Home | History | Annotate | Download | only in kern
History log of /src/sys/kern/subr_kobj.c
RevisionDateAuthorComments
 1.78  28-Apr-2023  skrll Pass local symbols relocations in both passes and provide the kobj_reloc
implementation visibility of these relocations.

Currently all implementations resolve local symbol relocations in the first
pass and simply skip them in the second. The RISC-V implementation will
make use of this visiblity.
 1.77  17-Apr-2023  skrll KNF
 1.76  29-Jan-2023  skrll Trailing whitespace
 1.75  26-Oct-2022  riastradh kern/subr_kobj.c: We already get module_base from sys/module.h.
 1.74  26-Oct-2022  riastradh sys/*: Get module_map consistently from sys/module.h.
 1.73  15-Oct-2022  riastradh kobj(9): Rephrase kobj_load and kobj_affix positively.

Write error cases as branches, normal cases as straight-line code.

Side effect: One fewer call to kobj_jettison in case of error in
kobj_affix, but it already calls kobj_jettison once in the error case
via kobj_unload, which does kobj_jettison itself, and kobj_jettison
is idempotent.

No functional change intended.
 1.72  15-Oct-2022  riastradh kobj(9): Fix kobj_read_mem error branches.

Rewrite positively to simplify logic: Write errors as branches,
normal case as straight-line code.

In the case where allocate=true but arithmetic overflow occurs, this
avoids trying to kmem_free null, which is forbidden.
 1.71  15-Oct-2022  riastradh kobj(9): Avoid arithmetic overflow in overflow detection.
 1.70  15-Oct-2022  riastradh kobj(9): Forbid reading negative offsets.

Shouldn't have any functional change, but let's fail with EINVAL
rather than reading arbitrarily distant memory.
 1.69  21-Aug-2021  andvar fix mainly same typos as in my previous commit but outside sys/dev/dm.
 1.68  09-Jun-2021  christos Work around abs rela relocations issue (for now):

$ readelf -r compat_linux
...
Relocation section '.rela.data' at offset 0x37270 contains 537 entries:
Offset Info Type Sym. Value Sym. Name + Addend
...
000000000040 000000000001 R_X86_64_64 0
000000000048 000000000001 R_X86_64_64 0
...

$ objdump -r compat_linux
...
RELOCATION RECORDS FOR [.data]:
OFFSET TYPE VALUE
...
0000000000000040 R_X86_64_64 *ABS*
0000000000000048 R_X86_64_64 *ABS*
...

Since those have symidx == 0, and the 0 symbol table entry is special,
treat them as SHN_ABS.

Change ENOENT -> ENOEXEC to avoid confusion (like other linking errors),
and add some debugging when that happens.
 1.67  27-Jun-2020  christos branches: 1.67.6;
print the index of the problematic symbol
 1.66  23-Jun-2018  jakllsch add a kobj_error() to a recently added error case
 1.65  04-Nov-2017  christos branches: 1.65.2;
use Elf_Sym ** instead of casting.
 1.64  04-Nov-2017  martin Make kobj_sym_lookup's result type an Elf_Addr.
Fixes the arm builds.
 1.63  03-Nov-2017  maxv Handle absolute relocations coming from the kernel: preserve SHN_ABS in
the kernel and module symbols, and when relocating a symbol that has
SHN_ABS, take its value as-is and don't return an error if it equals zero.

Sent on tech-kern@.
 1.62  01-Jun-2017  chs remove checks for failure after memory allocation calls that cannot fail:

kmem_alloc() with KM_SLEEP
kmem_zalloc() with KM_SLEEP
percpu_alloc()
pserialize_create()
psref_class_create()

all of these paths include an assertion that the allocation has not failed,
so callers should not assert that again.
 1.61  19-Apr-2017  christos simplify.
 1.60  19-Apr-2017  pgoyette Be consistent about checking for text section address being 0, and
don't ignore errors by falling through to the next section(s).

