Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp4770449imd; Tue, 30 Oct 2018 07:12:15 -0700 (PDT) X-Google-Smtp-Source: AJdET5fWUZw1DIojKnKn2PmG058LA/Fr6g5jPWlPggZvA5LUQuomWtNfuXBACHns4L13JhV3VG5G X-Received: by 2002:a17:902:bf49:: with SMTP id u9-v6mr6202535pls.10.1540908735472; Tue, 30 Oct 2018 07:12:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540908735; cv=none; d=google.com; s=arc-20160816; b=nunyXAjbYSioVdMuLTx3DC1dOd7nF3879MfP/5l0QU1gMVv21gIvXUs4PcvqGd2v0L sAlte5cqe/N7xFWq4HSFGSIBiJCKbdKA1V1C1Ifx8qwjj3GzJMdFVw3tHldXCY1F6mLc RQln0CuTqOb/spjW0EIzY2okGDxK0qjn6PMJY+Ij+atYHqwe1lFFAYIqzS8j6HQtmSDx VTmie/cWI0d02IFbF61lTTYTqQ6oBmrzVNdr3hQJ/3W4DW1FadaQvDO+8UNmfbLN6qqp v8NtJ1DxnH1AzyR8E1uGm8tqhRgjBR6V5MCQ1Vj/bPLJXn1HLN9JVAovOgv9C3/Ln3X7 EJDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=OaYZ6gYpMWu3K9PyytKUG3hwcvkHH0hWz+NChVlOHak=; b=uODUa/oGv4QhuBHKdbeV/gTxVDJEXu8aBdbXnZNT5EplNXULEa/sAuzN33YklSr6db bi52Q7ol4R5SC7NIXfvuIuil/o5zB1hrL3eIkMXyvwIA8/wBLQthr3ltODUEBHpndhzc fzD1P1wGj8PaFg6LGRuMQxiTS8NUE/TIn4xjAT3Gqd7Li74Mw4IgwDJjj59JQMescZ+/ tSYUZhwQeYMtcwOrHSOPjGYay7nyHNDjAEvpA3gAYS6EmegMANFhQFJVGima+s2cbeGG oryG6pF8OrUaRkUNy6L1bJwZc35VLWwpY7FTGU57vKsN+MFXAgiZdkovCHQFZyb5gCKS a1hA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="OBJ09q/m"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u7-v6si26238131pfu.143.2018.10.30.07.11.45; Tue, 30 Oct 2018 07:12:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="OBJ09q/m"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728164AbeJ3XEb (ORCPT + 99 others); Tue, 30 Oct 2018 19:04:31 -0400 Received: from mail-io1-f68.google.com ([209.85.166.68]:34112 "EHLO mail-io1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727798AbeJ3XEb (ORCPT ); Tue, 30 Oct 2018 19:04:31 -0400 Received: by mail-io1-f68.google.com with SMTP id d80-v6so7317315iof.1 for ; Tue, 30 Oct 2018 07:10:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OaYZ6gYpMWu3K9PyytKUG3hwcvkHH0hWz+NChVlOHak=; b=OBJ09q/m4j39gkIy4E+3kDw85UX87qeUkQVdz6rxjRvPNvHbhi7SPjq/x3HK3/cDpM 6UCVW6kHPiGl1KzhiXatKjICdhLIVRFVzZrv3zLB6dfph8Dd4DFjFJl1c0wpURcX1rMd FxZ/E7+KhqIi8aiMku4k80F/eTdHPD7C2nDD4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OaYZ6gYpMWu3K9PyytKUG3hwcvkHH0hWz+NChVlOHak=; b=MYi8Dq48FocDAt+9Rpd0FokOsNFnwHB7NPnwCnqdBXpqargSCjet2Z5OSs3BivAjtv YA2GSTdY48PCF0ON5oU6vM8hLFMV4+ne7RY57EExeQuXttqDkxzq7oF3a/UmSC/SC/fu yPA+Pe/0OcMzv3q5p/3Qlq3lMxp41OGnMfeAGbq4LfPjDI0yne5R46LcPiReTx6NalFD 460FY10aeOBD5MO01RY9HVImFltmI6DFd9KLFGdOPzt0YSxa1v39ZZ6cfUcBIUsgIKki xhQ1GiG3a9ExFUOtElbs4PS2kVActRF7z7LHqSaAiyvz6IQc+YNBEwJSx0foYQN5hly1 Qvjw== X-Gm-Message-State: AGRZ1gIRKHp6bGcWv54A428rRcqZFJuj4zm0uOBBMWfQJhHzkh/wbvNo iqQLRsxetFSVSI6X8I6UL5qc0xQ4qmmeVT1E0Yx0kg== X-Received: by 2002:a6b:5d18:: with