Re: [PATCH 2/2] No-exec support for ppc64

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: Jake Moilanen <moilanen@austin.ibm.com>
Cc: Andrew Morton <akpm@osdl.org>,
	linuxppc64-dev <linuxppc64-dev@ozlabs.org>,
	Linux Kernel list <linux-kernel@vger.kernel.org>,
	Anton Blanchard <anton@samba.org>,
	Paul Mackerras <paulus@samba.org>
Subject: Re: [PATCH 2/2] No-exec support for ppc64
Date: Wed, 09 Mar 2005 14:02:01 +1100	[thread overview]
Message-ID: <1110337321.32556.26.camel@gaston> (raw)
In-Reply-To: <20050308171326.3d72363a.moilanen@austin.ibm.com>

On Tue, 2005-03-08 at 17:13 -0600, Jake Moilanen wrote:

> diff -puN arch/ppc64/kernel/iSeries_setup.c~nx-kernel-ppc64 arch/ppc64/kernel/iSeries_setup.c
> --- linux-2.6-bk/arch/ppc64/kernel/iSeries_setup.c~nx-kernel-ppc64	2005-03-08 16:08:57 -06:00
> +++ linux-2.6-bk-moilanen/arch/ppc64/kernel/iSeries_setup.c	2005-03-08 16:08:57 -06:00
> @@ -624,6 +624,7 @@ static void __init iSeries_bolt_kernel(u
>  {
>  	unsigned long pa;
>  	unsigned long mode_rw = _PAGE_ACCESSED | _PAGE_COHERENT | PP_RWXX;
> +	unsigned long tmp_mode;
>  	HPTE hpte;
>  
>  	for (pa = saddr; pa < eaddr ;pa += PAGE_SIZE) {
> @@ -632,6 +633,12 @@ static void __init iSeries_bolt_kernel(u
>  		unsigned long va = (vsid << 28) | (pa & 0xfffffff);
>  		unsigned long vpn = va >> PAGE_SHIFT;
>  		unsigned long slot = HvCallHpt_findValid(&hpte, vpn);
> +
> +		tmp_mode = mode_rw;
> +
> +		/* Make non-kernel text non-executable */
> +		if (!is_kernel_text(ea))
> +			tmp_mode = mode_rw | HW_NO_EXEC;
>  
>  		if (hpte.dw0.dw0.v) {
>  			/* HPTE exists, so just bolt it */

tmp_mode doesn't seem to be ever used here ...

>  /* Free memory returned from module_alloc */
> diff -puN arch/ppc64/mm/fault.c~nx-kernel-ppc64 arch/ppc64/mm/fault.c
> --- linux-2.6-bk/arch/ppc64/mm/fault.c~nx-kernel-ppc64	2005-03-08 16:08:57 -06:00
> +++ linux-2.6-bk-moilanen/arch/ppc64/mm/fault.c	2005-03-08 16:08:57 -06:00
> @@ -76,6 +76,21 @@ static int store_updates_sp(struct pt_re
>  	return 0;
>  }
>  
> +pte_t *lookup_address(unsigned long address) 
> +{ 
> +	pgd_t *pgd = pgd_offset_k(address); 
> +	pmd_t *pmd;
> +
> +	if (pgd_none(*pgd))
> +		return NULL;
> +
> +	pmd = pmd_offset(pgd, address); 	       
> +	if (pmd_none(*pmd))
> +		return NULL;
> +
> +        return pte_offset_kernel(pmd, address);
> +} 

Use find_linux_pte() here (asm-ppc64/pgtable.h). It will return NULL of
the PTE is not present too, so no need to dbl check that. That way, I
won't have to fix your copy of the function when I get the proper 4L
headers patch in ;)

>  /*
>   * The error_code parameter is
>   *  - DSISR for a non-SLB data access fault,
> @@ -94,6 +109,7 @@ int do_page_fault(struct pt_regs *regs, 
>  	unsigned long is_write = error_code & 0x02000000;
>  	unsigned long trap = TRAP(regs);
>   	unsigned long is_exec = trap == 0x400;	
> +	pte_t *ptep;
>  
>  	BUG_ON((trap == 0x380) || (trap == 0x480));
>  
> @@ -253,6 +269,15 @@ bad_area_nosemaphore:
>  		info.si_addr = (void __user *) address;
>  		force_sig_info(SIGSEGV, &info, current);
>  		return 0;
> +	} 
> +
> +	ptep = lookup_address(address);
> +
> +	if (ptep && pte_present(*ptep) && !pte_exec(*ptep)) {
> +		if (printk_ratelimit())
> +			printk(KERN_CRIT "kernel tried to execute NX-protected page - exploit attempt? (uid: %d)\n", current->uid);
> +		show_stack(current, (unsigned long *)__get_SP());
> +		do_exit(SIGKILL);
>  	}

Can you try to limit to 80 columns ? (I know, I'm not the best for that
neither, but I'm trying to cure myself here, I promise my next rewrite
of radeonfb will be fully 80-columns safe :)

next prev parent reply	other threads:[~2005-03-09  3:06 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-03-08 22:59 [PATCH 0/2] No-exec support for ppc64 Jake Moilanen
2005-03-08 23:08 ` [PATCH 1/2] " Jake Moilanen
2005-03-10  3:22   ` Olof Johansson
2005-03-10 22:25     ` Jake Moilanen
2005-03-14 10:13       ` Paul Mackerras
2005-03-14 21:51         ` Jake Moilanen
2005-03-14 22:18           ` Paul Mackerras
2005-03-15 21:51             ` Jake Moilanen
2005-03-15 22:48               ` Alan Modra
2005-03-15 23:17                 ` Jake Moilanen
2005-03-16  6:10               ` Paul Mackerras
2005-03-16 21:45                 ` Jake Moilanen
2005-03-08 23:13 ` [PATCH 2/2] " Jake Moilanen
2005-03-09  3:02   ` Benjamin Herrenschmidt [this message]
2005-03-10  3:25   ` Olof Johansson
2005-03-10  7:15     ` Benjamin Herrenschmidt
2005-03-10 22:27       ` Jake Moilanen
2005-03-10 22:44         ` Benjamin Herrenschmidt
2005-03-11 14:01           ` Jake Moilanen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1110337321.32556.26.camel@gaston \
    --to=benh@kernel.crashing.org \
    --cc=akpm@osdl.org \
    --cc=anton@samba.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc64-dev@ozlabs.org \
    --cc=moilanen@austin.ibm.com \
    --cc=paulus@samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox