Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754530AbbB0SwC (ORCPT <rfc822;w@1wt.eu>);
	Fri, 27 Feb 2015 13:52:02 -0500
Received: from smtp.codeaurora.org ([198.145.29.96]:47215 "EHLO
	smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755154AbbB0SwA (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 27 Feb 2015 13:52:00 -0500
Message-ID: <54F0BCCD.4000402@codeaurora.org>
Date: Fri, 27 Feb 2015 10:51:57 -0800
From: Laura Abbott <lauraa@codeaurora.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Daniel Borkmann <daniel@iogearbox.net>, davem@davemloft.net
CC: ast@plumgrid.com, netdev@vger.kernel.org,
        Will Deacon <will.deacon@arm.com>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH net-next 09/10] arm64: unexport set_memory_ro and set_memory_rw
References: <cover.1425040939.git.daniel@iogearbox.net> <cb778076d2d089dd52605b8eaad3ee6097e61eae.1425040940.git.daniel@iogearbox.net>
In-Reply-To: <cb778076d2d089dd52605b8eaad3ee6097e61eae.1425040940.git.daniel@iogearbox.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2084
Lines: 59

On 2/27/2015 6:55 AM, Daniel Borkmann wrote:
> This effectively unexports set_memory_ro and set_memory_rw functions from
> commit 11d91a770f1f ("arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support").
>
> No module user of those is in mainline kernel and we explicitly do not want
> modules to use these functions, as they i.e. protect eBPF (interpreted and
> JIT'ed) images from malicious modifications or bugs.
>
> Outside of eBPF scope, I believe also other set_memory_* functions should
> be unexported on arm64 for modules.
>
> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
> Cc: Laura Abbott <lauraa@codeaurora.org>
> Cc: Will Deacon <will.deacon@arm.com>
> Cc: linux-kernel@vger.kernel.org
> Acked-by: Alexei Starovoitov <ast@plumgrid.com>
> ---
>   arch/arm64/mm/pageattr.c | 2 --
>   1 file changed, 2 deletions(-)
>

We have some uses for modules doing set_memory_ro/rw but none that are
in mainline. That can be dealt with if the features ever get
mainlined which seems unlikely.

Acked-by: Laura Abbott <lauraa@codeaurora.org>

> diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
> index bb0ea94..8659357 100644
> --- a/arch/arm64/mm/pageattr.c
> +++ b/arch/arm64/mm/pageattr.c
> @@ -70,7 +70,6 @@ int set_memory_ro(unsigned long addr, int numpages)
>   					__pgprot(PTE_RDONLY),
>   					__pgprot(PTE_WRITE));
>   }
> -EXPORT_SYMBOL_GPL(set_memory_ro);
>
>   int set_memory_rw(unsigned long addr, int numpages)
>   {
> @@ -78,7 +77,6 @@ int set_memory_rw(unsigned long addr, int numpages)
>   					__pgprot(PTE_WRITE),
>   					__pgprot(PTE_RDONLY));
>   }
> -EXPORT_SYMBOL_GPL(set_memory_rw);
>
>   int set_memory_nx(unsigned long addr, int numpages)
>   {
>


-- 
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/