As discussed on tech-kern@
 1.59  02-Aug-2016  martin branches: 1.59.2;
kobj_machdep() needs a chance to moify the loaded code, so move the code
to protect it read-only a bit later.
 1.58  01-Aug-2016  maxv Don't fail if a module does not have a data or rodata section. Small
modules don't have data.
 1.57  20-Jul-2016  maxv Split the data+bss+rodata segment in two data+bss and rodata segments. The
latter is made read-only.
 1.56  20-Jul-2016  maxv Change the protection of the kernel modules segments once we are done
relocating them. The text is allocated as RWX, and then mprotected to RW.

There is a bug that prevents us from doing RW->RX on amd64 and perhaps
sparc64. On x86, the pmap waits for the page to fault before granting it
the X permission. But in the trap handler, such a page is considered as
belonging to kernel_map, while it actually belongs to module_map. The
kernel then finds out the page is not present in kernel_map, and panics.
In all cases, module_map is non pageable, so even if the trap were handled
properly, it still wouldn't work.

Therefore, there is a small window in which the segment is RWX. But that's
fine enough, for now.
 1.55  09-Jul-2016  maxv branches: 1.55.2;
When loading a module from VFS and from the bootloader, the kernel packs
up the module segments into one big RWX chunk. Split this chunk into two
different text and data+bss+rodata chunks. The latter is made non-
executable. This also provides some kind of ASLR, since the chunks are
not necessarily contiguous.
 1.54  08-Jul-2016  maxv Force the kernel to dynamically reallocate the preloaded modules.
 1.53  07-Jul-2016  msaitoh KNF. Remove extra spaces. No functional change.
 1.52  31-May-2016  pgoyette Compare names of duplicate symbols properly, so we correctly return
an error status.

Fixes PR kern/45125 with patch supplied by Akinobu Mita
 1.51  24-Aug-2015  pooka to garnish, dust with _KERNEL_OPT
 1.50  16-Jul-2014  maxv branches: 1.50.2; 1.50.4; 1.50.6; 1.50.10;
Keep setting 'error' as appropriate (even if this place is broken enough
to crash in many other ways...)
 1.49  09-Jul-2014  maxv - limit the number of sections with ELF_MAXSHNUM
- fix the (symstrindex > hdr->e_shnum) check: it should be >=, otherwise there's an
off-by-one
- fix the (symstrindex < 0) check: the value is unsigned, so it can't be <0. However,
we should ensure that symstrindex!=0 (done with SHN_UNDEF)
- set 'error' as appropriate
- ensure that e_shstrndx < hdr->e_shnum, to prevent out-of-bound reads

Fixes several crashes that could occur when loading a kernel module.

Quick glance from martin@
 1.48  06-Jul-2014  maxv Remove this (symtabindex == -1) check; it is already handled by (nsym != 1).
Put a KASSERT instead.
 1.47  06-Jul-2014  maxv Use a macro instead of always putting __func__ and __LINE__.
 1.46  09-Aug-2013  matt branches: 1.46.2;
Ignore REL/RELA if they aren't against a PROGBIT section.
(this causes EXIDX sections to be ignored for ARM).
 1.45  30-Dec-2012  pooka branches: 1.45.2;
size_t needs to printed with %zu
 1.44  13-Aug-2011  christos branches: 1.44.2; 1.44.12;
Always provide a meaningful short name for the kobj in the error message,
as well as the function name and the linenumber, without extra line feeds.
 1.43  17-Jul-2011  joerg Retire varargs.h support. Move machine/stdarg.h logic into MI
sys/stdarg.h and expect compiler to provide proper builtins, defaulting
to the GCC interface. lint still has a special fallback.
Reduce abuse of _BSD_VA_LIST_ by defining __va_list by default and
derive va_list as required by standards.
 1.42  18-Jan-2011  matt Deal with ELFnn_MACHDEP_ID_CASES a bit better.
 1.41  26-Apr-2010  pooka branches: 1.41.2;
Add an optional hook for adjusting module string table after load.
Currently to be used for rump "SAOS" namespace trick.
 1.40  27-Nov-2009  pooka branches: 1.40.2; 1.40.4;
Due to the schizophrenic nature of kobj (mem + vfs source),
split the module in twain to subj_kobj.c (master + mem) and
subr_kobj_vfs.c (vfs).
 1.39  17-Jun-2009  dyoung Make kobj_stat() return ENOSYS instead of panicking ("not modular")
on non-MODULAR kernels. Make a few kobj_stat() callers check for
a non-zero return code and deal gracefully.
 1.38  26-May-2009  jnemeth Move all namei flags handling into kobj_load_file().

