Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp855531imm; Tue, 3 Jul 2018 00:52:56 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcd3+iF3l7G7RtGCCeWoTk9TbqiJ4awHCaiPu2Lrx751ap2xjD6ehNVwIQV5Z5xhnY2nDCa X-Received: by 2002:a65:6258:: with SMTP id q24-v6mr12476750pgv.131.1530604376308; Tue, 03 Jul 2018 00:52:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530604376; cv=none; d=google.com; s=arc-20160816; b=GPYviewUK4HOShMTir9jlTrxb/99YQPY57QrOdr7PIRN0Nm6fJ8uUw4F0BeVqAzthX YCOr2UDIkezGTAFISHfy4hQO1/ZhjAivVhxdVoUOMd6srjhXDy0Q0FgyqhH42RgW2mxN 1PWrQgqcjptIqTvrSoUEvVp/vvWtzcNGW2itgfStIdU1FOAyI7eL1mxl92Gd/Vh4R+iG Ju/017NLBQcOJPK6Y6Lb7VeAMhJQlpBP4V4FF/9JyqGtxzw2OngwCzoP6rmrd9dmQrGr taGs5p0Wv8e5qAQBN2xbXZKijHbrAusc/4tN9QaEk7mRQ28FoReqUgOeECKvuhxCbXxn Aa/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=RKh5x5Bi0etessjkS2BozAsZfiNI+v8vdijpxCJH8qE=; b=F3YD9ueWF9n/0tf6BZJsW5te10fIjTKWEbiCAp9/nW1vpBsAwCFQh0OoO8sH5hgMZU zD8jssCqIoGJ+UG1buHK5aXaif7ME6Rw0aBYg9+dg3kqI7stdXIF6ncH/wU8aFl+2S1u 6R/v64FcTi93gMHqua/h+xYzHFgV18UMVdh5FOgzZBlqjrSICAjvD5jGcrlGorJ0jrkh AW1XOdr9kchavvcPoYdiitep1szYoxYnH19BGmm3vfkkgQb1ADMGxDbQtSqxkValtd4u g+2gn3ReSd/DoiGZzGSwvY/XANLOGndgxdzCA7MsQSt8Syl4AjEYehi/MzA9dbxRB1LT hOWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=IpEPpUf7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k33-v6si543103pld.269.2018.07.03.00.52.41; Tue, 03 Jul 2018 00:52:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=IpEPpUf7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933551AbeGCHuX (ORCPT + 99 others); Tue, 3 Jul 2018 03:50:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:37228 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933028AbeGCHuS (ORCPT ); Tue, 3 Jul 2018 03:50:18 -0400 Received: from linux-5o07 (charybdis-ext.suse.de [195.135.221.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 652AE24C34; Tue, 3 Jul 2018 07:50:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1530604218; bh=swiM/o44vsTJYW5czzI3ZUMuI/bRgrPkEIJeXrGmjTk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=IpEPpUf7fVIe2jXXFvl8KDEMGqZcVI8CZoYcT8A84GdnuDVZ4My16G7Nyh68Wprpc gF/SR/Kw352sY6BJACzmqPLL7ZTIb/lLttwUDYcYX6Hx4kHw2RrWFFbVVQ6l8oSxzm IF9lEtXjWvSMSsOcICPgdPFzalU25zRj8HdQWXDU= Date: Tue, 3 Jul 2018 09:50:13 +0200 From: Jessica Yu To: Ard Biesheuvel Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, linux-arch@vger.kernel.org, Arnd Bergmann , Heiko Carstens , Kees Cook , Will Deacon , Thomas Gleixner , Catalin Marinas , Ingo Molnar , Steven Rostedt , Martin Schwidefsky , Peter Zijlstra Subject: Re: [PATCH v2 8/8] jump_table: move entries into ro_after_init region Message-ID: <20180703075013.ntyu7zlw5rijfeyn@linux-5o07> References: <20180702181145.4799-1-ard.biesheuvel@linaro.org> <20180702181145.4799-9-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20180702181145.4799-9-ard.biesheuvel@linaro.org> X-OS: Linux linux-5o07 4.18.0-rc1-lp150.11-default+ x86_64 User-Agent: NeoMutt/20170912 (1.9.0) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +++ Ard Biesheuvel [02/07/18 20:11 +0200]: >The __jump_table sections emitted into the core kernel and into >each module consist of statically