Received: by 10.192.165.148 with SMTP id m20csp4205723imm; Mon, 30 Apr 2018 13:50:55 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrOxfBhxg41Po7q6NF5duM9uRCY4wN89DM6LHS6Na7jb36Wnqq0M+z4W7qLlnz5E+wGWJSu X-Received: by 10.98.7.140 with SMTP id 12mr1960746pfh.178.1525121455163; Mon, 30 Apr 2018 13:50:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525121455; cv=none; d=google.com; s=arc-20160816; b=xgMWLu58ucZtxIXTb2x1eS0yUAjBVXlEkGKs3osFZO9bq5ANfpx4beuWZiU3wYahQT OnWwCOj94shm+PzNowN0OU9FTbds2IG8PZndkUPt22cFC6pdHsVQHqLGuI9DZ2OuDV24 lFcrQcUnR1S5D+L8F78pR5e9nb3up8PxuwItsNrUsJPHp1qxnmo3MI93jhyizOSn77df prhBJPP+pr2/0YTahtCYenHhsosm2SJ6K3xMfBv+Z6HeH+0fgLlsUAiMlrweXRrx9d30 EBT9xMAppfCvGxSrTVpmM4n2jiXs8YTBNMb7f63adS6lWF/rJHGhTh/RHcY37lEl+CW4 4K+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dmarc-filter :dkim-signature:dkim-signature:arc-authentication-results; bh=Q2y1Q9T4FVqFlfgqzG/X/jbVU9vWXTkabjoqwJ1Erhc=; b=YH2k0ErymE2XjIrWrUQDTB/bLN2bbQihZNgINhrQCc2+JZuf8LtmBJINYERSe1VQmi AXI/5pSuP4z++zuEVtqzSaZD+ZaesjZgCVzuHqLh5JeK1xWSEyFLhrOBJ5SRKytWHq9H nocNMEP3+GSbqMuFRSuNU+X6OGIfuFkh/HVRyJoDWfB6wDTV+W6ooVMBH8IqSkxm6a/a lko/tL9LY54a5f4meXRug/38nj6o0oxK55brChyCqSo63R5fx5+QC0mDEJ2S8TuPshrL NOB1+WexznVhiXTDhxFRCV3Y83vBNynNLHCJCFb7ApPMCdFpR5aZC7oXgSCFE9XenZd9 sM6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=Zo4bg8H5; dkim=pass header.i=@codeaurora.org header.s=default header.b=OX/GLEw+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b3-v6si2079582plc.14.2018.04.30.13.50.10; Mon, 30 Apr 2018 13:50:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=Zo4bg8H5; dkim=pass header.i=@codeaurora.org header.s=default header.b=OX/GLEw+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755128AbeD3Uty (ORCPT + 99 others); Mon, 30 Apr 2018 16:49:54 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:53872 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754872AbeD3Utw (ORCPT ); Mon, 30 Apr 2018 16:49:52 -0400 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id 3ADD460AE0; Mon, 30 Apr 2018 20:49:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1525121392; bh=kyZB9GUyysOKJNIAXWiluGZ050Lj+ZLrf338aGIcI3M=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=Zo4bg8H5ijVMbONfP1wFVCSMtV8hazOzpkkfd92sO0zs+gyh62aM+ct+qaFm0mDU2 E7tn9BEbQJHUbsOh1pA2Rm4mD6h1DisJLy7Anden3Ba/iIZ2sP2FjuZXecC9ZVznYh v56g6Cg6VRICcFyw4+ZUj6fJaOdr/rSRQSDuKX1I= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on pdx-caf-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=2.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.0 Received: from [10.226.60.81] (i-global254.qualcomm.com [199.106.103.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: jhugo@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id 8CD2E60271; Mon, 30 Apr 2018 20:49:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1525121390; bh=kyZB9GUyysOKJNIAXWiluGZ050Lj+ZLrf338aGIcI3M=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=OX/GLEw+DxVEfTuKtV29cYTSi+gU5ccSUQplk7GjmQuDfKs7+Cg1vUaREUc1cbDZj K4VYQUCrLScMKh1g5HjA61e4vBT3KNe/zvMIm/cSYus1Kr3DB0qsrvubZEtAxj1ivJ ASd2HuZhkJmk4cfO2G8ddATblG2VHdoMLfIotyS4= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 8CD2E60271 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=jhugo@codeaurora.org Subject: Re: [PATCH v3] init: Fix false positives in W+X checking To: Kees Cook , Laura Abbott , Andrew Morton Cc: Mark Rutland , Ard Biesheuvel , Catalin Marinas , Timur Tabi , Will Deacon , LKML , Jan Glauber , Peter Zijlstra , Thomas Gleixner , Stephen Smalley , Ingo Molnar , linux-arm-kernel References: <1525103946-29526-1-git-send-email-jhugo@codeaurora.org> From: Jeffrey Hugo Message-ID: <2fd6b503-17b9-4e4c-e3ea-44eb34d209e9@codeaurora.org> Date: Mon, 30 Apr 2018 14:49:44 -0600 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/30/2018 12:40 PM, Kees Cook wrote: > On Mon, Apr 30, 2018 at 10:19 AM, Laura Abbott wrote: >> On 04/30/2018 08:59 AM, Jeffrey Hugo wrote: >>> >>> load_module() creates W+X mappings via __vmalloc_node_range() (from >>> layout_and_allocate()->move_module()->module_alloc()) by using >>> PAGE_KERNEL_EXEC. These mappings are later cleaned up via >>> "call_rcu_sched(&freeinit->rcu, do_free_init)" from do_init_module(). >>> >>> This is a problem because call_rcu_sched() queues work, which can be run >>> after debug_checkwx() is run, resulting in a race condition. If hit, the >>> race results in a nasty splat about insecure W+X mappings, which results >>> in a poor user experience as these are not the mappings that >>> debug_checkwx() is intended to catch. >>> >>> This issue is observed on multiple arm64 platforms, and has been >>> artificially triggered on an x86 platform. >>> >>> Address the race by flushing the queued work before running the >>> arch-defined mark_rodata_ro() which then calls debug_checkwx(). >>> >>> Reported-by: Timur Tabi >>> Reported-by: Jan Glauber >>> Fixes: e1a58320a38d ("x86/mm: Warn on W^X mappings") >>> Signed-off-by: Jeffrey Hugo >>> Acked-by: Kees Cook >>> Acked-by: Ingo Molnar >>> Acked-by: Will Deacon >>> --- >>> >> >> Acked-by: Laura Abbott >> >> If you don't have a tree for this to go through, I might suggest having >> Kees take it. > > akpm has taken the W^X stuff in the past, but I'm happy to do so. Just > let me know either way. :) > > -Kees > That sounds fine to me. Is that agreeable to you, Andrew? -- Jeffrey Hugo Qualcomm Datacenter Technologies as an affiliate of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.