* [PATCH] powerpc: Add __must_check to set_memory_...()
@ 2024-09-07 15:40 Christophe Leroy
2024-09-07 15:40 ` [PATCH] set_memory: Add __must_check to generic stubs Christophe Leroy
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Christophe Leroy @ 2024-09-07 15:40 UTC (permalink / raw)
To: Michael Ellerman, Nicholas Piggin, Naveen N Rao
Cc: Christophe Leroy, linux-kernel, linuxppc-dev, Kees Cook,
linux-hardening
After the following powerpc commits, all calls to set_memory_...()
functions check returned value.
- Commit 8f17bd2f4196 ("powerpc: Handle error in mark_rodata_ro() and
mark_initmem_nx()")
- Commit f7f18e30b468 ("powerpc/kprobes: Handle error returned by
set_memory_rox()")
- Commit 009cf11d4aab ("powerpc: Don't ignore errors from
set_memory_{n}p() in __kernel_map_pages()")
- Commit 9cbacb834b4a ("powerpc: Don't ignore errors from
set_memory_{n}p() in __kernel_map_pages()")
- Commit 78cb0945f714 ("powerpc: Handle error in mark_rodata_ro() and
mark_initmem_nx()")
All calls in core parts of the kernel also always check returned value,
can be looked at with following query:
$ git grep -w -e set_memory_ro -e set_memory_rw -e set_memory_x -e set_memory_nx -e set_memory_rox `find . -maxdepth 1 -type d | grep -v arch | grep /`
It is now possible to flag those functions with __must_check to make
sure no new unchecked call it added.
Link: https://github.com/KSPP/linux/issues/7
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
arch/powerpc/include/asm/set_memory.h | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/arch/powerpc/include/asm/set_memory.h b/arch/powerpc/include/asm/set_memory.h
index 9a025b776a4b..9c8d5747755d 100644
--- a/arch/powerpc/include/asm/set_memory.h
+++ b/arch/powerpc/include/asm/set_memory.h
@@ -12,37 +12,37 @@
int change_memory_attr(unsigned long addr, int numpages, long action);
-static inline int set_memory_ro(unsigned long addr, int numpages)
+static inline int __must_check set_memory_ro(unsigned long addr, int numpages)
{
return change_memory_attr(addr, numpages, SET_MEMORY_RO);
}
-static inline int set_memory_rw(unsigned long addr, int numpages)
+static inline int __must_check set_memory_rw(unsigned long addr, int numpages)
{
return change_memory_attr(addr, numpages, SET_MEMORY_RW);
}
-static inline int set_memory_nx(unsigned long addr, int numpages)
+static inline int __must_check set_memory_nx(unsigned long addr, int numpages)
{
return change_memory_attr(addr, numpages, SET_MEMORY_NX);
}
-static inline int set_memory_x(unsigned long addr, int numpages)
+static inline int __must_check set_memory_x(unsigned long addr, int numpages)
{
return change_memory_attr(addr, numpages, SET_MEMORY_X);
}
-static inline int set_memory_np(unsigned long addr, int numpages)
+static inline int __must_check set_memory_np(unsigned long addr, int numpages)
{
return change_memory_attr(addr, numpages, SET_MEMORY_NP);
}
-static inline int set_memory_p(unsigned long addr, int numpages)
+static inline int __must_check set_memory_p(unsigned long addr, int numpages)
{
return change_memory_attr(addr, numpages, SET_MEMORY_P);
}
-static inline int set_memory_rox(unsigned long addr, int numpages)
+static inline int __must_check set_memory_rox(unsigned long addr, int numpages)
{
return change_memory_attr(addr, numpages, SET_MEMORY_ROX);
}
--
2.44.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH] set_memory: Add __must_check to generic stubs
2024-09-07 15:40 [PATCH] powerpc: Add __must_check to set_memory_...() Christophe Leroy
@ 2024-09-07 15:40 ` Christophe Leroy
2024-11-06 9:39 ` [PATCH] powerpc: Add __must_check to set_memory_...() Christophe Leroy
2024-11-17 12:09 ` Michael Ellerman
2 siblings, 0 replies; 5+ messages in thread
From: Christophe Leroy @ 2024-09-07 15:40 UTC (permalink / raw)
To: Andrew Morton, Kees Cook, arnd
Cc: Christophe Leroy, linux-kernel, linuxppc-dev, linux-hardening,
linux-arch
Following query shows that architectures that don't provide
asm/set_memory.h don't use set_memory_...() functions.
$ git grep set_memory_ alpha arc csky hexagon loongarch m68k microblaze mips nios2 openrisc parisc sh sparc um xtensa
Following query shows that all core users of set_memory_...()
functions always take returned value into account:
$ git grep -w -e set_memory_ro -e set_memory_rw -e set_memory_x -e set_memory_nx -e set_memory_rox `find . -maxdepth 1 -type d | grep -v arch | grep /`
set_memory_...() functions can fail, leaving the memory attributes
unchanged. Make sure all callers check the returned code.
