From: Jessica Yu <jeyu@kernel.org>
To: linux-kernel@vger.kernel.org
Cc: Bartosz Golaszewski <brgl@bgdev.pl>,
Yang Yingliang <yangyingliang@huawei.com>,
Jian Cheng <cj.chengjian@huawei.com>,
Nadav Amit <namit@vmware.com>, Sekhar Nori <nsekhar@ti.com>,
Kevin Hilman <khilman@kernel.org>,
David Lechner <david@lechnology.com>,
Adam Ford <aford173@gmail.com>, Martin Kaiser <lists@kaiser.cx>,
Jessica Yu <jeyu@kernel.org>
Subject: [PATCH] modules: always page-align module section allocations
Date: Wed, 24 Jul 2019 17:01:56 +0200 [thread overview]
Message-ID: <20190724150156.28526-1-jeyu@kernel.org> (raw)
Some arches (e.g., arm64, x86) have moved towards non-executable
module_alloc() allocations for security hardening reasons. That means
that the module loader will need to set the text section of a module to
executable, regardless of whether or not CONFIG_STRICT_MODULE_RWX is set.
When CONFIG_STRICT_MODULE_RWX=y, module section allocations are always
page-aligned to handle memory rwx permissions. On some arches with
CONFIG_STRICT_MODULE_RWX=n however, when setting the module text to
executable, the BUG_ON() in frob_text() gets triggered since module
section allocations are not page-aligned when CONFIG_STRICT_MODULE_RWX=n.
Since the set_memory_* API works with pages, and since we need to call
set_memory_x() regardless of whether CONFIG_STRICT_MODULE_RWX is set, we
might as well page-align all module section allocations for ease of
managing rwx permissions of module sections (text, rodata, etc).
Fixes: 2eef1399a866 ("modules: fix BUG when load module with rodata=n")
Reported-by: Martin Kaiser <lists@kaiser.cx>
Reported-by: Bartosz Golaszewski <brgl@bgdev.pl>
Tested-by: David Lechner <david@lechnology.com>
Tested-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
---
kernel/module.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/kernel/module.c b/kernel/module.c
index 5933395af9a0..cd8df516666d 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -64,14 +64,9 @@
/*
* Modules' sections will be aligned on page boundaries
- * to ensure complete separation of code and data, but
- * only when CONFIG_STRICT_MODULE_RWX=y
+ * to ensure complete separation of code and data
*/
-#ifdef CONFIG_STRICT_MODULE_RWX
# define debug_align(X) ALIGN(X, PAGE_SIZE)
-#else
-# define debug_align(X) (X)
-#endif
/* If this is set, the section belongs in the init part of the module */
#define INIT_OFFSET_MASK (1UL << (BITS_PER_LONG-1))
--
2.16.4
next reply other threads:[~2019-07-24 15:02 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-24 15:01 Jessica Yu [this message]
2019-07-25 7:08 ` [PATCH] modules: always page-align module section allocations Bartosz Golaszewski
2019-07-30 8:42 ` Jessica Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190724150156.28526-1-jeyu@kernel.org \
--to=jeyu@kernel.org \
--cc=aford173@gmail.com \
--cc=brgl@bgdev.pl \
--cc=cj.chengjian@huawei.com \
--cc=david@lechnology.com \
--cc=khilman@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lists@kaiser.cx \
--cc=namit@vmware.com \
--cc=nsekhar@ti.com \
--cc=yangyingliang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.