Received: by 2002:ac0:8c8e:0:0:0:0:0 with SMTP id r14csp896702ima; Wed, 6 Feb 2019 10:05:16 -0800 (PST) X-Google-Smtp-Source: AHgI3IYpVBbhpGJfk8Lkv7qDWfyrE/Y8JZ5y3qCBHeXNFOS4kLe4wP62jt3Q2JeFy0mGu/hRHTZK X-Received: by 2002:aa7:8542:: with SMTP id y2mr11867888pfn.83.1549476316036; Wed, 06 Feb 2019 10:05:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549476316; cv=none; d=google.com; s=arc-20160816; b=ydpcFc5o8e3NolIkacCm8fqOpxm1HN7ummtAoiR6Srm9irQL2rg7ZdvA8RDIx9LWxH fQ7s5zUnEJm+WV/ClNQ1sYaXrFyTCcV+HloEiZ7rHBj/9JX4CRmnFJSra329DmpWNcsI nT/JF7hXu2IWimmZ4SlCW+cBTzrjBKOp1hFEm2UBUZbgS1t0Q3GeNRvjzgJ25sdrY74r +BCgJw6JL3nXmo1FQXLQufVSCuuQkJkA7FxoJ0NktVPmSCVz9wk5qcF5gZoOgvWyOXfS hW9JfrgTajvlQNHLhSNRZ9WJKCT7R08GGoD4amAF/lgZbXH4QxD0mI3FUz+E2RiTbHhb R2EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=z9XFeucax8xYFihnspCDvcXkCu2137EDgTjxZuGxip8=; b=yraEsrXupLVs48+qMonCwrjw9EUMWLieyOJbfVuzZ+xN6P67D8iGgV0oNT9J389DEi 30N0XDPMEaqRA/6XFfGXeY1OYqoyIiKsx6/a+4sMGH8ul5XJUzxKOa1hrlhAAX1d57rw nhPqnUVsqijwbGKVkpit2a5bEWD849DbKbBt7qWIoCspSHBgZTFtqrXGwIptjI9ZY4pW z7jZ1iRm7AE5P6SouKTRntmCvTD+HeeipmQa9zRqSb/D5/3IiG7SexnVOu7PPZXNHnst YHDwki14J9ostj6MI5WgCyxk356DN7MqCNLGr9iu/+0shr1UboosBebfkgJ5I38+GuRO AThQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f10si7271048pln.289.2019.02.06.10.04.59; Wed, 06 Feb 2019 10:05:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730309AbfBFRlP (ORCPT + 99 others); Wed, 6 Feb 2019 12:41:15 -0500 Received: from mail.kernel.org ([198.145.29.99]:51640 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730103AbfBFRlN (ORCPT ); Wed, 6 Feb 2019 12:41:13 -0500 Received: from gandalf.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4175C20B1F; Wed, 6 Feb 2019 17:41:11 +0000 (UTC) Date: Wed, 6 Feb 2019 12:41:08 -0500 From: Steven Rostedt To: Nadav Amit Cc: Rick Edgecombe , Andy Lutomirski , Ingo Molnar , LKML , X86 ML , "H. Peter Anvin" , Thomas Gleixner , Borislav Petkov , Dave Hansen , Peter Zijlstra , Damian Tometzki , linux-integrity , LSM List , Andrew Morton , Kernel Hardening , Linux-MM , Will Deacon , Ard Biesheuvel , Kristen Carlson Accardi , deneen.t.dock@intel.com Subject: Re: [PATCH 08/17] x86/ftrace: set trampoline pages as executable Message-ID: <20190206124108.07eef568@gandalf.local.home> In-Reply-To: <5DFA1E3C-A335-4C4B-A86F-904A6CF6D871@gmail.com> References: <20190117003259.23141-1-rick.p.edgecombe@intel.com> <20190117003259.23141-9-rick.p.edgecombe@intel.com> <20190206112213.2ec9dd5c@gandalf.local.home> <5DFA1E3C-A335-4C4B-A86F-904A6CF6D871@gmail.com> X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 6 Feb 2019 09:33:35 -0800 Nadav Amit wrote: > >> /* Copy ftrace_caller onto the trampoline memory */ > >> ret = probe_kernel_read(trampoline, (void *)start_offset, size); > >> @@ -818,6 +820,13 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size) > >> /* ALLOC_TRAMP flags lets us know we created it */ > >> ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP; > >> > >> + /* > >> + * Module allocation needs to be completed by making the page > >> + * executable. The page is still writable, which is a security hazard, > >> + * but anyhow ftrace breaks W^X completely. > >> + */ > > > > Perhaps we should set the page to non writable after the page is > > updated? And set it to writable only when we need to update it. > > You remember that I sent you a patch that changed all these writes into > text_poke() and you said that I should defer it until this series is merged? > And I notice that it is set to RO after this call anyway. -- Steve