When I originally wrote this, I was going for maximum flexibility.
However, after a private discussion with dholland@, I see how this
will cause problems with the future world order of namei whenever
that might be. At the moment, I don't need the extra flexibility,
but if something comes up this may have to be revisited.
 1.37  25-May-2009  jnemeth Phase 0.5 of my options MODULAR enhancements. As suggested by ad@,
these commits move all path handling into module_do_load() from
kobj_load_file(). This way the final path used to load a module
is available for loading <module>.plist, which will store parameters
for a module. The end goal of this project is good support for
MODULAR device drivers.
 1.36  24-May-2009  ad Split out kobj structures so crash/ddb can get at them.
 1.35  23-May-2009  ad Fix a crash observed when trying to load a corrupted ELF image.
 1.34  13-Feb-2009  apb Use "defopt MODULAR" in sys/conf/files, and #include "opt_modular.h"
in all kernel sources that use the MODULAR option.
Proposed in tech-kern on 18 Jan 2009.
 1.33  08-Jan-2009  pooka branches: 1.33.2;
Sprinkle comments explaining purpose of kobj_machdep(), per email from ad.
no functional change
 1.32  01-Jan-2009  pooka revert previous, disabled aliasing in offending build

(XXX: two evil casts in the original)
 1.31  01-Jan-2009  pooka Squelch type-punning warnings with void * casts. We are allowed
to do this because the pointers do not have aliases.
 1.30  16-Nov-2008  ad Another fix to previous.
 1.29  16-Nov-2008  ad Correction to previous.
 1.28  16-Nov-2008  ad Do not look up any given symbol more than once. Does away with the vast
majority of symbol table lookups.
 1.27  14-Nov-2008  ad Use NOCHROOT when doing the lookup against the standard module path.
Prevents abuse of chroots to load tainted kernel modules.
 1.26  12-Nov-2008  ad Don't try appending ".o" to the module path.
 1.25  12-Nov-2008  ad Remove LKMs and switch to the module framework, pass 1.

Proposed on tech-kern@.
 1.24  20-Oct-2008  ad branches: 1.24.2; 1.24.4;
Correct an error message.
 1.23  20-Oct-2008  ad PR kern/38814 ksyms needs locking

- Make ksyms MT safe.
- Fix deadlock from an operation like "modload foo.lkm < /dev/ksyms".
- Fix uninitialized structure members.
- Reduce memory footprint for loaded modules.
- Export ksyms structures for kernel grovellers like savecore.
- Some KNF.
 1.22  06-Oct-2008  ad kobj_read: plug a leak.
 1.21  20-May-2008  ad branches: 1.21.4;
If autoloading a module, don't consider the current working directory.
 1.20  20-May-2008  martin fix !MODULAR compiles
 1.19  20-May-2008  ad PR kern/38694 module dependencies do not work as expected