initialized references into >other parts of the code, and with the exception of entries that >point into init code, which are defused at post-init time, these >data structures are never modified. > >So let's move them into the ro_after_init section, to prevent them >from being corrupted inadvertently by buggy code, or deliberately >by an attacker. > >Signed-off-by: Ard Biesheuvel For module parts: Acked-by: Jessica Yu >--- > arch/arm/kernel/vmlinux-xip.lds.S | 1 + > arch/s390/kernel/vmlinux.lds.S | 1 + > include/asm-generic/vmlinux.lds.h | 11 +++++++---- > kernel/module.c | 9 +++++++++ > 4 files changed, 18 insertions(+), 4 deletions(-) > >diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S >index 3593d5c1acd2..763c41068ecc 100644 >--- a/arch/arm/kernel/vmlinux-xip.lds.S >+++ b/arch/arm/kernel/vmlinux-xip.lds.S >@@ -118,6 +118,7 @@ SECTIONS > RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) > .data.ro_after_init : AT(ADDR(.data.ro_after_init) - LOAD_OFFSET) { > *(.data..ro_after_init) >+ JUMP_TABLE_DATA > } > _edata = .; > >diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S >index f0414f52817b..a7cf61e46f88 100644 >--- a/arch/s390/kernel/vmlinux.lds.S >+++ b/arch/s390/kernel/vmlinux.lds.S >@@ -67,6 +67,7 @@ SECTIONS > __start_ro_after_init = .; > .data..ro_after_init : { > *(.data..ro_after_init) >+ JUMP_TABLE_DATA > } > EXCEPTION_TABLE(16) > . = ALIGN(PAGE_SIZE); >diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h >index e373e2e10f6a..ed6befa4c47b 100644 >--- a/include/asm-generic/vmlinux.lds.h >+++ b/include/asm-generic/vmlinux.lds.h >@@ -256,10 +256,6 @@ > STRUCT_ALIGN(); \ > *(__tracepoints) \ > /* implement dynamic printk debug */ \ >- . = ALIGN(8); \ >- __start___jump_table = .; \ >- KEEP(*(__jump_table)) \ >- __stop___jump_table = .; \ > . = ALIGN(8); \ > __start___verbose = .; \ > KEEP(*(__verbose)) \ >@@ -303,6 +299,12 @@ > . = __start_init_task + THREAD_SIZE; \ > __end_init_task = .; > >+#define JUMP_TABLE_DATA \ >+ . = ALIGN(8); \ >+ __start___jump_table = .; \ >+ KEEP(*(__jump_table)) \ >+ __stop___jump_table = .; >+ > /* > * Allow architectures to handle ro_after_init data on their > * own by defining an empty RO_AFTER_INIT_DATA. >@@ -311,6 +313,7 @@ > #define RO_AFTER_INIT_DATA \ > __start_ro_after_init = .; \ > *(.data..ro_after_init) \ >+ JUMP_TABLE_DATA \ > __end_ro_after_init = .; > #endif > >diff --git a/kernel/module.c b/kernel/module.c >index 7cb82e0fcac0..0d4e320e41cd 100644 >--- a/kernel/module.c >+++ b/kernel/module.c >@@ -3349,6 +3349,15 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) > * Note: ro_after_init sections also have SHF_{WRITE,ALLOC} set. > */ > ndx = find_sec(info, ".data..ro_after_init"); >+ if (ndx) >+ info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; >+ /* >+ * Mark the __jump_table section as ro_after_init as well: these data >+ * structures are never modified, with the exception of entries that >+ * refer to code in the __init section, which are annotated as such >+ * at module load time. >+ */ >+ ndx = find_sec(info, "__jump_table"); > if (ndx) > info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; > >-- >2.17.1 >