From: lauraa@codeaurora.org (Laura Abbott)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm: don't allow CONFIG_DEBUG_SET_MODULE_RONX if CONFIG_JUMP_LABEL is enabled
Date: Tue, 01 Apr 2014 11:03:35 -0700 [thread overview]
Message-ID: <533AFF77.5030106@codeaurora.org> (raw)
In-Reply-To: <1396346657-7166-1-git-send-email-holler@ahsoftware.de>
On 4/1/2014 3:04 AM, Alexander Holler wrote:
> CONFIG_DEBUG_SET_MODULE_RONX sounds like a nice security feature, but
> things might fail late (and unexpected) if module code is set to read-only
> while CONFIG_JUMP_LABEL is enabled (e.g. modprobe bridge).
>
> Avoid this.
>
> Signed-off-by: Alexander Holler <holler@ahsoftware.de>
> ---
> arch/arm/Kconfig.debug | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug
> index 0531da8..6627b9e 100644
> --- a/arch/arm/Kconfig.debug
> +++ b/arch/arm/Kconfig.debug
> @@ -1197,7 +1197,7 @@ config PID_IN_CONTEXTIDR
>
> config DEBUG_SET_MODULE_RONX
> bool "Set loadable kernel module data as NX and text as RO"
> - depends on MODULES
> + depends on MODULES && !JUMP_LABEL
> ---help---
> This option helps catch unintended modifications to loadable
> kernel module's text and read-only data. It also prevents execution
>
Kees Cook has something similar[1] for not-module space as well, we probably want
this there as well. A shame we keep finding reasons these features will be turned
off. Looks good to me otherwise.
Laura
[1]http://lists.infradead.org/pipermail/linux-arm-kernel/2014-February/232644.html
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by The Linux Foundation
WARNING: multiple messages have this Message-ID (diff)
From: Laura Abbott <lauraa@codeaurora.org>
To: Alexander Holler <holler@ahsoftware.de>,
linux-arm-kernel@lists.infradead.org
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
linux-kernel@vger.kernel.org,
Russell King <linux@arm.linux.org.uk>,
Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH] arm: don't allow CONFIG_DEBUG_SET_MODULE_RONX if CONFIG_JUMP_LABEL is enabled
Date: Tue, 01 Apr 2014 11:03:35 -0700 [thread overview]
Message-ID: <533AFF77.5030106@codeaurora.org> (raw)
In-Reply-To: <1396346657-7166-1-git-send-email-holler@ahsoftware.de>
On 4/1/2014 3:04 AM, Alexander Holler wrote:
> CONFIG_DEBUG_SET_MODULE_RONX sounds like a nice security feature, but
> things might fail late (and unexpected) if module code is set to read-only
> while CONFIG_JUMP_LABEL is enabled (e.g. modprobe bridge).
>
> Avoid this.
>
> Signed-off-by: Alexander Holler <holler@ahsoftware.de>
> ---
> arch/arm/Kconfig.debug | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug
> index 0531da8..6627b9e 100644
> --- a/arch/arm/Kconfig.debug
> +++ b/arch/arm/Kconfig.debug
> @@ -1197,7 +1197,7 @@ config PID_IN_CONTEXTIDR
>
> config DEBUG_SET_MODULE_RONX
> bool "Set loadable kernel module data as NX and text as RO"
> - depends on MODULES
> + depends on MODULES && !JUMP_LABEL
> ---help---
> This option helps catch unintended modifications to loadable
> kernel module's text and read-only data. It also prevents execution
>
Kees Cook has something similar[1] for not-module space as well, we probably want
this there as well. A shame we keep finding reasons these features will be turned
off. Looks good to me otherwise.
Laura
[1]http://lists.infradead.org/pipermail/linux-arm-kernel/2014-February/232644.html
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by The Linux Foundation
next prev parent reply other threads:[~2014-04-01 18:03 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-01 10:04 [PATCH] arm: don't allow CONFIG_DEBUG_SET_MODULE_RONX if CONFIG_JUMP_LABEL is enabled Alexander Holler
2014-04-01 10:04 ` Alexander Holler
2014-04-01 18:03 ` Laura Abbott [this message]
2014-04-01 18:03 ` Laura Abbott
2014-04-01 18:36 ` Kees Cook
2014-04-01 18:36 ` Kees Cook
2014-04-01 18:53 ` Alexander Holler
2014-04-01 18:53 ` Alexander Holler
2014-04-01 23:08 ` Rabin Vincent
2014-04-01 23:08 ` Rabin Vincent
2014-04-01 23:28 ` Alexander Holler
2014-04-01 23:28 ` Alexander Holler
2014-04-03 23:14 ` Kees Cook
2014-04-03 23:14 ` Kees Cook
2014-04-03 23:48 ` Rabin Vincent
2014-04-03 23:48 ` Rabin Vincent
2014-04-04 0:52 ` Kees Cook
2014-04-04 0:52 ` Kees Cook
2014-04-01 23:21 ` Rabin Vincent
2014-04-01 23:21 ` Rabin Vincent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=533AFF77.5030106@codeaurora.org \
--to=lauraa@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.