Received: by 10.192.165.148 with SMTP id m20csp1527043imm; Fri, 27 Apr 2018 23:15:26 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoVeQRinHQqT8xWYv13baoU52td+Y8fmfPC1TDcpvzKu9nlVepsLDNGIwjWcSciDIF/FVjn X-Received: by 2002:a63:7981:: with SMTP id u123-v6mr4324448pgc.328.1524896126030; Fri, 27 Apr 2018 23:15:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524896125; cv=none; d=google.com; s=arc-20160816; b=NBDJwd7YalDZinIOtLYsZq8LHKqfErN9O8uCYD4fy69clThFOij6zNHe+ozpGl6VBu r2GOO3xfKKoBvDqaQi8Wpdg/jO3wSqIYV14ptv6JHHnEHa7M5NbAh3GjeIjQ13Wr+zjc fmxIeztqbYBOkks+macoOvM79Z7Z80yHKBEACYcnh/l3oMhUc8IGyrOMfiXCXrcXJpWF Hsv/QcWbbGjcbsIPxs2BgZ0p+IO3cOzFNL3/+j/y7xG6FOi5TmWYC4ZqqBKsV9dGHaWK ZXyLaAvpboC2V+d48EEKh7q+zUWIXyULOXACD7zH71Pe39Uv16pKBG7E83UVIZS4t5ok io+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=5LX7hiAxocs8AqplDvB916Knh0p5fBPsZ45fJ1iu3DM=; b=iMvwQEc9hlCIMYe3JxlZxEGbgLJYQ8Dfab1CPxrJQ1rC6un3jxlOS8j4Wm3cIwfheP WA5OUB6S93JB20jr9GKUvP9PLGMPIRaQFKGHd7gPs+98Vo2Ui3FocUjHNNztYmc5SyqY nDL9ff11l1mLV6gItcfNNvj+PMrovvcNXQGCqKJVxqlYenJbErvH8Blwj+nnRcpHBR8m q92KSmYniqaWWRjuapVwdOzC+aUO9Qd0hpUrUUPQQ8N6y0Ay1w8U+qTw/2oT1YOqayWS QydDhw8+Pvj6Iw7TJkvcTJmBSSeeIZeGpPdMLLkjAfqz+nq2NsqMJ10xxdBfuQ18hyok a/HA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=VWLrzUas; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f18si1145915pff.208.2018.04.27.23.15.11; Fri, 27 Apr 2018 23:15:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=VWLrzUas; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933386AbeD1GOH (ORCPT + 99 others); Sat, 28 Apr 2018 02:14:07 -0400 Received: from mail-wr0-f194.google.com ([209.85.128.194]:43521 "EHLO mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751844AbeD1GOF (ORCPT ); Sat, 28 Apr 2018 02:14:05 -0400 Received: by mail-wr0-f194.google.com with SMTP id v15-v6so3536223wrm.10 for ; Fri, 27 Apr 2018 23:14:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=5LX7hiAxocs8AqplDvB916Knh0p5fBPsZ45fJ1iu3DM=; b=VWLrzUas/cFyh8q4vrhP2DgS3jwckCzyIeieD3E04TGX0AgtUf7kkX3N3mgcSn+84R dtbj0Xd3nIheZZRgOAhKVFyzxnMiyc3eRWmtoaeAIIu0JI/pROFGgfQLMC0OIDUg42K3 UBKDBs9FqXnNubaoQgBrOfPLqwi4/AV6LTa2CI/k1TZRwiIoYsTAIBMS1V7cikfWce6m NTX99NvlARUaLAWbiljYW6TkSMhoJ8vvnbrMXWPdGVOed6qFdmYh0y6dYj+9vt23tnsS 4on0WitaQEAMLFnhNx+5qNKBvIZqgvYngyDpSEN3MUHF7y09ZVISsWzP86niIEezRXSx QZgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=5LX7hiAxocs8AqplDvB916Knh0p5fBPsZ45fJ1iu3DM=; b=jVyLXCCmz5RSV8Ji2vZkWprUZ8ymyQ7TZ9/++HqU6qddicxK2bCN++3bUIcYpdv/ED X6irP3MjslbjOs7GkOmpFaPIeLMWRblmdp8M99JloUq7feqoeO9VHuJ4ubSn8qGNV6Qr CVP6pGFBKSiCJAGl+GwrKzuEGbLWHIPztKIHE+v9AS+ix49pZE1Vqgj+baqNSdF1VVdO Ak01373rd1eSGsfjU6haNGcPbErGzj/8+SpQLh71YwzeJRPGtNQ0YJ18JRDgZgr1/UIY gf22TAQF+omBAjW7R5/Hw/WWjgY+xFApLg6aR6K5CfPnmNwvgIJAVJcEtXV8Tkk4PrHy 7QMA== X-Gm-Message-State: ALQs6tAstzYXU+pMjNPdnG0SXWBpYwvWUjsR/+VmbSqABT6OZBySZ9c2 1lXLhZ51fgs34AC+HTNjzlk= X-Received: by 2002:adf:8756:: with SMTP id 22-v6mr3361314wrz.117.1524896044572; Fri, 