From: linux@arm.linux.org.uk (Russell King - ARM Linux)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC 0/3] Allow CONFIG_DEBUG_SET_MODULE_RONX to be used on ARM
Date: Sun, 27 Oct 2013 10:34:52 +0000 [thread overview]
Message-ID: <20131027103452.GA16735@n2100.arm.linux.org.uk> (raw)
In-Reply-To: <20131024130346.GA31369@n2100.arm.linux.org.uk>
On Thu, Oct 24, 2013 at 02:03:46PM +0100, Russell King - ARM Linux wrote:
> On Wed, Jun 12, 2013 at 10:23:27AM -0700, Laura Abbott wrote:
> > Hi,
> >
> > This is an RFC to allow CONFIG_DEBUG_SET_MODULE_RONX to be used on ARM. The
> > current config description from x86 describes it best:
> >
> > This option helps catch unintended modifications to loadable
> > kernel module's text and read-only data. It also prevents execution
> > of module data. Such protection may interfere with run-time code
> > patching and dynamic kernel tracing - and they might also protect
> > against certain classes of kernel exploits.
> >
> > ARM was missing a few functions to modify the page tables so those have been
> > added. I believe modules are always mapped with pages so changing them at map
> > time should be acceptable. Comments/concerns are appreciated.
>
> I've just tested this and it seems to work:
The only remaining question is whether DEBUG_SET_MODULE_RONX should be
by default enabled. At the moment, the text says "if unsure, say N"
but is that the right advice? Shouldn't we be encouraging people to
have this option turned on unless there's a reason not to (eg, kprobes?)
How about adding:
default y if !(FTRACE || KPROBES || JUMP_LABEL)
as KPROBES and JUMP_LABEL both use the text patching, and FTRACE uses
probe_kernel_write(). We may need to add kgdb to that later too. Or
maybe a dependency on the above?
One thing which comes to mind while looking at this: should
arch/arm/kernel/patch.c be using the probe_kernel_* functions in
mm/maccess.c? Also, should we look at improving this code so we can
have RONX modules and still have working ftrace/kprobes etc?
next prev parent reply other threads:[~2013-10-27 10:34 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-12 17:23 [RFC 0/3] Allow CONFIG_DEBUG_SET_MODULE_RONX to be used on ARM Laura Abbott
[not found] ` <1371057810-3189-3-git-send-email-lauraa@codeaurora.org>
2013-06-12 17:32 ` [RFC 2/3] arm: mm: Define set_memory_* functions for ARM Russell King - ARM Linux
2013-06-13 16:25 ` Catalin Marinas
2013-06-18 11:09 ` Will Deacon
2013-06-19 1:48 ` Laura Abbott
2013-06-19 13:59 ` Will Deacon
2013-10-25 13:08 ` Will Deacon
2013-10-27 10:18 ` Russell King - ARM Linux
2013-10-24 13:03 ` [RFC 0/3] Allow CONFIG_DEBUG_SET_MODULE_RONX to be used on ARM Russell King - ARM Linux
2013-10-27 10:34 ` Russell King - ARM Linux [this message]
2013-10-27 11:57 ` Russell King - ARM Linux
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131027103452.GA16735@n2100.arm.linux.org.uk \
--to=linux@arm.linux.org.uk \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).