* Re: Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table) [not found] <BANLkTimbHgmUvisE7+TCkgthejNi_zdojQ@mail.gmail.com> @ 2011-04-18 14:49 ` Arnd Bergmann 2011-04-18 16:21 ` Andreas Schwab 0 siblings, 1 reply; 9+ messages in thread From: Arnd Bergmann @ 2011-04-18 14:49 UTC (permalink / raw) To: Geert Uytterhoeven Cc: Andreas Schwab, Greg Ungerer, Gavin Lambert, uClinux development list, Philippe De Muyter, Linux/m68k, linux-arch On Wednesday 13 April 2011, Geert Uytterhoeven wrote: > On Thu, Apr 7, 2011 at 10:29, Andreas Schwab <schwab@linux-m68k.org> wrote: > > Geert Uytterhoeven <geert@linux-m68k.org> writes: > >> Isn't there a reason it was read-write on m68k, like the table may be changed > >> at runtime (to install rootkits :-)? Have to check what the other arches do... > > > > Initially the syscall_table in Linux has always been writable, bb152f53 > > ("x86/x86_64: mark rodata section read-only: make some datastructures > > const") made it read-only on x86. Apparently nobody bothered to do the > > equivalent change on m68k (I don't think anything makes the kernel text > > segment write protected anyway). > > 11 arches still store it in "data", including the 4 using the new > asm-generic/unistd.h > framework. 9 use "rodata" and 6 use "text". > The constness of C "extern" declarations doesn't necessarily matches the > actual sections. > Thanks for pointing this out. Should we apply this patch? --- [PATCH] mark sys_call_table as const There is no reason to have sys_call_table writable, and putting it into the rodata section can make it harder for malicious users to overwrite the entry points. Signed-off-by: Arnd Bergmann <arnd@arndb.de> diff --git a/arch/score/kernel/sys_call_table.c b/arch/score/kernel/sys_call_table.c index 287369b..7be73dc 100644 --- a/arch/score/kernel/sys_call_table.c +++ b/arch/score/kernel/sys_call_table.c @@ -7,6 +7,6 @@ #undef __SYSCALL #define __SYSCALL(nr, call) [nr] = (call), -void *sys_call_table[__NR_syscalls] = { +const void *sys_call_table[__NR_syscalls] = { #include <asm/unistd.h> }; diff --git a/arch/tile/kernel/sys.c b/arch/tile/kernel/sys.c index e2187d2..3f2ba14 100644 --- a/arch/tile/kernel/sys.c +++ b/arch/tile/kernel/sys.c @@ -122,7 +122,7 @@ SYSCALL_DEFINE6(mmap, unsigned long, addr, unsigned long, len, * Note that we can't include <linux/unistd.h> here since the header * guard will defeat us; <asm/unistd.h> checks for __SYSCALL as well. */ -void *sys_call_table[__NR_syscalls] = { +const void *sys_call_table[__NR_syscalls] = { [0 ... __NR_syscalls-1] = sys_ni_syscall, #include <asm/unistd.h> }; diff --git a/arch/tile/kernel/compat.c b/arch/tile/kernel/compat.c index dbc213a..d221452 100644 --- a/arch/tile/kernel/compat.c +++ b/arch/tile/kernel/compat.c @@ -166,7 +166,7 @@ long tile_compat_sys_msgrcv(int msqid, * Note that we can't include <linux/unistd.h> here since the header * guard will defeat us; <asm/unistd.h> checks for __SYSCALL as well. */ -void *compat_sys_call_table[__NR_syscalls] = { +const void *compat_sys_call_table[__NR_syscalls] = { [0 ... __NR_syscalls-1] = sys_ni_syscall, #include <asm/unistd.h> }; diff --git a/arch/unicore32/kernel/sys.c b/arch/unicore32/kernel/sys.c index 3afe60a..7a16c7e 100644 --- a/arch/unicore32/kernel/sys.c +++ b/arch/unicore32/kernel/sys.c @@ -120,7 +120,7 @@ SYSCALL_DEFINE6(mmap2, unsigned long, addr, unsigned long, len, #define __SYSCALL(nr, call) [nr] = (call), /* Note that we don't include <linux/unistd.h> but <asm/unistd.h> */ -void *sys_call_table[__NR_syscalls] = { +const void *sys_call_table[__NR_syscalls] = { [0 ... __NR_syscalls-1] = sys_ni_syscall, #include <asm/unistd.h> }; ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table) 2011-04-18 14:49 ` Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table) Arnd Bergmann @ 2011-04-18 16:21 ` Andreas Schwab 2011-04-19 7:48 ` Arnd Bergmann 0 siblings, 1 reply; 9+ messages in thread From: Andreas Schwab @ 2011-04-18 16:21 UTC (permalink / raw) To: Arnd Bergmann Cc: Geert Uytterhoeven, Greg Ungerer, Gavin Lambert, uClinux development list, Philippe De Muyter, Linux/m68k, linux-arch Arnd Bergmann <arnd@arndb.de> writes: > diff --git a/arch/score/kernel/sys_call_table.c b/arch/score/kernel/sys_call_table.c > index 287369b..7be73dc 100644 > --- a/arch/score/kernel/sys_call_table.c > +++ b/arch/score/kernel/sys_call_table.c > @@ -7,6 +7,6 @@ > #undef __SYSCALL > #define __SYSCALL(nr, call) [nr] = (call), > > -void *sys_call_table[__NR_syscalls] = { > +const void *sys_call_table[__NR_syscalls] = { That's not making it read-only. You need to move the const to the other side of the pointer. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table) 2011-04-18 16:21 ` Andreas Schwab @ 2011-04-19 7:48 ` Arnd Bergmann 2011-04-19 8:12 ` Finn Thain 0 siblings, 1 reply; 9+ messages in thread From: Arnd Bergmann @ 2011-04-19 7:48 UTC (permalink / raw) To: Andreas Schwab Cc: Geert Uytterhoeven, Greg Ungerer, Gavin Lambert, uClinux development list, Philippe De Muyter, Linux/m68k, linux-arch On Monday 18 April 2011, Andreas Schwab wrote: > > > > -void *sys_call_table[__NR_syscalls] = { > > +const void *sys_call_table[__NR_syscalls] = { > > That's not making it read-only. You need to move the const to the other > side of the pointer. D'oh! 8<-------- [PATCH] mark sys_call_table as const There is no reason to have sys_call_table writable, and putting it into the rodata section can make it harder for malicious users to overwrite the entry points. Signed-off-by: Arnd Bergmann <arnd@arndb.de> --- diff --git a/arch/score/kernel/sys_call_table.c b/arch/score/kernel/sys_call_table.c index 287369b..6d61120 100644 --- a/arch/score/kernel/sys_call_table.c +++ b/arch/score/kernel/sys_call_table.c @@ -7,6 +7,6 @@ #undef __SYSCALL #define __SYSCALL(nr, call) [nr] = (call), -void *sys_call_table[__NR_syscalls] = { +void *const sys_call_table[__NR_syscalls] = { #include <asm/unistd.h> }; diff --git a/arch/tile/include/asm/syscalls.h b/arch/tile/include/asm/syscalls.h index 3b5507c..c0d6914 100644 --- a/arch/tile/include/asm/syscalls.h +++ b/arch/tile/include/asm/syscalls.h @@ -25,9 +25,9 @@ #include <linux/compat.h> /* The array of function pointers for syscalls. */ -extern void *sys_call_table[]; +extern void *const sys_call_table[]; #ifdef CONFIG_COMPAT -extern void *compat_sys_call_table[]; +extern void *const compat_sys_call_table[]; #endif /* diff --git a/arch/tile/kernel/compat.c b/arch/tile/kernel/compat.c index dbc213a..aedf769 100644 --- a/arch/tile/kernel/compat.c +++ b/arch/tile/kernel/compat.c @@ -166,7 +166,7 @@ long tile_compat_sys_msgrcv(int msqid, * Note that we can't include <linux/unistd.h> here since the header * guard will defeat us; <asm/unistd.h> checks for __SYSCALL as well. */ -void *compat_sys_call_table[__NR_syscalls] = { +void *const compat_sys_call_table[__NR_syscalls] = { [0 ... __NR_syscalls-1] = sys_ni_syscall, #include <asm/unistd.h> }; diff --git a/arch/tile/kernel/sys.c b/arch/tile/kernel/sys.c index e2187d2..1fb2480 100644 --- a/arch/tile/kernel/sys.c +++ b/arch/tile/kernel/sys.c @@ -122,7 +122,7 @@ SYSCALL_DEFINE6(mmap, unsigned long, addr, unsigned long, len, * Note that we can't include <linux/unistd.h> here since the header * guard will defeat us; <asm/unistd.h> checks for __SYSCALL as well. */ -void *sys_call_table[__NR_syscalls] = { +void *const sys_call_table[__NR_syscalls] = { [0 ... __NR_syscalls-1] = sys_ni_syscall, #include <asm/unistd.h> }; diff --git a/arch/unicore32/kernel/sys.c b/arch/unicore32/kernel/sys.c index 3afe60a..00f3046 100644 --- a/arch/unicore32/kernel/sys.c +++ b/arch/unicore32/kernel/sys.c @@ -120,7 +120,7 @@ SYSCALL_DEFINE6(mmap2, unsigned long, addr, unsigned long, len, #define __SYSCALL(nr, call) [nr] = (call), /* Note that we don't include <linux/unistd.h> but <asm/unistd.h> */ -void *sys_call_table[__NR_syscalls] = { +void *const sys_call_table[__NR_syscalls] = { [0 ... __NR_syscalls-1] = sys_ni_syscall, #include <asm/unistd.h> }; ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table) 2011-04-19 7:48 ` Arnd Bergmann @ 2011-04-19 8:12 ` Finn Thain 2011-04-19 11:54 ` Andreas Schwab [not found] ` <m2k4eqfocu.fsf@igel.home> 0 siblings, 2 replies; 9+ messages in thread From: Finn Thain @ 2011-04-19 8:12 UTC (permalink / raw) To: Arnd Bergmann Cc: Andreas Schwab, Geert Uytterhoeven, Greg Ungerer, Gavin Lambert, uClinux development list, Philippe De Muyter, Linux/m68k, linux-arch On Tue, 19 Apr 2011, Arnd Bergmann wrote: > On Monday 18 April 2011, Andreas Schwab wrote: > > > > > > -void *sys_call_table[__NR_syscalls] = { > > > +const void *sys_call_table[__NR_syscalls] = { > > > > That's not making it read-only. You need to move the const to the other > > side of the pointer. > > D'oh! > > 8<-------- > [PATCH] mark sys_call_table as const > > There is no reason to have sys_call_table writable, and putting > it into the rodata section can make it harder for malicious users > to overwrite the entry points. Wouldn't that require const void * const sys_call_table[] ? Finn > > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > --- > diff --git a/arch/score/kernel/sys_call_table.c b/arch/score/kernel/sys_call_table.c > index 287369b..6d61120 100644 > --- a/arch/score/kernel/sys_call_table.c > +++ b/arch/score/kernel/sys_call_table.c > @@ -7,6 +7,6 @@ > #undef __SYSCALL > #define __SYSCALL(nr, call) [nr] = (call), > > -void *sys_call_table[__NR_syscalls] = { > +void *const sys_call_table[__NR_syscalls] = { > #include <asm/unistd.h> > }; > diff --git a/arch/tile/include/asm/syscalls.h b/arch/tile/include/asm/syscalls.h > index 3b5507c..c0d6914 100644 > --- a/arch/tile/include/asm/syscalls.h > +++ b/arch/tile/include/asm/syscalls.h > @@ -25,9 +25,9 @@ > #include <linux/compat.h> > > /* The array of function pointers for syscalls. */ > -extern void *sys_call_table[]; > +extern void *const sys_call_table[]; > #ifdef CONFIG_COMPAT > -extern void *compat_sys_call_table[]; > +extern void *const compat_sys_call_table[]; > #endif > > /* > diff --git a/arch/tile/kernel/compat.c b/arch/tile/kernel/compat.c > index dbc213a..aedf769 100644 > --- a/arch/tile/kernel/compat.c > +++ b/arch/tile/kernel/compat.c > @@ -166,7 +166,7 @@ long tile_compat_sys_msgrcv(int msqid, > * Note that we can't include <linux/unistd.h> here since the header > * guard will defeat us; <asm/unistd.h> checks for __SYSCALL as well. > */ > -void *compat_sys_call_table[__NR_syscalls] = { > +void *const compat_sys_call_table[__NR_syscalls] = { > [0 ... __NR_syscalls-1] = sys_ni_syscall, > #include <asm/unistd.h> > }; > diff --git a/arch/tile/kernel/sys.c b/arch/tile/kernel/sys.c > index e2187d2..1fb2480 100644 > --- a/arch/tile/kernel/sys.c > +++ b/arch/tile/kernel/sys.c > @@ -122,7 +122,7 @@ SYSCALL_DEFINE6(mmap, unsigned long, addr, unsigned long, len, > * Note that we can't include <linux/unistd.h> here since the header > * guard will defeat us; <asm/unistd.h> checks for __SYSCALL as well. > */ > -void *sys_call_table[__NR_syscalls] = { > +void *const