Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4782701yba;
        Tue, 30 Apr 2019 04:25:24 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwwPoe3EmcsO+hN7ckBfq/RUWh0N+pVqzW5SXpS3lRZVVL7gDroGjy26N0f6T2BTatBUBxe
X-Received: by 2002:a63:f448:: with SMTP id p8mr65789926pgk.50.1556623524020;
        Tue, 30 Apr 2019 04:25:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556623524; cv=none;
        d=google.com; s=arc-20160816;
        b=nBK/YK4WW7Gf3m+2xsv1yH4aPblNirc6UMHx0nc9tAgjnT11wRRfWp+snN5w2Gv9o4
         9Y7NNneTyveRMaXDIgqXdINR6nGsuurqBg5t3RwqemHcRVc9tfi/fj900dX6MnXArNHJ
         /DuSLw/Ao6vh0o5ao7/XWBwrqvZRMqn6arjJygd6Bxb/MR1tHuTrXtnFgt9Eph5J5oDY
         vIukFE0/zxXj9iT1DSMUFvWHY8avwvpBZWvq8NxuwVGl5G6SRlEas8p0jBgLS10S+oUz
         FDpI09L9dr4Jra+L5vL2rjOSWO6/VpW5tLYP3Od72ZrGsj4vsRv9NE9UeDeclaspH1Nu
         0sUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-disposition
         :content-transfer-encoding:mime-version:robot-unsubscribe:robot-id
         :git-commit-id:subject:to:references:in-reply-to:reply-to:cc
         :message-id:from:date:dkim-signature:dkim-filter;
        bh=MXsBRDRKJauN6z5k6R/bDOZGULB2Ad+70N9h6P0ENtM=;
        b=wCsWXPOwgNBkZHRQYS6ROP64CNsmWUFOez15QiLB5oAlv/kV780ETAJyRuDSBr8Wo+
         ymketBsIxF08wEbfuk3jvt7ufPVhettNe9bXQvWw1q8qBKs3e+8TzOISTivzsgVFSrCC
         ilCzVnTTHbBKCQMYbqoaGxpXzdvdz3OSpK5wYCjLgMFK/2YIOt3oNPdOCPo1moNeoWEZ
         12lzYIVaSzGNgODz0Qmx4yyKedcTBulQvLWN9FpNkllPjQnxG291xt/VisjM7MXTVwRw
         6gIFaiJc607Cux0nHGGIAW69Q6qMqMVjM0Xqoj0Y3Fr8eyfXnLhUBIqaudCQ0Zx+g+dx
         ycow==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@zytor.com header.s=2019041745 header.b=wIbco+ka;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w8si13531580plz.301.2019.04.30.04.25.07;
        Tue, 30 Apr 2019 04:25:24 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@zytor.com header.s=2019041745 header.b=wIbco+ka;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727403AbfD3LWX (ORCPT <rfc822;1990.zhangzhen@gmail.com>
        + 99 others); Tue, 30 Apr 2019 07:22:23 -0400
Received: from terminus.zytor.com ([198.137.202.136]:55537 "EHLO
        terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726915AbfD3LWX (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Apr 2019 07:22:23 -0400
Received: from terminus.zytor.com (localhost [127.0.0.1])
        by terminus.zytor.com (8.15.2/8.15.2) with ESMTPS id x3UBLOdF1347765
        (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
        Tue, 30 Apr 2019 04:21:24 -0700
DKIM-Filter: OpenDKIM Filter v2.11.0 terminus.zytor.com x3UBLOdF1347765
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com;
        s=2019041745; t=1556623285;
        bh=MXsBRDRKJauN6z5k6R/bDOZGULB2Ad+70N9h6P0ENtM=;
        h=Date:From:Cc:Reply-To:In-Reply-To:References:To:Subject:From;
        b=wIbco+kaQEDNXehFk4GA8CAk2aOIV243zICGlYMC2RNLL3oYzybyEKRpqJv1/uYmI
         s5wmqxv/JbdeCxyuOj4TkvLRaXFPy+4XJFOHy/j1zTupASaYNktOYkJgsCbYjaZGDB
         Q9o+s9+fTMz3lUbojDi43QnrFR3y/66WOOXx48bFUG7NAXj/lOiu89NbN7OGSj3hpT
         2YxT0eIrwjRgQO8onIu0AFuQc+odnovb3Nd8CgEJEj0muP3+aiA5cmiUUT8mzdjUYZ
         8cYPh8vgEkWnvfmPq4mKYGs+5sUmaSH1+NOrtnBvEBbGLva/TLHPtqFiqE5EfH7f6p
         M3Dai51YDslBw==
Received: (from tipbot@localhost)
        by terminus.zytor.com (8.15.2/8.15.2/Submit) id x3UBLNMb1347762;
        Tue, 30 Apr 2019 04:21:23 -0700
Date:   Tue, 30 Apr 2019 04:21:23 -0700
X-Authentication-Warning: terminus.zytor.com: tipbot set sender to tipbot@zytor.com using -f
From:   tip-bot for Nadav Amit <tipbot@zytor.com>
Message-ID: <tip-3c0dab44e22782359a0a706cbce72de99a22aa75@git.kernel.org>
Cc:     bp@alien8.de, linux-kernel@vger.kernel.org,
        kernel-hardening@lists.openwall.com, luto@kernel.org,
        ard.biesheuvel@linaro.org, akpm@linux-foundation.org,
        linux_dti@icloud.com, dave.hansen@linux.intel.com,
        tglx@linutronix.de, torvalds@linux-foundation.org,
        rick.p.edgecombe@intel.com, will.deacon@arm.com,
        rostedt@goodmis.org, namit@vmware.com, deneen.t.dock@intel.com,
        kristen@linux.intel.com, peterz@infradead.org, mingo@kernel.org,
        hpa@zytor.com, riel@surriel.com
Reply-To: kernel-hardening@lists.openwall.com,
          linux-kernel@vger.kernel.org, bp@alien8.de, luto@kernel.org,
          ard.biesheuvel@linaro.org, linux_dti@icloud.com,
          akpm@linux-foundation.org, dave.hansen@linux.intel.com,
          tglx@linutronix.de, torvalds@linux-foundation.org,
          will.deacon@arm.com, rick.p.edgecombe@intel.com,
          rostedt@goodmis.org, namit@vmware.com, deneen.t.dock@intel.com,
          mingo@kernel.org, peterz@infradead.org, kristen@linux.intel.com,
          riel@surriel.com, hpa@zytor.com
In-Reply-To: <20190426001143.4983-10-namit@vmware.com>
References: <20190426001143.4983-10-namit@vmware.com>
To:     linux-tip-commits@vger.kernel.org
Subject: [tip:x86/mm] x86/ftrace: Set trampoline pages as executable
Git-Commit-ID: 3c0dab44e22782359a0a706cbce72de99a22aa75
X-Mailer: tip-git-log-daemon
Robot-ID: <tip-bot.git.kernel.org>
Robot-Unsubscribe: Contact <mailto:hpa@kernel.org> to get blacklisted from
 these emails
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_00,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
        FREEMAIL_FORGED_REPLYTO,T_DATE_IN_FUTURE_96_Q autolearn=no
        autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on terminus.zytor.com
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Commit-ID:  3c0dab44e22782359a0a706cbce72de99a22aa75
Gitweb:     https://git.kernel.org/tip/3c0dab44e22782359a0a706cbce72de99a22aa75
Author:     Nadav Amit <namit@vmware.com>
AuthorDate: Thu, 25 Apr 2019 17:11:29 -0700
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Tue, 30 Apr 2019 12:37:53 +0200