SMTP id r24-v6mr10810585iob.170.1540908652468; Tue, 30 Oct 2018 07:10:52 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a6b:4f16:0:0:0:0:0 with HTTP; Tue, 30 Oct 2018 07:10:51 -0700 (PDT) In-Reply-To: References: <20181030113850.31150-1-anders.roxell@linaro.org> From: Ard Biesheuvel Date: Tue, 30 Oct 2018 11:10:51 -0300 Message-ID: Subject: Re: [PATCH v2] arm64: kprobe: make page to RO mode when allocate it To: Anders Roxell Cc: Catalin Marinas , Will Deacon , linux-arm-kernel , Linux Kernel Mailing List , Masami Hiramatsu , Laura Abbott , Arnd Bergmann Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 30 October 2018 at 08:49, Ard Biesheuvel wrote: > Hi Anders, > >> On 30 Oct 2018, at 08:38, Anders Roxell wrote: >> >> Commit 1404d6f13e47 ("arm64: dump: Add checking for writable and exectuable pages") >> has successfully identified code that leaves a page with W+X >> permissions. >> >> [ 3.245140] arm64/mm: Found insecure W+X mapping at address (____ptrval____)/0xffff000000d90000 >> [ 3.245771] WARNING: CPU: 0 PID: 1 at ../arch/arm64/mm/dump.c:232 note_page+0x410/0x420 >> [ 3.246141] Modules linked in: >> [ 3.246653] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.0-rc5-next-20180928-00001-ge70ae259b853-dirty #62 >> [ 3.247008] Hardware name: linux,dummy-virt (DT) >> [ 3.247347] pstate: 80000005 (Nzcv daif -PAN -UAO) >> [ 3.247623] pc : note_page+0x410/0x420 >> [ 3.247898] lr : note_page+0x410/0x420 >> [ 3.248071] sp : ffff00000804bcd0 >> [ 3.248254] x29: ffff00000804bcd0 x28: ffff000009274000 >> [ 3.248578] x27: ffff00000921a000 x26: ffff80007dfff000 >> [ 3.248845] x25: ffff0000093f5000 x24: ffff000009526f6a >> [ 3.249109] x23: 0000000000000004 x22: ffff000000d91000 >> [ 3.249396] x21: ffff000000d90000 x20: 0000000000000000 >> [ 3.249661] x19: ffff00000804bde8 x18: 0000000000000400 >> [ 3.249924] x17: 0000000000000000 x16: 0000000000000000 >> [ 3.250271] x15: ffffffffffffffff x14: 295f5f5f5f6c6176 >> [ 3.250594] x13: 7274705f5f5f5f28 x12: 2073736572646461 >> [ 3.250941] x11: 20746120676e6970 x10: 70616d20582b5720 >> [ 3.251252] x9 : 6572756365736e69 x8 : 3039643030303030 >> [ 3.251519] x7 : 306666666678302f x6 : ffff0000095467b2 >> [ 3.251802] x5 : 0000000000000000 x4 : 0000000000000000 >> [ 3.252060] x3 : 0000000000000000 x2 : ffffffffffffffff >> [ 3.252323] x1 : 4d151327adc50b00 x0 : 0000000000000000 >> [ 3.252664] Call trace: >> [ 3.252953] note_page+0x410/0x420 >> [ 3.253186] walk_pgd+0x12c/0x238 >> [ 3.253417] ptdump_check_wx+0x68/0xf8 >> [ 3.253637] mark_rodata_ro+0x68/0x98 >> [ 3.253847] kernel_init+0x38/0x160 >> [ 3.254103] ret_from_fork+0x10/0x18 >> >> kprobes allocates a writable executable page with module_alloc() in >> order to store executable code. >> Reworked to that when