Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1268103imu; Tue, 11 Dec 2018 16:13:26 -0800 (PST) X-Google-Smtp-Source: AFSGD/WF5HNe7/P/95IFkVzQ7Jbaf6W3+QuIgneR+fmBpBLrXG48K1OyKljCMqhK0GwjfDzCVNAg X-Received: by 2002:a63:790e:: with SMTP id u14mr16427575pgc.452.1544573606896; Tue, 11 Dec 2018 16:13:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544573606; cv=none; d=google.com; s=arc-20160816; b=cgWJEuVG5GLVjO5ewcuaJ2RFtnxftDvWQ87LN2VJwTWKUhBBIjeZS3PtK2wZ5hiHu7 G+/4288TJzkN5Qg1MtNZOn1fy8rGEv03OQt99bUyfHs8nx3M6S9yN+g6KYQv4QwHNShw KhXYVI95qhY9r298duhOhWbcVfcmCSE7hfVR2kszkJLr+u7jg2qM5W1DaOhJHoNuLwCF FHJYEKaBJO1RARol6Hss4SD3IPWsejM/4ibjk+h/0IEoAppkqiyZRCabSMMSfMQ4/jA9 Yb2k0rzITqHYNsCOKK11qoql5/iHlcNHHrJGNYYkmp3HtE4wMav0r4U5tolqYg8LJ7CL mOqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=aFkerf4UfjublRdDyI4ovkPEU9VLW1HJz1GA1vU6UUQ=; b=iWgoJril/YrULvSi1SLHyURJ37/+lsImsXVn7rzru2xJChSW6A8ucnkZ7hs7Nvgk6n UFRgqIqXuJB0NWpc4+V6g2ic38dxgLDe/tcAFhRBT8/ZRaSLmSOB+JGHHhwmq9317BT7 BkDAWG6efy6Ln9mo9pODHatyqTmqokPbXCGvROHxqZUwnvbS9kar2jancPc4/zohLVRB mVDV7g7GrKeVsfLbiYze90GtWFsDbu+IThyY24tOy1edGMj3wWCG3rDtA02jZimfyr5v mcAIqAW8M5Icey2J71skb1uTtrUzBBLNnzzwHb1S7IR3ScjdZ1R+3T/BFN6pd3hrc7Tn mg0Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y26si14365723pfd.25.2018.12.11.16.13.12; Tue, 11 Dec 2018 16:13:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726296AbeLLAML (ORCPT + 99 others); Tue, 11 Dec 2018 19:12:11 -0500 Received: from mga04.intel.com ([192.55.52.120]:56048 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726211AbeLLAMJ (ORCPT ); Tue, 11 Dec 2018 19:12:09 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Dec 2018 16:12:08 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,343,1539673200"; d="scan'208";a="282839403" Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.141]) by orsmga005.jf.intel.com with ESMTP; 11 Dec 2018 16:12:07 -0800 From: Rick Edgecombe To: akpm@linux-foundation.org, luto@kernel.org, will.deacon@arm.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, naveen.n.rao@linux.vnet.ibm.com, anil.s.keshavamurthy@intel.com, davem@davemloft.net, mhiramat@kernel.org, rostedt@goodmis.org, mingo@redhat.com, ast@kernel.org, daniel@iogearbox.net, jeyu@kernel.org, namit@vmware.com, netdev@vger.kernel.org, ard.biesheuvel@linaro.org, jannh@google.com Cc: kristen@linux.intel.com, dave.hansen@intel.com, deneen.t.dock@intel.com, Rick Edgecombe Subject: [PATCH v2 2/4] modules: Add new special vfree flags Date: Tue, 11 Dec 2018 16:03:52 -0800 Message-Id: <20181212000354.31955-3-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181212000354.31955-1-rick.p.edgecombe@intel.com> References: <20181212000354.31955-1-rick.p.edgecombe@intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add new flags for handling freeing of special permissioned memory in vmalloc, and remove places where the handling was done in module.c. This will enable this flag for all architectures. Signed-off-by: Rick Edgecombe --- kernel/module.c | 43 ++++++++++++------------------------------- 1 file changed, 12 insertions(+), 31 deletions(-) diff --git a/kernel/module.c b/kernel/module.c