Autoload modules from the correct path based on kernel version.
 1.18  20-May-2008  ad - Do local relocs before loading requisite modules, and all others only
after requisite modules have been loaded. For PR kern/38697.
- Simplify kobj interface slightly to make error handling easier.
 1.17  19-May-2008  jmcneill If we see a non-loadable BSS section in a pre-loaded module, make sure we
don't return success from kobj_load or nasty things will happen.
 1.16  04-May-2008  ad branches: 1.16.2;
Make it compile as part of librump.
 1.15  03-May-2008  ad Broken assertions.
 1.14  02-May-2008  ad Keep the program table and section strings around after loading the object,
since module_find_section() needs them.
 1.13  01-May-2008  ad Another fix for pre-loaded modules.
 1.12  01-May-2008  ad Get the pre-loaded module code working.
 1.11  28-Apr-2008  martin Remove clause 3 and 4 from TNF licenses
 1.10  21-Mar-2008  ad branches: 1.10.2; 1.10.4;
Catch up with descriptor handling changes. See kern_descrip.c revision
1.173 for details.
 1.9  17-Jan-2008  rumble branches: 1.9.2; 1.9.4; 1.9.10;
Before bailing on ENOENT, try one more time with an appended ".o". This
lets us load dependencies by module name and makes 'modload foo' work when
'foo.o' is the file.
 1.8  12-Jan-2008  ad Add a function to look up a section by name and return address/size, and
nuke return of object entrypoint from kobj_stat(). It's a lot easier to
denote the module entypoint using a linkset.
 1.7  07-Jan-2008  ad branches: 1.7.2; 1.7.4;
Fix build if !MODULAR. Reported by elad@.
 1.6  07-Jan-2008  ad Don't both about module name / ksyms until the name is known for sure.
 1.5  06-Jan-2008  ad Add MODULAR option. Include kernel linker stuff if MODULAR.
 1.4  06-Jan-2008  jmcneill Fix off-by-one in kobj_read range checking for case KT_MEMORY
 1.3  06-Jan-2008  ad - Allow loading ELF objects from memory. Based on a patch from jmcneill.
- Allow for changing object name later, once known.
- Split open/load of the objects.
 1.2  04-Jan-2008  ad Add a kobj_stat() to get basic info about the object, and some other
minor changes.
 1.1  04-Jan-2008  ad Add a simple in-kernel linker, derived from FreeBSD's link_elf_obj.c. Needs
more work but is enough to load simple LKMs. amd64 is untested.

Locking is caller provided. This is decoupled from the LKM framework because
kernel modules need not be loaded from the file system - they could be built
into the kernel and referenced via link set.
 1.7.4.3  23-Mar-2008  matt sync with HEAD
 1.7.4.2  09-Jan-2008  matt sync with HEAD
 1.7.4.1  07-Jan-2008  matt file subr_kobj.c was added on branch matt-armv6 on 2008-01-09 01:56:16 +0000
 1.7.2.3  19-Jan-2008  bouyer Sync with HEAD
 1.7.2.2  08-Jan-2008  bouyer Sync with HEAD
 1.7.2.1  07-Jan-2008  bouyer file subr_kobj.c was added on branch bouyer-xeni386 on 2008-01-08 22:11:39 +0000
 1.9.10.3  17-Jan-2009  mjf Sync with HEAD.
 1.9.10.2  02-Jun-2008  mjf Sync with HEAD.
 1.9.10.1  03-Apr-2008  mjf Sync with HEAD.
 1.9.4.2  18-Feb-2008  mjf Sync with HEAD.
 1.9.4.1  17-Jan-2008  mjf file subr_kobj.c was added on branch mjf-devfs on 2008-02-18 21:06:47 +0000
 1.9.2.3  24-Mar-2008  yamt sync with head.
 1.9.2.2  21-Jan-2008  yamt sync with head
 1.9.2.1  17-Jan-2008  yamt file subr_kobj.c was added on branch yamt-lazymbuf on 2008-01-21 09:46:18 +0000
 1.10.4.5  11-Aug-2010  yamt sync with head.
 1.10.4.4  11-Mar-2010  yamt sync with head
 1.10.4.3  20-Jun-2009  yamt sync with head
 1.10.4.2  04-May-2009  yamt sync with head.
 1.10.4.1  16-May-2008  yamt sync with head.
 1.10.2.2  04-Jun-2008  yamt sync with head
 1.10.2.1  18-May-2008  yamt sync with head.
 1.16.2.2  10-Oct-2008  skrll Sync with HEAD.
 1.16.2.1  23-Jun-2008  wrstuden Sync w/ -current. 34 merge conflicts to follow.
 1.21.4.2  13-Dec-2008  haad Update haad-dm branch to haad-dm-base2.
 1.21.4.1  19-Oct-2008  haad Sync with HEAD.
 1.24.4.2  17-Jun-2009  bouyer Pull up following revision(s) (requested by rmind in ticket #809):
sys/kern/subr_kobj.c: revision 1.35
Fix a crash observed when trying to load a corrupted ELF image.
 1.24.4.1  02-Feb-2009  snj branches: 1.24.4.1.2;
Pull up following revision(s) (requested by ad in ticket #336):
sys/kern/subr_kobj.c: revision 1.27 via patch
Use NOCHROOT when doing the lookup against the standard module path.
Prevents abuse of chroots to load tainted kernel modules.
 1.24.4.1.2.1  17-Jun-2009  bouyer branches: 1.24.4.1.2.1.2;
Pull up following revision(s) (requested by rmind in ticket #809):
sys/kern/subr_kobj.c: revision 1.35
Fix a crash observed when trying to load a corrupted ELF image.
 1.24.4.1.2.1.2.1  21-Apr-2010  matt sync to netbsd-5
 1.24.2.3  28-Apr-2009  skrll Sync with HEAD.
 1.24.2.2  03-Mar-2009  skrll Sync with HEAD.
 1.24.2.1  19-Jan-2009  skrll Sync with HEAD.
 1.33.2.2  23-Jul-2009  jym Sync with HEAD.
 1.33.2.1  13-May-2009  jym Sync with HEAD.