27 Apr 2018 23:14:04 -0700 (PDT) Received: from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213]) by smtp.gmail.com with ESMTPSA id u20-v6sm2368293wru.33.2018.04.27.23.14.02 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 27 Apr 2018 23:14:03 -0700 (PDT) Date: Sat, 28 Apr 2018 08:14:01 +0200 From: Ingo Molnar To: Jeffrey Hugo Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Mark Rutland , Jan Glauber , Kees Cook , Ard Biesheuvel , Catalin Marinas , Will Deacon , Laura Abbott , Timur Tabi , Stephen Smalley , Andrew Morton , Thomas Gleixner , Peter Zijlstra Subject: Re: [PATCH v2] init: Fix false positives in W+X checking Message-ID: <20180428061401.oj4tytn6yy277f7y@gmail.com> References: <1524866145-20337-1-git-send-email-jhugo@codeaurora.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1524866145-20337-1-git-send-email-jhugo@codeaurora.org> User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Jeffrey Hugo wrote: > load_module() creates W+X mappings via __vmalloc_node_range() (from > layout_and_allocate()->move_module()->module_alloc()) by using > PAGE_KERNEL_EXEC. These mappings are later cleaned up via > "call_rcu_sched(&freeinit->rcu, do_free_init)" from do_init_module(). > > This is a problem because call_rcu_sched() queues work, which can be run > after debug_checkwx() is run, resulting in a race condition. If hit, the > race results in a nasty splat about insecure W+X mappings, which results > in a poor user experience as these are not the mappings that > debug_checkwx() is intended to catch. > > This issue is observed on multiple arm64 platforms, and has been > artificially triggered on an x86 platform. > > Address the race by flushing the queued work before running the > arch-defined mark_rodata_ro() which then calls debug_checkwx(). > > Reported-by: Timur Tabi > Reported-by: Jan Glauber > Fixes: e1a58320a38d ("x86/mm: Warn on W^X mappings") > Signed-off-by: Jeffrey Hugo > --- > > v1: > -was "arm64: mm: Fix false positives in W+X checking" (see [1]) > -moved to common code based on review and confirmation of issue on x86 > > [1] http://lists.infradead.org/pipermail/linux-arm-kernel/2018-April/573776.html > > init/main.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/init/main.c b/init/main.c > index b795aa3..499d957 100644 > --- a/init/main.c > +++ b/init/main.c > @@ -1034,6 +1034,13 @@ static int __init set_debug_rodata(char *str) > static void mark_readonly(void) > { > if (rodata_enabled) { > + /* > + * load_module() results in W+X mappings, which are cleaned up > + * with call_rcu_sched(). Let's make sure that queued work is > + * flushed so that we don't hit false positives looking for > + * insecure pages which are W+X. > + */ > + rcu_barrier_sched(); I'd suggest adding a matching comment to the module loading portion as well, to make sure this connection does not get lost. With that: Acked-by: Ingo Molnar Thanks, Ingo