sys_call_table[__NR_syscalls] = { > [0 ... __NR_syscalls-1] = sys_ni_syscall, > #include <asm/unistd.h> > }; > diff --git a/arch/unicore32/kernel/sys.c b/arch/unicore32/kernel/sys.c > index 3afe60a..00f3046 100644 > --- a/arch/unicore32/kernel/sys.c > +++ b/arch/unicore32/kernel/sys.c > @@ -120,7 +120,7 @@ SYSCALL_DEFINE6(mmap2, unsigned long, addr, unsigned long, len, > #define __SYSCALL(nr, call) [nr] = (call), > > /* Note that we don't include <linux/unistd.h> but <asm/unistd.h> */ > -void *sys_call_table[__NR_syscalls] = { > +void *const sys_call_table[__NR_syscalls] = { > [0 ... __NR_syscalls-1] = sys_ni_syscall, > #include <asm/unistd.h> > }; > -- > To unsubscribe from this list: send the line "unsubscribe linux-m68k" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table) 2011-04-19 8:12 ` Finn Thain @ 2011-04-19 11:54 ` Andreas Schwab [not found] ` <m2k4eqfocu.fsf@igel.home> 1 sibling, 0 replies; 9+ messages in thread From: Andreas Schwab @ 2011-04-19 11:54 UTC (permalink / raw) To: Finn Thain Cc: Arnd Bergmann, Geert Uytterhoeven, Greg Ungerer, Gavin Lambert, uClinux development list, Philippe De Muyter, Linux/m68k, linux-arch Finn Thain <fthain@telegraphics.com.au> writes: > Wouldn't that require const void * const sys_call_table[] ? No, the right signature would be void (*const sys_call_table[])(void) since this is an array of function pointers. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." ^ permalink raw reply [flat|nested] 9+ messages in thread
[parent not found: <m2k4eqfocu.fsf@igel.home>]
* Re: Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table) [not found] ` <m2k4eqfocu.fsf@igel.home> @ 2011-04-19 12:16 ` Arnd Bergmann 2011-04-19 13:25 ` Andreas Schwab 2011-04-19 15:31 ` Finn Thain 1 sibling, 1 reply; 9+ messages in thread From: Arnd Bergmann @ 2011-04-19 12:16 UTC (permalink / raw) To: Andreas Schwab Cc: Finn Thain, Geert Uytterhoeven, Greg Ungerer, Gavin Lambert, uClinux development list, Philippe De Muyter, Linux/m68k, linux-arch On Tuesday 19 April 2011, Andreas Schwab wrote: > Finn Thain <fthain@telegraphics.com.au> writes: > > > Wouldn't that require const void * const sys_call_table[] ? > > No, the right signature would be void (*const sys_call_table[])(void) > since this is an array of function pointers. > But it's not an array of pointers to function with signature void f(void). It's an array of void pointers that we assign to function pointers of various types. Arnd ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table) 2011-04-19 12:16 ` Arnd Bergmann @ 2011-04-19 13:25 ` Andreas Schwab 0 siblings, 0 replies; 9+ messages in thread From: Andreas Schwab @ 2011-04-19 13:25 UTC (permalink / raw) To: Arnd Bergmann Cc: Finn Thain, Geert Uytterhoeven, Greg Ungerer, Gavin Lambert, uClinux development list, Philippe De Muyter, Linux/m68k, linux-arch Arnd Bergmann <arnd@arndb.de> writes: > But it's not an array of pointers to function with signature > void f(void). It does not matter which kind of function pointer you use since all function pointers are alike (unlike data pointers). > It's an array of void pointers that we assign to function pointers of > various types. It is an array of function pointers. It is only void * because that suppresses a warning (it is only accessed through assembly, so any type the size of a pointer would do). Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table) [not found] ` <m2k4eqfocu.fsf@igel.home> 2011-04-19 12:16 ` Arnd Bergmann @ 2011-04-19 15:31 ` Finn Thain 1 sibling, 0 replies; 9+ messages in thread From: Finn Thain @ 2011-04-19 15:31 UTC (permalink / raw) To: Andreas Schwab Cc: Arnd Bergmann, Geert Uytterhoeven, Greg Ungerer, Gavin Lambert, uClinux development list, Philippe De Muyter, Linux/m68k, linux-arch On Tue, 19 Apr 2011, Andreas Schwab wrote: > Finn Thain <fthain@telegraphics.com.au> writes: > > > Wouldn't that require const void * const sys_call_table[] ? > > No, the right signature would be void (*const sys_call_table[])(void) > since this is an array of function pointers. Right. I mis-parsed the definition as a pointer to an array... Sorry about the noise. Finn > > Andreas. > > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table)