index 49a405891587..910f92b402f8 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -1941,11 +1941,23 @@ void module_disable_ro(const struct module *mod) frob_rodata(&mod->init_layout, set_memory_rw); } +static void module_set_vm_flags(const struct module_layout *layout) +{ + struct vm_struct *vm = find_vm_area(layout->base); + + if (vm) { + vm->flags |= VM_HAS_SPECIAL_PERMS; + vm->flags |= VM_IMMEDIATE_UNMAP; + } +} + void module_enable_ro(const struct module *mod, bool after_init) { if (!rodata_enabled) return; + module_set_vm_flags(&mod->core_layout); + module_set_vm_flags(&mod->init_layout); frob_text(&mod->core_layout, set_memory_ro); frob_rodata(&mod->core_layout, set_memory_ro); frob_text(&mod->init_layout, set_memory_ro); @@ -1964,15 +1976,6 @@ static void module_enable_nx(const struct module *mod) frob_writable_data(&mod->init_layout, set_memory_nx); } -static void module_disable_nx(const struct module *mod) -{ - frob_rodata(&mod->core_layout, set_memory_x); - frob_ro_after_init(&mod->core_layout, set_memory_x); - frob_writable_data(&mod->core_layout, set_memory_x); - frob_rodata(&mod->init_layout, set_memory_x); - frob_writable_data(&mod->init_layout, set_memory_x); -} - /* Iterate through all modules and set each module's text as RW */ void set_all_modules_text_rw(void) { @@ -2016,23 +2019,8 @@ void set_all_modules_text_ro(void) } mutex_unlock(&module_mutex); } - -static void disable_ro_nx(const struct module_layout *layout) -{ - if (rodata_enabled) { - frob_text(layout, set_memory_rw); - frob_rodata(layout, set_memory_rw); - frob_ro_after_init(layout, set_memory_rw); - } - frob_rodata(layout, set_memory_x); - frob_ro_after_init(layout, set_memory_x); - frob_writable_data(layout, set_memory_x); -} - #else -static void disable_ro_nx(const struct module_layout *layout) { } static void module_enable_nx(const struct module *mod) { } -static void module_disable_nx(const struct module *mod) { } #endif #ifdef CONFIG_LIVEPATCH @@ -2163,7 +2151,6 @@ static void free_module(struct module *mod) mutex_unlock(&module_mutex); /* This may be empty, but that's OK */ - disable_ro_nx(&mod->init_layout); module_arch_freeing_init(mod); module_memfree(mod->init_layout.base); kfree(mod->args); @@ -2173,7 +2160,6 @@ static void free_module(struct module *mod) lockdep_free_key_range(mod->core_layout.base, mod->core_layout.size); /* Finally, free the core (containing the module structure) */ - disable_ro_nx(&mod->core_layout); module_memfree(mod->core_layout.base); } @@ -3497,7 +3483,6 @@ static noinline int do_init_module(struct module *mod) #endif module_enable_ro(mod, true); mod_tree_remove_init(mod); - disable_ro_nx(&mod->init_layout); module_arch_freeing_init(mod); mod->init_layout.base = NULL; mod->init_layout.size = 0; @@ -3812,10 +3797,6 @@ static int load_module(struct load_info *info, const char __user *uargs, module_bug_cleanup(mod); mutex_unlock(&module_mutex); - /* we can't deallocate the module until we clear memory protection */ - module_disable_ro(mod); - module_disable_nx(mod); - ddebug_cleanup: ftrace_release_mod(mod); dynamic_debug_remove(mod, info->debug); -- 2.17.1