On Wed, May 21, 2025 at 09:10:58PM +0200, Alexandre Chartre wrote:
It looks the problem comes from pages allocated for dynamic thunks for modules, and this patch appears to fix the problem:
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index 43ec73da66d8b..9ca6973e56547 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -460,6 +460,8 @@ void its_free_mod(struct module *mod) for (i = 0; i < mod->its_num_pages; i++) { void *page = mod->its_page_array[i];
set_memory_nx((unsigned long)page, 1);set_memory_rw((unsigned long)page, 1); module_memfree(page); } kfree(mod->its_page_array);I don't know the exact underlying issue but I suspect that the kernel doesn't correctly handle pages freed without the write permission, and restoring page permissions to rw (instead of rox) before freeing prevent the problem.
Your analysis aligns with the proposed fix to backport below patch as well:
x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() https://lore.kernel.org/stable/20250521171635.848656-1-pchelkin@ispras.ru/