Link: https://github.com/KSPP/linux/issues/7
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
include/linux/set_memory.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/linux/set_memory.h b/include/linux/set_memory.h
index 95ac8398ee72..e7aec20fb44f 100644
--- a/include/linux/set_memory.h
+++ b/include/linux/set_memory.h
@@ -8,10 +8,10 @@
#ifdef CONFIG_ARCH_HAS_SET_MEMORY
#include <asm/set_memory.h>
#else
-static inline int set_memory_ro(unsigned long addr, int numpages) { return 0; }
-static inline int set_memory_rw(unsigned long addr, int numpages) { return 0; }
-static inline int set_memory_x(unsigned long addr, int numpages) { return 0; }
-static inline int set_memory_nx(unsigned long addr, int numpages) { return 0; }
+static inline int __must_check set_memory_ro(unsigned long addr, int numpages) { return 0; }
+static inline int __must_check set_memory_rw(unsigned long addr, int numpages) { return 0; }
+static inline int __must_check set_memory_x(unsigned long addr, int numpages) { return 0; }
+static inline int __must_check set_memory_nx(unsigned long addr, int numpages) { return 0; }
#endif
#ifndef set_memory_rox
--
2.44.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] powerpc: Add __must_check to set_memory_...()
2024-09-07 15:40 [PATCH] powerpc: Add __must_check to set_memory_...() Christophe Leroy
2024-09-07 15:40 ` [PATCH] set_memory: Add __must_check to generic stubs Christophe Leroy
@ 2024-11-06 9:39 ` Christophe Leroy
2024-11-06 12:47 ` Michael Ellerman
2024-11-17 12:09 ` Michael Ellerman
2 siblings, 1 reply; 5+ messages in thread
From: Christophe Leroy @ 2024-11-06 9:39 UTC (permalink / raw)
To: Michael Ellerman
Cc: linux-kernel, linuxppc-dev, Naveen N Rao, Nicholas Piggin,
Kees Cook, linux-hardening
Hi Michael,
Le 07/09/2024 à 17:40, Christophe Leroy a écrit :
> After the following powerpc commits, all calls to set_memory_...()
> functions check returned value.
> - Commit 8f17bd2f4196 ("powerpc: Handle error in mark_rodata_ro() and
> mark_initmem_nx()")
> - Commit f7f18e30b468 ("powerpc/kprobes: Handle error returned by
> set_memory_rox()")
> - Commit 009cf11d4aab ("powerpc: Don't ignore errors from
> set_memory_{n}p() in __kernel_map_pages()")
> - Commit 9cbacb834b4a ("powerpc: Don't ignore errors from
> set_memory_{n}p() in __kernel_map_pages()")
> - Commit 78cb0945f714 ("powerpc: Handle error in mark_rodata_ro() and
> mark_initmem_nx()")
>
> All calls in core parts of the kernel also always check returned value,
> can be looked at with following query:
>
> $ git grep -w -e set_memory_ro -e set_memory_rw -e set_memory_x -e set_memory_nx -e set_memory_rox `find . -maxdepth 1 -type d | grep -v arch | grep /`
>
> It is now possible to flag those functions with __must_check to make
> sure no new unchecked call it added.
>
> Link: https://github.com/KSPP/linux/issues/7
> Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Do you plan to take this patch anytime soon ?
The generic part of the same was already applied in previous cycle, see
https://github.com/torvalds/linux/commit/82ce8e2f31a1eb05b1527c3d807bea40031df913
Discussion at
https://lore.kernel.org/all/b0fe75b4-c1bb-47f7-a7c3-2534b31c1780@csgroup.eu/T/
suggests that it would be beneficial to enforce return checking.