x86/ftrace: Set trampoline pages as executable

Since alloc_module() will not set the pages as executable soon, set
ftrace trampoline pages as executable after they are allocated.

For the time being, do not change ftrace to use the text_poke()
interface. As a result, ftrace still breaks W^X.

Signed-off-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: <akpm@linux-foundation.org>
Cc: <ard.biesheuvel@linaro.org>
Cc: <deneen.t.dock@intel.com>
Cc: <kernel-hardening@lists.openwall.com>
Cc: <kristen@linux.intel.com>
Cc: <linux_dti@icloud.com>
Cc: <will.deacon@arm.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Rik van Riel <riel@surriel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190426001143.4983-10-namit@vmware.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/kernel/ftrace.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index ef49517f6bb2..53ba1aa3a01f 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -730,6 +730,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
 	unsigned long end_offset;
 	unsigned long op_offset;
 	unsigned long offset;
+	unsigned long npages;
 	unsigned long size;
 	unsigned long retq;
 	unsigned long *ptr;
@@ -762,6 +763,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
 		return 0;
 
 	*tramp_size = size + RET_SIZE + sizeof(void *);
+	npages = DIV_ROUND_UP(*tramp_size, PAGE_SIZE);
 
 	/* Copy ftrace_caller onto the trampoline memory */
 	ret = probe_kernel_read(trampoline, (void *)start_offset, size);
@@ -806,6 +808,12 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
 	/* ALLOC_TRAMP flags lets us know we created it */
 	ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP;
 
+	/*
+	 * Module allocation needs to be completed by making the page
+	 * executable. The page is still writable, which is a security hazard,
+	 * but anyhow ftrace breaks W^X completely.
+	 */
+	set_memory_x((unsigned long)trampoline, npages);
 	return (unsigned long)trampoline;
 fail:
 	tramp_free(trampoline, *tramp_size);