[PATCH net-next 08/10] x86: unexport set_memory_ro and set_memory_rw

[PATCH net-next 08/10] x86: unexport set_memory_ro and set_memory_rw

[Daniel Borkmann]

This effectively unexports set_memory_ro and set_memory_rw functions, and
thus reverts a03352d2c1dc ("x86: export set_memory_ro and set_memory_rw").

They have been introduced for debugging purposes in e1000e, but no module
user is in mainline kernel (anymore?) and we explicitly do not want modules
to use these functions, as they i.e. protect eBPF (interpreted & JIT'ed)
images from malicious modifications or bugs.

Outside of eBPF scope, I believe also other set_memory_* functions should
be unexported on x86 for modules.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Bruce Allan <bruce.w.allan@intel.com>
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: linux-kernel@vger.kernel.org
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
---
 arch/x86/mm/pageattr.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index 536ea2f..81e8282 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -1654,13 +1654,11 @@ int set_memory_ro(unsigned long addr, int numpages)
 {
 	return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW), 0);
 }
-EXPORT_SYMBOL_GPL(set_memory_ro);
 
 int set_memory_rw(unsigned long addr, int numpages)
 {
 	return change_page_attr_set(&addr, numpages, __pgprot(_PAGE_RW), 0);
 }
-EXPORT_SYMBOL_GPL(set_memory_rw);
 
 int set_memory_np(unsigned long addr, int numpages)
 {
-- 
1.9.3

[PATCH net-next 09/10] arm64: unexport set_memory_ro and set_memory_rw

[Daniel Borkmann]

This effectively unexports set_memory_ro and set_memory_rw functions from
commit 11d91a770f1f ("arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support").

No module user of those is in mainline kernel and we explicitly do not want
modules to use these functions, as they i.e. protect eBPF (interpreted and
JIT'ed) images from malicious modifications or bugs.

Outside of eBPF scope, I believe also other set_memory_* functions should
be unexported on arm64 for modules.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Laura Abbott <lauraa@codeaurora.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-kernel@vger.kernel.org
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
---
 arch/arm64/mm/pageattr.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
index bb0ea94..8659357 100644
--- a/arch/arm64/mm/pageattr.c
+++ b/arch/arm64/mm/pageattr.c
@@ -70,7 +70,6 @@ int set_memory_ro(unsigned long addr, int numpages)
 					__pgprot(PTE_RDONLY),
 					__pgprot(PTE_WRITE));
 }
-EXPORT_SYMBOL_GPL(set_memory_ro);
 
 int set_memory_rw(unsigned long addr, int numpages)
 {
@@ -78,7 +77,6 @@ int set_memory_rw(unsigned long addr, int numpages)
 					__pgprot(PTE_WRITE),
 					__pgprot(PTE_RDONLY));
 }
-EXPORT_SYMBOL_GPL(set_memory_rw);
 
 int set_memory_nx(unsigned long addr, int numpages)
 {
-- 
1.9.3

Re: [PATCH net-next 09/10] arm64: unexport set_memory_ro and set_memory_rw

[Laura Abbott]

On 2/27/2015 6:55 AM, Daniel Borkmann wrote:
> This effectively unexports set_memory_ro and set_memory_rw functions from
> commit 11d91a770f1f ("arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support").
>
> No module user of those is in mainline kernel and we explicitly do not want
> modules to use these functions, as they i.e. protect eBPF (interpreted and
> JIT'ed) images from malicious modifications or bugs.
>
> Outside of eBPF scope, I believe also other set_memory_* functions should
> be unexported on arm64 for modules.
>
> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
> Cc: Laura Abbott <lauraa@codeaurora.org>
> Cc: Will Deacon <will.deacon@arm.com>
> Cc: linux-kernel@vger.kernel.org
> Acked-by: Alexei Starovoitov <ast@plumgrid.com>
> ---
>   arch/arm64/mm/pageattr.c | 2 --
>   1 file changed, 2 deletions(-)
>

We have some uses for modules doing set_memory_ro/rw but none that are
in mainline. That can be dealt with if the features ever get
mainlined which seems unlikely.

Acked-by: Laura Abbott <lauraa@codeaurora.org>

> diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
> index bb0ea94..8659357 100644
> --- a/arch/arm64/mm/pageattr.c
> +++ b/arch/arm64/mm/pageattr.c
> @@ -70,7 +70,6 @@ int set_memory_ro(unsigned long addr, int numpages)
>   					__pgprot(PTE_RDONLY),
>   					__pgprot(PTE_WRITE));
>   }
> -EXPORT_SYMBOL_GPL(set_memory_ro);
>
>   int set_memory_rw(unsigned long addr, int numpages)
>   {
> @@ -78,7 +77,6 @@ int set_memory_rw(unsigned long addr, int numpages)
>   					__pgprot(PTE_WRITE),
>   					__pgprot(PTE_RDONLY));
>   }
> -EXPORT_SYMBOL_GPL(set_memory_rw);
>
>   int set_memory_nx(unsigned long addr, int numpages)
>   {
>


-- 
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project

Re: [PATCH net-next 09/10] arm64: unexport set_memory_ro and set_memory_rw

[Will Deacon]