Commit is split, to avoid a "too many arguments" protocol error.
 1.40.4.2  05-Mar-2011  rmind sync with head
 1.40.4.1  30-May-2010  rmind sync with head
 1.40.2.1  30-Apr-2010  uebayasi Sync with HEAD.
 1.41.2.1  06-Jun-2011  jruoho Sync with HEAD.
 1.44.12.3  03-Dec-2017  jdolecek update from HEAD
 1.44.12.2  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.44.12.1  25-Feb-2013  tls resync with head
 1.44.2.2  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.44.2.1  23-Jan-2013  yamt sync with head
 1.45.2.1  28-Aug-2013  rmind sync with head
 1.46.2.1  10-Aug-2014  tls Rebase.
 1.50.10.1  03-Jan-2018  snj Pull up following revision(s) (requested by pgoyette in ticket #1539):
sys/kern/subr_kobj.c: revision 1.52
Compare names of duplicate symbols properly, so we correctly return
an error status.
Fixes PR kern/45125 with patch supplied by Akinobu Mita
 1.50.6.1  03-Jan-2018  snj Pull up following revision(s) (requested by pgoyette in ticket #1539):
sys/kern/subr_kobj.c: revision 1.52
Compare names of duplicate symbols properly, so we correctly return
an error status.
Fixes PR kern/45125 with patch supplied by Akinobu Mita
 1.50.4.4  28-Aug-2017  skrll Sync with HEAD
 1.50.4.3  05-Oct-2016  skrll Sync with HEAD
 1.50.4.2  09-Jul-2016  skrll Sync with HEAD
 1.50.4.1  22-Sep-2015  skrll Sync with HEAD
 1.50.2.1  03-Jan-2018  snj Pull up following revision(s) (requested by pgoyette in ticket #1539):
sys/kern/subr_kobj.c: revision 1.52
Compare names of duplicate symbols properly, so we correctly return
an error status.
Fixes PR kern/45125 with patch supplied by Akinobu Mita
 1.55.2.3  26-Apr-2017  pgoyette Sync with HEAD
 1.55.2.2  06-Aug-2016  pgoyette Sync with HEAD
 1.55.2.1  26-Jul-2016  pgoyette Sync with HEAD
 1.59.2.1  21-Apr-2017  bouyer Sync with HEAD
 1.65.2.1  25-Jun-2018  pgoyette Sync with HEAD
 1.67.6.1  17-Jun-2021  thorpej Sync w/ HEAD.

RSS XML Feed