Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4391127yba; Tue, 9 Apr 2019 18:17:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqzeQ+QTI8EQIGqTBMH7e0j/VGwBWPJdcPVqzAwHZvm7ZqHDCajdzIoJ2QtQyCII+wobZGuj X-Received: by 2002:a62:6402:: with SMTP id y2mr39424046pfb.194.1554859063283; Tue, 09 Apr 2019 18:17:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554859063; cv=none; d=google.com; s=arc-20160816; b=uNeXHwIKL1b/ZmGO9b0Pdd4UYKt62Mc0qWaswL1ANLryUOWP1FP4MfjVERbw5kBCzk IoNNxSDR9atIhBm7cWPqndD22yyiD6pUzHNZNmIXaidVHf373/cZmGjpkrEpltEeynQG WW76o8HCFxHKfSSNcRmd7wjHz0NVjODf4zqnknFsnwsnk7e0osqrpIqW1awWAU/LYtfp RP0967sqysuyOxARnihxlj3CMACKaJfY0wq9mQdLwFoh/gkKm84FWpmL1sPaw7wTlQlt kR5cwJhNMpxTecmoQ+ajOyhY3EXWyjCCk3NuSn2NU1DE+/iw8RVcPJKGJ/0AacGVvxDC NLjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=5twU0SQ7qeKqh0+CQCpWioa1s9Zf+6xNLzQqic9rlw4=; b=Lk6B97gFiv3RXfqgm5I+gZ9C5DSINSHjM5eD06hYPi86VNrrXMfhR1eStclptaPc+D 9oOWEwM8SmjPvhjah5th2sMoNVUAH+MQLLQZLBFlSUN0fAZai01aM5+jjIfAWform4mC 9xLOnfXsE+ewwX59EsTIL7pIOYoZoriJHcY5CCtQIDHuxxfNjUa4yKcn1TwchCqs3T6L 1yaFljw5NoaZsRHSukWn10TSmdMDN2K/ZmW9l33xE2Yb9NtyvPzG00hanuGoOdFTkSyN OaM2/yNla+g6s5JR1d5K2LCwKTlTo9zTkTKBZhlvHmkVITRsYM2zh5EODqAMRbpW8+mB YGVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b=FHQSlTRZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 71si7397048plc.91.2019.04.09.18.17.27; Tue, 09 Apr 2019 18:17:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b=FHQSlTRZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726808AbfDJBOd (ORCPT + 99 others); Tue, 9 Apr 2019 21:14:33 -0400 Received: from mail-pl1-f194.google.com ([209.85.214.194]:39417 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726714AbfDJBOc (ORCPT ); Tue, 9 Apr 2019 21:14:32 -0400 Received: by mail-pl1-f194.google.com with SMTP id a96so297903pla.6 for ; Tue, 09 Apr 2019 18:14:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelfernandes.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=5twU0SQ7qeKqh0+CQCpWioa1s9Zf+6xNLzQqic9rlw4=; b=FHQSlTRZrxwWRPEy09RfK1EbzDl1zZ/P9DaKFB3KmUIfEkgu6OM3YJlfaFBN4rkxkl zSvWO+0TCb29HihZcJN1LzoQ7zSzMn+0Qq163kSLfVi8pivg9gruZWze/PBLZiriUT1/ ISRaHB5ujKTs+R24ynJfXQsOp3PURKr+7ESkY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5twU0SQ7qeKqh0+CQCpWioa1s9Zf+6xNLzQqic9rlw4=; b=fhJuoxqOG50whmWFLNbtnbc7DdexuEumOyFagseoxUgqUHdZOcsUAWq1ABqyBiaOTx rmiYGLzACDxOICZnKtEfDCqVWxcM+XwV+XwOSUzwnifEeZ27kNqZldBBh17AnYezlp51 vEJ7P+bUP4QQWt3bsxAOJ6/YF2SYZDJ6hLi6/W6JSr4nNKnVWquyae9vABRmas0aVBh0 ea5/96fWZZsBa4lL26xQkJYYpJd7FztBNkS71lXt/PGbZWPpChu1GxgLpb7fGAS4DNuG HDB2WIAjHswMJegJJvRz1ms1fgroFlGrOsIYkh8aFvqINvH1VPUnF19YZxokSMQdux5O sEJg== X-Gm-Message-State: APjAAAUFjebybCpO1lGwzetGBYt7tgxwiKSQLmiU0M/PGLMOUVtiO28r 6zHDrTGkhul09uiLQI2dmV0sjJUDfWU= X-Received: by 2002:a17:902:e391:: with SMTP id ch17mr41547333plb.196.1554858871788; Tue, 09 Apr 2019 18:14:31 -0700 (PDT) Received: from joelaf.cam.corp.google.com ([2620:15c:6:12:9c46:e0da:efbf:69cc]) by smtp.gmail.com with ESMTPSA id d69sm1008867pfg.24.2019.04.09.18.14.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Apr 2019 18:14:31 -0700 (PDT) From: "Joel Fernandes (Google)" To: linux-kernel@vger.kernel.org Cc: "Joel Fernandes (Google)" , paulmck@linux.vnet.ibm.com, keescook@chromium.org, Jessica Yu , kernel-hardening@lists.openwall.com, kernel-team@android.com, mathieu.desnoyers@efficios.com, rcu@vger.kernel.org, rostedt@goodmis.org Subject: [PATCH 2/2] module: Make srcu_struct ptr array as read-only post init Date: Tue, 9 Apr 2019 21:14:18 -0400 Message-Id: <20190410011418.76408-2-joel@joelfernandes.org> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190410011418.76408-1-joel@joelfernandes.org> References: <20190410011418.76408-1-joel@joelfernandes.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Since commit title ("srcu: Allocate per-CPU data for DEFINE_SRCU() in modules"), modules that call DEFINE_{STATIC,}SRCU will have a new array of srcu_struct pointers which is used by srcu code to initialize and clean up these structures. There is no reason for this array of pointers to be writable, and can cause security or other hidden bugs. Mark these are read-only after the module init has completed. Suggested-by: paulmck@linux.vnet.ibm.com Suggested-by: keescook@chromium.org Signed-off-by: Joel Fernandes (Google) --- kernel/module.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/kernel/module.c b/kernel/module.c index f9221381d076..ed1f2612aebc 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -3301,7 +3301,7 @@ static bool blacklisted(const char *module_name) core_param(module_blacklist, module_blacklist, charp, 0400); /* - * Mark ro_after_init section with SHF_RO_AFTER_INIT so that + * These are section names marked with SHF_RO_AFTER_INIT so that * layout_sections() can put it in the right place. * Note: ro_after_init sections also have SHF_{WRITE,ALLOC} set. */ @@ -3314,6 +3314,13 @@ static char *ro_after_init_sections[] = { * annotated as such at module load time. */ "__jump_table", + + /* + * Used for SRCU structures which need to be initialized/cleaned up + * by the SRCU notifiers + */ + "___srcu_struct_ptrs", + NULL }; -- 2.21.0.392.gf8f6787159e-goog