On Fri, Feb 27, 2015 at 02:55:41PM +0000, Daniel Borkmann wrote:
> This effectively unexports set_memory_ro and set_memory_rw functions from
> commit 11d91a770f1f ("arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support").
> 
> No module user of those is in mainline kernel and we explicitly do not want
> modules to use these functions, as they i.e. protect eBPF (interpreted and
> JIT'ed) images from malicious modifications or bugs.
> 
> Outside of eBPF scope, I believe also other set_memory_* functions should
> be unexported on arm64 for modules.
> 
> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
> Cc: Laura Abbott <lauraa@codeaurora.org>
> Cc: Will Deacon <will.deacon@arm.com>
> Cc: linux-kernel@vger.kernel.org
> Acked-by: Alexei Starovoitov <ast@plumgrid.com>
> ---
>  arch/arm64/mm/pageattr.c | 2 --
>  1 file changed, 2 deletions(-)
> 
> diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
> index bb0ea94..8659357 100644
> --- a/arch/arm64/mm/pageattr.c
> +++ b/arch/arm64/mm/pageattr.c
> @@ -70,7 +70,6 @@ int set_memory_ro(unsigned long addr, int numpages)
>  					__pgprot(PTE_RDONLY),
>  					__pgprot(PTE_WRITE));
>  }
> -EXPORT_SYMBOL_GPL(set_memory_ro);
>  
>  int set_memory_rw(unsigned long addr, int numpages)
>  {
> @@ -78,7 +77,6 @@ int set_memory_rw(unsigned long addr, int numpages)
>  					__pgprot(PTE_WRITE),
>  					__pgprot(PTE_RDONLY));
>  }
> -EXPORT_SYMBOL_GPL(set_memory_rw);
>  
>  int set_memory_nx(unsigned long addr, int numpages)
>  {

Looks good to me. Can this be applied independently, or does it need to
remain part of your series?

Will

Re: [PATCH net-next 09/10] arm64: unexport set_memory_ro and set_memory_rw

[Daniel Borkmann]

On 02/27/2015 08:54 PM, Will Deacon wrote:
...
> Looks good to me. Can this be applied independently, or does it need to
> remain part of your series?

Ideally, it should be seen as part of this series, but I have no problem
if this one goes via arm64 tree, instead. What Dave and you prefer. ;)

Thanks,
Daniel

[tip:x86/mm] x86/mm: Unexport set_memory_ro() and set_memory_rw()

[tip-bot for Daniel Borkmann]

Commit-ID:  6bbb614ec478961c7443086bdf7fd6784479c14a
Gitweb:     http://git.kernel.org/tip/6bbb614ec478961c7443086bdf7fd6784479c14a
Author:     Daniel Borkmann <daniel@iogearbox.net>
AuthorDate: Fri, 27 Feb 2015 15:55:40 +0100
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Sat, 28 Feb 2015 10:41:59 +0100

x86/mm: Unexport set_memory_ro() and set_memory_rw()

This effectively unexports set_memory_ro() and set_memory_rw()
functions, and thus reverts:

  a03352d2c1dc ("x86: export set_memory_ro and set_memory_rw").

They have been introduced for debugging purposes in e1000e, but
no module user is in mainline kernel (anymore?) and we
explicitly do not want modules to use these functions, as they
i.e. protect eBPF (interpreted & JIT'ed) images from malicious
modifications or bugs.

Outside of eBPF scope, I believe also other set_memory_*()
functions should be unexported on x86 for modules.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Bruce Allan <bruce.w.allan@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: davem@davemloft.net
Link: http://lkml.kernel.org/r/a064393a0a5d319eebde5c761cfd743132d4f213.1425040940.git.daniel@iogearbox.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/mm/pageattr.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index 536ea2f..81e8282 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -1654,13 +1654,11 @@ int set_memory_ro(unsigned long addr, int numpages)
 {
 	return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW), 0);
 }
-EXPORT_SYMBOL_GPL(set_memory_ro);
 
 int set_memory_rw(unsigned long addr, int numpages)
 {
 	return change_page_attr_set(&addr, numpages, __pgprot(_PAGE_RW), 0);
 }
-EXPORT_SYMBOL_GPL(set_memory_rw);
 
 int set_memory_np(unsigned long addr, int numpages)
 {

Re: [tip:x86/mm] x86/mm: Unexport set_memory_ro() and set_memory_rw()

[Arjan van de Ven]

On 2/28/2015 2:00 AM, tip-bot for Daniel Borkmann wrote:
> Commit-ID:  6bbb614ec478961c7443086bdf7fd6784479c14a
> Gitweb:     http://git.kernel.org/tip/6bbb614ec478961c7443086bdf7fd6784479c14a
> Author:     Daniel Borkmann <daniel@iogearbox.net>
> AuthorDate: Fri, 27 Feb 2015 15:55:40 +0100
> Committer:  Ingo Molnar <mingo@kernel.org>
> CommitDate: Sat, 28 Feb 2015 10:41:59 +0100
>
> x86/mm: Unexport set_memory_ro() and set_memory_rw()
>
> This effectively unexports set_memory_ro() and set_memory_rw()
> functions, and thus reverts:
>
>    a03352d2c1dc ("x86: export set_memory_ro and set_memory_rw").
>
> They have been introduced for debugging purposes in e1000e, but
> no module user is in mainline kernel (anymore?) and we
> explicitly do not want modules to use these functions, as they
> i.e. protect eBPF (interpreted & JIT'ed) images from malicious
> modifications or bugs.
>
> Outside of eBPF scope, I believe also other set_memory_*()
> functions should be unexported on x86 for modules.
>

Acked-by: Arjan van de Ven <arjan@linux.intel.com>

Re: [PATCH net-next 09/10] arm64: unexport set_memory_ro and set_memory_rw

[Daniel Borkmann]

Hi Will,

On 02/27/2015 09:05 PM, Daniel Borkmann wrote:
> On 02/27/2015 08:54 PM, Will Deacon wrote:
> ...
>> Looks good to me. Can this be applied independently, or does it need to
>> remain part of your series?
>
> Ideally, it should be seen as part of this series, but I have no problem
> if this one goes via arm64 tree, instead. What Dave and you prefer. ;)

I'll resend you this one directly as a stand-alone patch to arm64,
with Acked-by's preserved.

Thanks,
Daniel