@ 2011-04-13 18:05 Geert Uytterhoeven
0 siblings, 0 replies; 9+ messages in thread
From: Geert Uytterhoeven @ 2011-04-13 18:05 UTC (permalink / raw)
To: Andreas Schwab
Cc: Greg Ungerer, Gavin Lambert, uClinux development list,
Philippe De Muyter, Linux/m68k, linux-arch, Arnd Bergmann
On Thu, Apr 7, 2011 at 10:29, Andreas Schwab <schwab@linux-m68k.org> wrote:
> Geert Uytterhoeven <geert@linux-m68k.org> writes:
>> Isn't there a reason it was read-write on m68k, like the table may be changed
>> at runtime (to install rootkits :-)? Have to check what the other arches do...
>
> Initially the syscall_table in Linux has always been writable, bb152f53
> ("x86/x86_64: mark rodata section read-only: make some datastructures
> const") made it read-only on x86. Apparently nobody bothered to do the
> equivalent change on m68k (I don't think anything makes the kernel text
> segment write protected anyway).
11 arches still store it in "data", including the 4 using the new
asm-generic/unistd.h
framework. 9 use "rodata" and 6 use "text".
The constness of C "extern" declarations doesn't necessarily matches the
actual sections.
alpha: .data
arm: presumably .text?
avr32: .section .rodata,"a",@progbits
blackfin: .section .l1.data / .data
cris: .section .rodata,"a"
frv: .section .rodata
h8300: .section .text
ia64: .rodata
extern unsigned long sys_call_table[NR_syscalls];
m32r: .section .rodata,"a"
m68k: .data (mmu), .text (nommu)
m68knommu: .text
microblaze: .section .rodata,"a"
mips: presumably .text?
mn10300: .data
extern const unsigned long sys_call_table[];
parisc: .section .rodata,"a"
powerpc: presumably .text?
extern unsigned long *sys_call_table;
static void *spu_syscall_table[] (SPU in CBEA)
s390: .section .rodata, "a"
extern const unsigned int sys_call_table[];
score: void *sys_call_table[__NR_syscalls[] = { ... }
sh: .data
extern const unsigned long sys_call_table[];
sh64: .section .data, "aw"
sparc: .data
extern const unsigned int sys_call_table[];
sparc64: .text
tile: void *sys_call_table[__NR_syscalls] = { ... }
void *compat_sys_call_table[__NR_syscalls] = { ... }
um: extern syscall_handler_t *sys_call_table[];
unicore32: void *sys_call_table[__NR_syscalls] = { ... }
x86: .section .rodata,"a"
extern const unsigned long sys_call_table[];
const sys_call_ptr_t
sys_call_table[__NR_syscall_max+1] = { ... }
xtensa: syscall_t sys_call_table[__NR_syscall_count] = { ... }
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 9+ messages in threadend of thread, other threads:[~2011-04-19 15:31 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <BANLkTimbHgmUvisE7+TCkgthejNi_zdojQ@mail.gmail.com>
2011-04-18 14:49 ` Writable sys_call_table (was: Re: [uClinux-dev] [PATCH] m68k: Merge mmu and non-mmu versions of sys_call_table) Arnd Bergmann
2011-04-18 16:21 ` Andreas Schwab
2011-04-19 7:48 ` Arnd Bergmann
2011-04-19 8:12 ` Finn Thain
2011-04-19 11:54 ` Andreas Schwab
[not found] ` <m2k4eqfocu.fsf@igel.home>
2011-04-19 12:16 ` Arnd Bergmann
2011-04-19 13:25 ` Andreas Schwab
2011-04-19 15:31 ` Finn Thain
2011-04-13 18:05 Geert Uytterhoeven
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox