Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4189095yba; Wed, 17 Apr 2019 06:31:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqzm3zTIyoF8qUNwEGfH8gq5ntjFM98V8Uc+vCZjJYuzl7Q5ghVZe+xXHhJtd6J7G9+sMEoD X-Received: by 2002:a63:7153:: with SMTP id b19mr79788784pgn.289.1555507887725; Wed, 17 Apr 2019 06:31:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555507887; cv=none; d=google.com; s=arc-20160816; b=gEk5LeOvss96eRk2PGMmeuhWY01KMEd4GJ0ueXP53i1yDRQdSfgGWCfp2uqSzi2WTA 6iLhE7yjIJuICZ34N6r+tYEafqDJi3GZ9m4iv0MZ1wpQlTBAZduwB7rqb5VOJ798L+5v ctDyVYBJADHzsYMd7puYGjz2Zh/tBcH8++OuYtkHoEGuFO/BYhmWLZSRpYu8D1hp9EMG JVJsWlnU0leMePkfGBJLsQdZsrm2wG2zN1JkZGWR2zoVJW1FPuzXCGtssCFVE5SNJdwW gQJpDcZqOaiqbZfDWYBxs2xmwwE1p0dxSCGcFrfEpvKcm9JGkDU7ObKc+t7dqPfaxgTB N8/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=xo3lXv9qKQmV4xn8cvuXmQXAgb0Sai0iyPMeQHwGXlI=; b=b9qmGZmNZgKvk2T8Vc/ITuWfeCopuiQJvp3gQS+DYD/rLnFDH75GbitaQIDPhm3AVy GpipX4KOk8pMIdoN2CzyU1Gom1/0WXOp6Pjsj+7Ejkovo19U898vR+mYi/g6pDdcMJU/ fhXGVtgIkMo6OL1PFTEZE2FwY6YGN3B7QpOV5XsL9TnTeVsPTbrqLnU2vV2WrmZ/QVyl bSnA3hmY+agTudFiW4Hc+98upRueJgFfvg4ak6hnRR1XlHp982h1lKiqEx1h4vdKTU1V Vq8IkmJdiTQ/2pXwO2R0jU+KmzaAdn0nA/+n8WsWQc/ZHA8H6CMoLJnOUuOIwRG4AlgE MPdQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uoNwipDx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h185si12720412pge.368.2019.04.17.06.31.10; Wed, 17 Apr 2019 06:31:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uoNwipDx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732242AbfDQN3f (ORCPT + 99 others); Wed, 17 Apr 2019 09:29:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:35674 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727034AbfDQN3f (ORCPT ); Wed, 17 Apr 2019 09:29:35 -0400 Received: from linux-8ccs (charybdis-ext.suse.de [195.135.221.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 655C72173C; Wed, 17 Apr 2019 13:29:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1555507774; bh=0xJnJZYcgd0q+PpUhdPcfaC9aLx6V78fhgRRB1mEoMw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=uoNwipDx1HX3uEz2u3yaItHobSLLQ/0QXLuhaUOmRGGBhP8yLFszHDQ2fyP/Qd9C6 oF0X93LjGfK00Z70keih5xxx+48yoTecUC3dROMESmURbKStfr4V7TjSLW1vT/d4WL 4JAu/5IIYYzOmO1tZkQ2/dbBplQjtMvdXQzLIAH8= Date: Wed, 17 Apr 2019 15:29:29 +0200 From: Jessica Yu To: "Joel Fernandes (Google)" Cc: linux-kernel@vger.kernel.org, paulmck@linux.vnet.ibm.com, rostedt@goodmis.org, mathieu.desnoyers@efficios.com, rcu@vger.kernel.org, kernel-hardening@lists.openwall.com, kernel-team@android.com, keescook@chromium.org Subject: Re: [PATCH v3 1/3] module: Prepare for addition of new ro_after_init sections Message-ID: <20190417132929.GC17099@linux-8ccs> References: <20190410195708.162185-1-joel@joelfernandes.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20190410195708.162185-1-joel@joelfernandes.org> X-OS: Linux linux-8ccs 5.1.0-rc1-lp150.12.28-default+ x86_64 User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +++ Joel Fernandes (Google) [10/04/19 15:57 -0400]: >For the purposes of hardening modules by adding sections to >ro_after_init sections, prepare for addition of new ro_after_init >entries which we do in future patches. Create a table to which new >entries could be added later. This makes it less error prone and reduce >code duplication. > >Cc: paulmck@linux.vnet.ibm.com >Cc: rostedt@goodmis.org >Cc: mathieu.desnoyers@efficios.com >Cc: rcu@vger.kernel.org >Cc: kernel-hardening@lists.openwall.com >Cc: kernel-team@android.com >Suggested-by: keescook@chromium.org >Reviewed-by: keescook@chromium.org >Acked-by: rostedt@goodmis.org >Signed-off-by: Joel Fernandes (Google) Hi Joel! Thanks for the patchset! Apologies for the late reply, I've returned from vacation this week and am catching up on the previous threads.. And if I'm all caught up now, it looks like the plan now is to drop this patchset in favor of just marking the srcu pointer array const, is that correct? That should put it in a rodata section (ie., a section without SHF_WRITE) and the module loader will mark it RO appropriately after relocations are applied, so it really doesn't have to be a ro_after_init section then if I'm understanding correctly. Jessica >--- > kernel/module.c | 41 +++++++++++++++++++++++------------------ > 1 file changed, 23 insertions(+), 18 deletions(-) > >diff --git a/kernel/module.c b/kernel/module.c >index 524da609c884..42e4e289d6c7 100644 >--- a/kernel/module.c >+++ b/kernel/module.c >@@ -3300,11 +3300,27 @@ static bool blacklisted(const char *module_name) > } > core_param(module_blacklist, module_blacklist, charp, 0400); > >+/* >+ * Mark ro_after_init section with SHF_RO_AFTER_INIT so that >+ * layout_sections() can put it in the right place. >+ * Note: ro_after_init sections also have SHF_{WRITE,ALLOC} set. >+ */ >+static const char * const ro_after_init_sections[] = { >+ ".data..ro_after_init", >+ >+ /* >+ * __jump_table structures are never modified, with the exception of >+ * entries that refer to code in the __init section, which are >+ * annotated as such at module load time. >+ */ >+ "__jump_table", >+}; >+ > static struct module *layout_and_allocate(struct load_info *info, int flags) > { > struct module *mod; > unsigned int ndx; >- int err; >+ int err, i; > > err = check_modinfo(info->mod, info, flags); > if (err) >@@ -3319,23 +3335,12 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) > /* We will do a special allocation for per-cpu sections later. */ > info->sechdrs[info->index.pcpu].sh_flags &= ~(unsigned long)SHF_ALLOC; > >- /* >- * Mark ro_after_init section with SHF_RO_AFTER_INIT so that >- * layout_sections() can put it in the right place. >- * Note: ro_after_init sections also have SHF_{WRITE,ALLOC} set. >- */ >- ndx = find_sec(info, ".data..ro_after_init"); >- if (ndx) >- info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; >- /* >- * Mark the __jump_table section as ro_after_init as well: these data >- * structures are never modified, with the exception of entries that >- * refer to code in the __init section, which are annotated as such >- * at module load time. >- */ >- ndx = find_sec(info, "__jump_table"); >- if (ndx) >- info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; >+ /* Set sh_flags for read-only after init sections */ >+ for (i = 0; i < ARRAY_SIZE(ro_after_init_sections); i++) { >+ ndx = find_sec(info, ro_after_init_sections[i]); >+ if (ndx) >+ info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; >+ } > > /* Determine total sizes, and put offsets in sh_entsize. For now > this is done generically; there doesn't appear to be any >-- >2.21.0.392.gf8f6787159e-goog >