allocate a page it sets mode RO. Inspired by >> commit 63fef14fc98a ("kprobes/x86: Make insn buffer always ROX and use text_poke()"). >> >> Cc: Laura Abbott >> Cc: Catalin Marinas >> Co-developed-by: Arnd Bergmann >> Co-developed-by: Ard Biesheuvel >> Signed-off-by: Arnd Bergmann >> Signed-off-by: Ard Biesheuvel > > Please remove these SOBs, Arnd and I provided input to this patch but you are the one sending it (sob does not assert authorship or anything like that, it just asserts that the code in the patch was made available under a compatible license) > As Anders points out in a private communication, the Documentation/ explicitly requires signoffs for Co-developed-by credits. Perhaps we should enhance that document to clarify that that does not mean you can simply add signoffs on someone else's behalf. But the patch is fine as it stands (with the received acks added) > Also, please add the acks you received from Masami and Laura. > >> Signed-off-by: Anders Roxell >> --- >> arch/arm64/kernel/probes/kprobes.c | 27 ++++++++++++++++++++------- >> 1 file changed, 20 insertions(+), 7 deletions(-) >> >> diff --git a/arch/arm64/kernel/probes/kprobes.c b/arch/arm64/kernel/probes/kprobes.c >> index 9b65132e789a..decf483b4153 100644 >> --- a/arch/arm64/kernel/probes/kprobes.c >> +++ b/arch/arm64/kernel/probes/kprobes.c >> @@ -23,7 +23,9 @@ >> #include >> #include >> #include >> +#include >> #include >> +#include >> #include >> #include >> #include >> @@ -42,10 +44,21 @@ DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk); >> static void __kprobes >> post_kprobe_handler(struct kprobe_ctlblk *, struct pt_regs *); >> >> +static int __kprobes patch_text(kprobe_opcode_t *addr, u32 opcode) >> +{ >> + void *addrs[1]; >> + u32 insns[1]; >> + >> + addrs[0] = (void *)addr; >> + insns[0] = (u32)opcode; >> + >> + return aarch64_insn_patch_text(addrs, insns, 1); >> +} >> + >> static void __kprobes arch_prepare_ss_slot(struct kprobe *p) >> { >> /* prepare insn slot */ >> - p->ainsn.api.insn[0] = cpu_to_le32(p->opcode); >> + patch_text(p->ainsn.api.insn, p->opcode); >> >> flush_icache_range((uintptr_t) (p->ainsn.api.insn), >> (uintptr_t) (p->ainsn.api.insn) + >> @@ -118,15 +131,15 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) >> return 0; >> } >> >> -static int __kprobes patch_text(kprobe_opcode_t *addr, u32 opcode) >> +void *alloc_insn_page(void) >> { >> - void *addrs[1]; >> - u32 insns[1]; >> + void *page; >> >> - addrs[0] = (void *)addr; >> - insns[0] = (u32)opcode; >> + page = vmalloc_exec(PAGE_SIZE); >> + if (page) >> + set_memory_ro((unsigned long)page, 1); >> >> - return aarch64_insn_patch_text(addrs, insns, 1); >> + return page; >> } >> >> /* arm kprobe: install breakpoint in text */ >> -- >> 2.19.1 >>