Christophe
> ---
> arch/powerpc/include/asm/set_memory.h | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/arch/powerpc/include/asm/set_memory.h b/arch/powerpc/include/asm/set_memory.h
> index 9a025b776a4b..9c8d5747755d 100644
> --- a/arch/powerpc/include/asm/set_memory.h
> +++ b/arch/powerpc/include/asm/set_memory.h
> @@ -12,37 +12,37 @@
>
> int change_memory_attr(unsigned long addr, int numpages, long action);
>
> -static inline int set_memory_ro(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_ro(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_RO);
> }
>
> -static inline int set_memory_rw(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_rw(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_RW);
> }
>
> -static inline int set_memory_nx(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_nx(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_NX);
> }
>
> -static inline int set_memory_x(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_x(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_X);
> }
>
> -static inline int set_memory_np(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_np(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_NP);
> }
>
> -static inline int set_memory_p(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_p(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_P);
> }
>
> -static inline int set_memory_rox(unsigned long addr, int numpages)
> +static inline int __must_check set_memory_rox(unsigned long addr, int numpages)
> {
> return change_memory_attr(addr, numpages, SET_MEMORY_ROX);
> }
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] powerpc: Add __must_check to set_memory_...()
2024-11-06 9:39 ` [PATCH] powerpc: Add __must_check to set_memory_...() Christophe Leroy
@ 2024-11-06 12:47 ` Michael Ellerman
0 siblings, 0 replies; 5+ messages in thread
From: Michael Ellerman @ 2024-11-06 12:47 UTC (permalink / raw)
To: Christophe Leroy
Cc: linux-kernel, linuxppc-dev, Naveen N Rao, Nicholas Piggin,
Kees Cook, linux-hardening
Christophe Leroy <christophe.leroy@csgroup.eu> writes:
> Hi Michael,
>
> Le 07/09/2024 à 17:40, Christophe Leroy a écrit :
>> After the following powerpc commits, all calls to set_memory_...()
>> functions check returned value.
>> - Commit 8f17bd2f4196 ("powerpc: Handle error in mark_rodata_ro() and
>> mark_initmem_nx()")
>> - Commit f7f18e30b468 ("powerpc/kprobes: Handle error returned by
>> set_memory_rox()")
>> - Commit 009cf11d4aab ("powerpc: Don't ignore errors from
>> set_memory_{n}p() in __kernel_map_pages()")
>> - Commit 9cbacb834b4a ("powerpc: Don't ignore errors from
>> set_memory_{n}p() in __kernel_map_pages()")
>> - Commit 78cb0945f714 ("powerpc: Handle error in mark_rodata_ro() and
>> mark_initmem_nx()")
>>
>> All calls in core parts of the kernel also always check returned value,
>> can be looked at with following query:
>>
>> $ git grep -w -e set_memory_ro -e set_memory_rw -e set_memory_x -e set_memory_nx -e set_memory_rox `find . -maxdepth 1 -type d | grep -v arch | grep /`
>>
>> It is now possible to flag those functions with __must_check to make
>> sure no new unchecked call it added.
>>
>> Link: https://github.com/KSPP/linux/issues/7
>> Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
>
> Do you plan to take this patch anytime soon ?
>
> The generic part of the same was already applied in previous cycle, see
> https://github.com/torvalds/linux/commit/82ce8e2f31a1eb05b1527c3d807bea40031df913
I was waiting for the generic part to land, sorry I missed it.
Will put this in next now.
cheers
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] powerpc: Add __must_check to set_memory_...()
2024-09-07 15:40 [PATCH] powerpc: Add __must_check to set_memory_...() Christophe Leroy
2024-09-07 15:40 ` [PATCH] set_memory: Add __must_check to generic stubs Christophe Leroy
2024-11-06 9:39 ` [PATCH] powerpc: Add __must_check to set_memory_...() Christophe Leroy
@ 2024-11-17 12:09 ` Michael Ellerman
2 siblings, 0 replies; 5+ messages in thread
From: Michael Ellerman @ 2024-11-17 12:09 UTC (permalink / raw)
To: Michael Ellerman, Nicholas Piggin, Naveen N Rao, Christophe Leroy
Cc: linux-kernel, linuxppc-dev, Kees Cook, linux-hardening
On Sat, 07 Sep 2024 17:40:41 +0200, Christophe Leroy wrote:
> After the following powerpc commits, all calls to set_memory_...()
> functions check returned value.
> - Commit 8f17bd2f4196 ("powerpc: Handle error in mark_rodata_ro() and
> mark_initmem_nx()")
> - Commit f7f18e30b468 ("powerpc/kprobes: Handle error returned by
> set_memory_rox()")
> - Commit 009cf11d4aab ("powerpc: Don't ignore errors from
> set_memory_{n}p() in __kernel_map_pages()")
> - Commit 9cbacb834b4a ("powerpc: Don't ignore errors from
> set_memory_{n}p() in __kernel_map_pages()")
> - Commit 78cb0945f714 ("powerpc: Handle error in mark_rodata_ro() and
> mark_initmem_nx()")
>
> [...]
Applied to powerpc/next.
[1/1] powerpc: Add __must_check to set_memory_...()
https://git.kernel.org/powerpc/c/2abbd6d5fbe0eae3752b44c963248e19292e5104
cheers
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-11-17 12:25 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-07 15:40 [PATCH] powerpc: Add __must_check to set_memory_...() Christophe Leroy
2024-09-07 15:40 ` [PATCH] set_memory: Add __must_check to generic stubs Christophe Leroy
2024-11-06 9:39 ` [PATCH] powerpc: Add __must_check to set_memory_...() Christophe Leroy
2024-11-06 12:47 ` Michael Ellerman
2024-11-17 12:09 ` Michael Ellerman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).