrs,
0223            const char *strtab,
0224            unsigned int symindex,
0225            unsigned int relsec,
0226            struct module *me)
0227 {
0228     int ret;
0229     bool early = me->state == MODULE_STATE_UNFORMED;
0230     void *(*write)(void *, const void *, size_t) = memcpy;
0231
0232     if (!early) {
0233         write = text_poke;
0234         mutex_lock(&text_mutex);
0235     }
0236
0237     ret = __apply_relocate_add(sechdrs, strtab, symindex, relsec, me,
0238                    write);
0239
0240     if (!early) {
0241         text_poke_sync();
0242         mutex_unlock(&text_mutex);
0243     }
0244
0245     return ret;
0246 }
0247
0248 #endif
0249
0250 int module_finalize(const Elf_Ehdr *hdr,
0251             const Elf_Shdr *sechdrs,
0252             struct module *me)
0253 {
0254     const Elf_Shdr *s, *text = NULL, *alt = NULL, *locks = NULL,
0255         *para = NULL, *orc = NULL, *orc_ip = NULL,
0256         *retpolines = NULL, *returns = NULL, *ibt_endbr = NULL;
0257     char *secstrings = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset;
0258
0259     for (s = sechdrs; s < sechdrs + hdr->e_shnum; s++) {
0260         if (!strcmp(".text", secstrings + s->sh_name))
0261             text = s;
0262         if (!strcmp(".altinstructions", secstrings + s->sh_name))
0263             alt = s;
0264         if (!strcmp(".smp_locks", secstrings + s->sh_name))
0265             locks = s;
0266         if (!strcmp(".parainstructions", secstrings + s->sh_name))
0267             para = s;
0268         if (!strcmp(".orc_unwind", secstrings + s->sh_name))
0269             orc = s;
0270         if (!strcmp(".orc_unwind_ip", secstrings + s->sh_name))
0271             orc_ip = s;
0272         if (!strcmp(".retpoline_sites", secstrings + s->sh_name))
0273             retpolines = s;
0274         if (!strcmp(".return_sites", secstrings + s->sh_name))
0275             returns = s;
0276         if (!strcmp(".ibt_endbr_seal", secstrings + s->sh_name))
0277             ibt_endbr = s;
0278     }
0279
0280     /*
0281      * See alternative_instructions() for the ordering rules between the
0282      * various patching types.
0283      */
0284     if (para) {
0285         void *pseg = (void *)para->sh_addr;
0286         apply_paravirt(pseg, pseg + para->sh_size);
0287     }
0288     if (retpolines) {
0289         void *rseg = (void *)retpolines->sh_addr;
0290         apply_retpolines(rseg, rseg + retpolines->sh_size);
0291     }
0292     if (returns) {
0293         void *rseg = (void *)returns->sh_addr;
0294         apply_returns(rseg, rseg + returns->sh_size);
0295     }
0296     if (alt) {
0297         /* patch .altinstructions */
0298         void *aseg = (void *)alt->sh_addr;
0299         apply_alternatives(aseg, aseg + alt->sh_size);
0300     }
0301     if (ibt_endbr) {
0302         void *iseg = (void *)ibt_endbr->sh_addr;
0303         apply_ibt_endbr(iseg, iseg + ibt_endbr->sh_size);
0304     }
0305     if (locks && text) {
0306         void *lseg = (void *)locks->sh_addr;
0307         void *tseg = (void *)text->sh_addr;
0308         alternatives_smp_module_add(me, me->name,
0309                         lseg, lseg + locks->sh_size,
0310                         tseg, tseg + text->sh_size);
0311     }
0312
0313     if (orc && orc_ip)
0314         unwind_module_init(me, (void *)orc_ip->sh_addr, orc_ip->sh_size,
0315                    (void *)orc->sh_addr, orc->sh_size);
0316
0317     return 0;
0318 }
0319
0320 void module_arch_cleanup(struct module *mod)
0321 {
0322     alternatives_smp_module_del(mod);
0323 }