From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5C261C7EE23
	for <linux-mm@archiver.kernel.org>; Tue, 16 May 2023 21:57:43 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id C0238900004; Tue, 16 May 2023 17:57:42 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id BB19F900002; Tue, 16 May 2023 17:57:42 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id AA0E3900004; Tue, 16 May 2023 17:57:42 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id 99E0E900002
	for <linux-mm@kvack.org>; Tue, 16 May 2023 17:57:42 -0400 (EDT)
Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 5C7D5120275
	for <linux-mm@kvack.org>; Tue, 16 May 2023 21:57:42 +0000 (UTC)
X-FDA: 80797480764.12.3B98239
Received: from out-41.mta1.migadu.com (out-41.mta1.migadu.com [95.215.58.41])
	by imf29.hostedemail.com (Postfix) with ESMTP id 70AE2120009
	for <linux-mm@kvack.org>; Tue, 16 May 2023 21:57:40 +0000 (UTC)
Authentication-Results: imf29.hostedemail.com;
	dkim=pass header.d=linux.dev header.s=key1 header.b=jJSE6AXl;
	spf=pass (imf29.hostedemail.com: domain of kent.overstreet@linux.dev designates 95.215.58.41 as permitted sender) smtp.mailfrom=kent.overstreet@linux.dev;
	dmarc=pass (policy=none) header.from=linux.dev
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1684274260;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=rg+4VYgNan6dQhp4G+ztNtHxMTIHL0gkWBPXAeaTX8c=;
	b=HxvUu61qgXQkJ7UZNcndiCD3ziNUIkZ9vA3V13BTorPlB5ocuMQln8Fhha6f5AjUCjeuWb
	PrnkaehMdo+c3zUUaeMdIIB3+JH0IemColZbrc3bCAgOXvvaI1Vqddu1U1QcZ0EPfdt4M1
	yNAulBTu4wd5tJYSUoIL2XpB+VZkamU=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684274260; a=rsa-sha256;
	cv=none;
	b=06Mc3KDa1GFTXk08+wLRWbWv+GPD46R+uRobYlzHqDFLQ92BHxycML4/IskLVD5RopmcWt
	ktzgG1itwQ+OctSuIeo6WMxafUCI3FqXyZA5t5MHaQgwP5RNIEjQWikYKM4QFxj2Rbhvpu
	iScwLvBULXUqqnVdvNVRXi03gsNWwvM=
ARC-Authentication-Results: i=1;
	imf29.hostedemail.com;
	dkim=pass header.d=linux.dev header.s=key1 header.b=jJSE6AXl;
	spf=pass (imf29.hostedemail.com: domain of kent.overstreet@linux.dev designates 95.215.58.41 as permitted sender) smtp.mailfrom=kent.overstreet@linux.dev;
	dmarc=pass (policy=none) header.from=linux.dev
Date: Tue, 16 May 2023 17:57:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1;
	t=1684274258;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=rg+4VYgNan6dQhp4G+ztNtHxMTIHL0gkWBPXAeaTX8c=;
	b=jJSE6AXlg0mKNpZ3QsGHLfN984zv1y3ihtZM67UQucdGqvaeKISoBqjvubCygEtZOjn63P
	CgtKcnIJRmvE8tN4JU0oQdw66873QmANJIugqZktPXHNnkHuR8oAA0U6N1F3eeJ2Y1sGo5
	envgWXp+n4uKqfyotbMjEdRM/d9ymyg=
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
From: Kent Overstreet <kent.overstreet@linux.dev>
To: Matthew Wilcox <willy@infradead.org>
Cc: Kees Cook <keescook@chromium.org>,
	Johannes Thumshirn <Johannes.Thumshirn@wdc.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	"linux-bcachefs@vger.kernel.org" <linux-bcachefs@vger.kernel.org>,
	Kent Overstreet <kent.overstreet@gmail.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Uladzislau Rezki <urezki@gmail.com>,
	"hch@infradead.org" <hch@infradead.org>,
	"linux-mm@kvack.org" <linux-mm@kvack.org>,
	"linux-hardening@vger.kernel.org" <linux-hardening@vger.kernel.org>
Subject: Re: [PATCH 07/32] mm: Bring back vmalloc_exec
Message-ID: <ZGP8TYbpOdJilvD2@moria.home.lan>
References: <20230509165657.1735798-1-kent.overstreet@linux.dev>
