Hi Linus,
Please pull below to receive modules updates for the v5.8 merge window.
Details can be found in the signed tag.
There was a small conflict with the livepatching tree, which has already been
merged into master. Inlined below you'll find the conflict resolution merging
modules-next into mainline. It should be straightforward, but please let me
know if you run into any issues. Thanks!
diff --cc kernel/module.c
index bca993c5f1bc,70fc20583e66..ef400c389f49
--- a/kernel/module.c
+++ b/kernel/module.c
@@@ -2026,20 -2052,29 +2042,29 @@@ static void module_enable_nx(const stru
frob_writable_data(&mod->init_layout, set_memory_nx);
}
+ static int module_enforce_rwx_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
+ char *secstrings, struct module *mod)
+ {
+ const unsigned long shf_wx = SHF_WRITE|SHF_EXECINSTR;
+ int i;
+
+ for (i = 0; i < hdr->e_shnum; i++) {
+ if ((sechdrs[i].sh_flags & shf_wx) == shf_wx)
+ return -ENOEXEC;
+ }
+
+ return 0;
+ }
+
#else /* !CONFIG_STRICT_MODULE_RWX */
-/* module_{enable,disable}_ro() stubs are in module.h */
static void module_enable_nx(const struct module *mod) { }
+static void module_enable_ro(const struct module *mod, bool after_init) {}
- #endif /* CONFIG_STRICT_MODULE_RWX */
- static void module_enable_x(const struct module *mod)
+ static int module_enforce_rwx_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
+ char *secstrings, struct module *mod)
{
- frob_text(&mod->core_layout, set_memory_x);
- frob_text(&mod->init_layout, set_memory_x);
+ return 0;
}
- #else /* !CONFIG_ARCH_HAS_STRICT_MODULE_RWX */
- static void module_enable_nx(const struct module *mod) { }
- static void module_enable_x(const struct module *mod) { }
- #endif /* CONFIG_ARCH_HAS_STRICT_MODULE_RWX */
-
+ #endif /* CONFIG_STRICT_MODULE_RWX */
#ifdef CONFIG_LIVEPATCH
/*
---
The following changes since commit 8f3d9f354286745c751374f5f1fcafee6b3f3136:
Linux 5.7-rc1 (2020-04-12 12:35:55 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux.git tags/modules-for-v5.8
for you to fetch changes up to 5c3a7db0c7ec4bbd5bd3f48af9be859a8fa3e532:
module: Harden STRICT_MODULE_RWX (2020-04-21 17:20:13 +0200)
----------------------------------------------------------------
Modules updates for v5.8
Summary of modules changes for the 5.8 merge window:
- Harden CONFIG_STRICT_MODULE_RWX by rejecting any module that has
SHF_WRITE|SHF_EXECINSTR sections
- Remove and clean up nested #ifdefs, as it makes code hard to read
Signed-off-by: Jessica Yu <[email protected]>
----------------------------------------------------------------
Jessica Yu (1):
module: break nested ARCH_HAS_STRICT_MODULE_RWX and STRICT_MODULE_RWX #ifdefs
Peter Zijlstra (1):
module: Harden STRICT_MODULE_RWX
kernel/module.c | 51 +++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 41 insertions(+), 10 deletions(-)
On Fri, Jun 5, 2020 at 2:34 AM Jessica Yu <[email protected]> wrote:
>
> Please pull below to receive modules updates for the v5.8 merge window.
Done. Considering the confusion this merge window with the
dependencies of trees with each other, can you verify that what I got
matches what you expect?
Linus
The pull request you sent on Fri, 5 Jun 2020 11:33:56 +0200:
> git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux.git tags/modules-for-v5.8
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/084623e468d535d98f883cc2ccf2c4fdf2108556
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.wiki.kernel.org/userdoc/prtracker
+++ Linus Torvalds [05/06/20 13:38 -0700]:
>On Fri, Jun 5, 2020 at 2:34 AM Jessica Yu <[email protected]> wrote:
>>
>> Please pull below to receive modules updates for the v5.8 merge window.
>
>Done. Considering the confusion this merge window with the
>dependencies of trees with each other, can you verify that what I got
>matches what you expect?
I reviewed the result of the merge and it matches what I expected. Thank you!