From: Jessica Yu <jeyu@kernel.org>
To: linux-kernel@vger.kernel.org
Cc: Bartosz Golaszewski <brgl@bgdev.pl>,
Yang Yingliang <yangyingliang@huawei.com>,
Jian Cheng <cj.chengjian@huawei.com>,
Nadav Amit <namit@vmware.com>, Sekhar Nori <nsekhar@ti.com>,
Kevin Hilman <khilman@kernel.org>,
David Lechner <david@lechnology.com>,
Adam Ford <aford173@gmail.com>, Martin Kaiser <lists@kaiser.cx>
Subject: Re: [PATCH] modules: always page-align module section allocations
Date: Tue, 30 Jul 2019 10:42:39 +0200 [thread overview]
Message-ID: <20190730084239.GA19748@linux-8ccs> (raw)
In-Reply-To: <20190724150156.28526-1-jeyu@kernel.org>
+++ Jessica Yu [24/07/19 17:01 +0200]:
>Some arches (e.g., arm64, x86) have moved towards non-executable
>module_alloc() allocations for security hardening reasons. That means
>that the module loader will need to set the text section of a module to
>executable, regardless of whether or not CONFIG_STRICT_MODULE_RWX is set.
>
>When CONFIG_STRICT_MODULE_RWX=y, module section allocations are always
>page-aligned to handle memory rwx permissions. On some arches with
>CONFIG_STRICT_MODULE_RWX=n however, when setting the module text to
>executable, the BUG_ON() in frob_text() gets triggered since module
>section allocations are not page-aligned when CONFIG_STRICT_MODULE_RWX=n.
>Since the set_memory_* API works with pages, and since we need to call
>set_memory_x() regardless of whether CONFIG_STRICT_MODULE_RWX is set, we
>might as well page-align all module section allocations for ease of
>managing rwx permissions of module sections (text, rodata, etc).
>
>Fixes: 2eef1399a866 ("modules: fix BUG when load module with rodata=n")
>Reported-by: Martin Kaiser <lists@kaiser.cx>
>Reported-by: Bartosz Golaszewski <brgl@bgdev.pl>
>Tested-by: David Lechner <david@lechnology.com>
>Tested-by: Martin Kaiser <martin@kaiser.cx>
>Signed-off-by: Jessica Yu <jeyu@kernel.org>
Applied, thanks everyone for testing.
> kernel/module.c | 7 +------
> 1 file changed, 1 insertion(+), 6 deletions(-)
>
>diff --git a/kernel/module.c b/kernel/module.c
>index 5933395af9a0..cd8df516666d 100644
>--- a/kernel/module.c
>+++ b/kernel/module.c
>@@ -64,14 +64,9 @@
>
> /*
> * Modules' sections will be aligned on page boundaries
>- * to ensure complete separation of code and data, but
>- * only when CONFIG_STRICT_MODULE_RWX=y
>+ * to ensure complete separation of code and data
> */
>-#ifdef CONFIG_STRICT_MODULE_RWX
> # define debug_align(X) ALIGN(X, PAGE_SIZE)
>-#else
>-# define debug_align(X) (X)
>-#endif
>
> /* If this is set, the section belongs in the init part of the module */
> #define INIT_OFFSET_MASK (1UL << (BITS_PER_LONG-1))
>--
>2.16.4
>
prev parent reply other threads:[~2019-07-30 8:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-24 15:01 [PATCH] modules: always page-align module section allocations Jessica Yu
2019-07-25 7:08 ` Bartosz Golaszewski
2019-07-30 8:42 ` Jessica Yu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190730084239.GA19748@linux-8ccs \
--to=jeyu@kernel.org \
--cc=aford173@gmail.com \
--cc=brgl@bgdev.pl \
--cc=cj.chengjian@huawei.com \
--cc=david@lechnology.com \
--cc=khilman@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lists@kaiser.cx \
--cc=namit@vmware.com \
--cc=nsekhar@ti.com \
--cc=yangyingliang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.