 <20230509165657.1735798-8-kent.overstreet@linux.dev>
 <3508afc0-6f03-a971-e716-999a7373951f@wdc.com>
 <202305111525.67001E5C4@keescook>
 <ZF6Ibvi8U9B+mV1d@moria.home.lan>
 <202305161401.F1E3ACFAC@keescook>
 <ZGPzocRpSlg+4vgN@moria.home.lan>
 <ZGP54T0d89TMySsf@casper.infradead.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ZGP54T0d89TMySsf@casper.infradead.org>
X-Migadu-Flow: FLOW_OUT
X-Rspamd-Queue-Id: 70AE2120009
X-Rspam-User: 
X-Rspamd-Server: rspam06
X-Stat-Signature: 7j4x6ix9fwryrajd1rp17wsi78kkznu6
X-HE-Tag: 1684274260-615257
X-HE-Meta: U2FsdGVkX1/DRw31a0DaBVj5mTDFIQB37pj8zp5CgnO9fHh/YGVtke/IUD3jyTn1d2ky6DIzDW4pj3fKDeP3rVoCtG+MBbTKzIu1YxFrzlXK9tnFtOMU5bV/5RLXZCx2QpIh3RfUGywryfyuZ22nE0GtqclmiuUFamcbLiVldBetjcRsrabAp/dgT4HyQkXRpdtyXfZ7G2kYwOqfXSnQMO5leGgKlcwdaEyIQv800kFDfzl+wRCwCeN2N/G9J376M6D5zr7Qrbn2yAxXN4ZHnh9uv8uIy6obpVxEoWAdi0ScCwdcp4L/9l0UmyocTxtWstmdmcGgjKdX+QG5FLZ6HmzZWf1vKKmTrTZqf9xb/aAm0AXAR3GLstr/X0f0Ltp6VB5lYCO5RpWawHHgbRb+zlwPZbJbpavQtLXZbA0fIL4NKadjV7VlAo6NXFBVywjKwwm+yk2xFbfJhDUhkAVKqZeE73o65PKH4Fnk7ieJMtA5ZJ2e3iCYoW096t5iDmz7fNOtB7jYBvVQoL8H9dqaOvB9u6bz+ecPOgkJFo/o7qQ3h9x8txxdzRyOSdSxfV9U+wthrm7aXMAFG0AECsss5dhpKDf9cH2xveswZgSG43VkKDiWOOuLS05CtT4kE0+ohm2OkG19oVZdbHdZxzi/I9gQKbhgOQsKeV8AQ8schQ8v1LU604ziqJr4iXEdfjBXg6NMKuaoIQ24qVbwiGh6AfOUJaswJV7dfxzFTNjKBaktTiYkOHdR+HN1BzYzEE/nnfHB9FrfIQu18Sk19RIlfJxjwa73mYdZdlqctPr2vLb2d8MEpajrq+BH/x1MGk6IlQN+/RYuqHmni83fdx838x8K1h773pKnpFpQ/jLarKiR/RKwA8OlEuortn3peLk9C24cTxXiuIr/aMbnUxkCm17PpTvimt/SWQaXSmY5S59iLi/jKeoxlqKVPiOmFOhsbTAoErUryKldZlRiH79
 m3dkXhe6
 jK2tTJ6RK8Cvf0VnZxsU1LqgXQis/bd8VJsVsb2ynoJwMCfCFP961nK/wRgobrcMPEk9gV46uf+dHZBPlWFupGgPcPjUdqOR499vkib28YwjTCTOCXRz/ei87zXV2Dt9EnP0uz56dwkDaQhW9HmrlOj7+kBKJCG7JD7yNiqv2NM8rJfm4PCw/ask9aioA0OhvNx2QcYEeCUoV/iI=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, May 16, 2023 at 10:47:13PM +0100, Matthew Wilcox wrote:
> On Tue, May 16, 2023 at 05:20:33PM -0400, Kent Overstreet wrote:
> > On Tue, May 16, 2023 at 02:02:11PM -0700, Kees Cook wrote:
> > > For something that small, why not use the text_poke API?
> > 
> > This looks like it's meant for patching existing kernel text, which
> > isn't what I want - I'm generating new functions on the fly, one per
> > btree node.
> > 
> > I'm working up a new allocator - a (very simple) slab allocator where
> > you pass a buffer, and it gives you a copy of that buffer mapped
> > executable, but not writeable.
> > 
> > It looks like we'll be able to convert bpf, kprobes, and ftrace
> > trampolines to it; it'll consolidate a fair amount of code (particularly
> > in bpf), and they won't have to burn a full page per allocation anymore.
> > 
> > bpf has a neat trick where it maps the same page in two different
> > locations, one is the executable location and the other is the writeable
> > location - I'm stealing that.
> 
> How does that avoid the problem of being able to construct an arbitrary
> gadget that somebody else will then execute?  IOW, what bpf has done
> seems like it's working around & undoing the security improvements.
> 
> I suppose it's an improvement that only the executable address is
> passed back to the caller, and not the writable address.

That's my thinking; grepping around finds several uses of module_alloc()
that are all doing different variations on the page permissions dance.
Let's just do it once and do it right...