* Adding module support for __ro_after_init @ 2016-06-03 18:46 Kees Cook 2016-06-05 5:09 ` Rusty Russell 0 siblings, 1 reply; 4+ messages in thread From: Kees Cook @ 2016-06-03 18:46 UTC (permalink / raw) To: Rusty Russell; +Cc: LKML, Laura Abbott Hi Rusty, I'd love to get your thoughts on the best way to support __ro_after_init markings for modules. Are the r/o markings done after module __init runs? If so, this should make things easy, and then we just need to move .data..ro_after_init into .rodata at link time. If not, then we'd need to explicitly make this section read-only after _init. Thanks! -Kees -- Kees Cook Chrome OS & Brillo Security ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Adding module support for __ro_after_init 2016-06-03 18:46 Adding module support for __ro_after_init Kees Cook @ 2016-06-05 5:09 ` Rusty Russell 2016-06-07 6:42 ` Jessica Yu 0 siblings, 1 reply; 4+ messages in thread From: Rusty Russell @ 2016-06-05 5:09 UTC (permalink / raw) To: Kees Cook; +Cc: LKML, Laura Abbott, Jessica Yu Kees Cook <keescook@google.com> writes: > Hi Rusty, > > I'd love to get your thoughts on the best way to support > __ro_after_init markings for modules. Are the r/o markings done after > module __init runs? If so, this should make things easy, and then we > just need to move .data..ro_after_init into .rodata at link time. If > not, then we'd need to explicitly make this section read-only after > _init. As you might expect, the sections are made read-only before anything runs. We'll need to do the latter, which means it needs to be page-aligned. (Well we could put it in the same page as .rodata, and just not protect that fully until after init). Jessica might have more thoughts... Rusty. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Adding module support for __ro_after_init 2016-06-05 5:09 ` Rusty Russell @ 2016-06-07 6:42 ` Jessica Yu 2016-06-07 15:53 ` Kees Cook 0 siblings, 1 reply; 4+ messages in thread From: Jessica Yu @ 2016-06-07 6:42 UTC (permalink / raw) To: Rusty Russell; +Cc: Kees Cook, LKML, Laura Abbott +++ Rusty Russell [05/06/16 14:39 +0930]: >Kees Cook <keescook@google.com> writes: >> Hi Rusty, >> >> I'd love to get your thoughts on the best way to support >> __ro_after_init markings for modules. Are the r/o markings done after >> module __init runs? If so, this should make things easy, and then we >> just need to move .data..ro_after_init into .rodata at link time. If >> not, then we'd need to explicitly make this section read-only after >> _init. > >As you might expect, the sections are made read-only before anything >runs. We'll need to do the latter, which means it needs to be >page-aligned. (Well we could put it in the same page as .rodata, and >just not protect that fully until after init). Hi Rusty, Kees, :-) Right, RO protection is enabled in load_module() before module __init gets to run. So I guess there are two ways to go about this: either (1) keep __ro_after_init with the rest of rodata and toggle RO protection after __init runs, but I think we'd probably want to keep this protection before anything executes. Or (2) modify layout_sections() in the module loader to place .data..ro_after_init data in its own set of page(s) so that we can toggle RO on/off independently of the other module sections, and set them to RO only after module init runs. So perhaps the modified module memory layout might look like.. [text] [rodata] [ro after init] [writable data] I don't think (2) should be hard to implement in the module loader (well, at first glance :-), maybe I'm missing something), but I could go ahead and give a patch a shot. Jessica ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Adding module support for __ro_after_init 2016-06-07 6:42 ` Jessica Yu @ 2016-06-07 15:53 ` Kees Cook 0 siblings, 0 replies; 4+ messages in thread From: Kees Cook @ 2016-06-07 15:53 UTC (permalink / raw) To: Jessica Yu; +Cc: Rusty Russell, LKML, Laura Abbott On Mon, Jun 6, 2016 at 11:42 PM, Jessica Yu <jeyu@redhat.com> wrote: > +++ Rusty Russell [05/06/16 14:39 +0930]: >> >> Kees Cook <keescook@google.com> writes: >>> >>> Hi Rusty, >>> >>> I'd love to get your thoughts on the best way to support >>> __ro_after_init markings for modules. Are the r/o markings done after >>> module __init runs? If so, this should make things easy, and then we >>> just need to move .data..ro_after_init into .rodata at link time. If >>> not, then we'd need to explicitly make this section read-only after >>> _init. >> >> >> As you might expect, the sections are made read-only before anything >> runs. We'll need to do the latter, which means it needs to be >> page-aligned. (Well we could put it in the same page as .rodata, and >> just not protect that fully until after init). > > > Hi Rusty, Kees, :-) > > Right, RO protection is enabled in load_module() before module __init gets > to > run. So I guess there are two ways to go about this: either (1) keep > __ro_after_init with the rest of rodata and toggle RO protection after > __init > runs, but I think we'd probably want to keep this protection before anything > executes. Or (2) modify layout_sections() in the module loader to place > .data..ro_after_init data in its own set of page(s) so that we can toggle RO > on/off independently of the other module sections, and set them to RO only > after module init runs. > So perhaps the modified module memory layout might look like.. > [text] [rodata] [ro after init] [writable data] > > I don't think (2) should be hard to implement in the module loader (well, > at first glance :-), maybe I'm missing something), but I could go ahead and > give a patch a shot. I would agree that "2" sound best. I'm happy to help review and test any patches. And after having looked at this myself, I'm curious to see the solution since I couldn't figure out how the layout code worked. :) -Kees -- Kees Cook Chrome OS & Brillo Security ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-06-07 15:53 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-06-03 18:46 Adding module support for __ro_after_init Kees Cook 2016-06-05 5:09 ` Rusty Russell 2016-06-07 6:42 ` Jessica Yu 2016-06-07 15:53 ` Kees Cook
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.