Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp4606329ybi; Mon, 27 May 2019 22:45:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqzIEdTKOEzj9xnym+jvJGbtT2uw9Z2xeZXyWE1VeMWUema/uXgdx9N9Y3sKMvGs3e73VJ33 X-Received: by 2002:a17:902:2be8:: with SMTP id l95mr26642529plb.231.1559022345731; Mon, 27 May 2019 22:45:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559022345; cv=none; d=google.com; s=arc-20160816; b=FgikM8m+O4vCNcl2OzDf/ASsg5Jo44Dihy3vk1mBR1CJLQQkqHlavN1EjVbQq2X5H/ +6g52IAdx8+G8YqPnk7aHIGDfazx+CH0FvyQW49jS0AgvgFoSy1Ag5BoBIa/wgCjLld2 1LPrYrtPzdGyBcx0E90qcJLsGigYeZwcpU6DZJ5jJA+Wp/GVaQzrFk4Sw1McF3Ebl/7d B2YC/CpvjyD1l9Vq/XK76i9aIqKNiDCYXHCiqd4JHsZvMIDidm/9KNTyQdzTM9CVaEnJ SICjyOR67Lz71e9gnafkWQ3KhSGPB8bg3Wko1BeEBa4jmAi70YN3Lu77XBMr/g9/qDaA SCvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=f8+8LxDle9R3DfkW9Fj1uOXUfSeZrGTkh6mml4NRzl0=; b=XjuhhzQYZxJqvf/5/4iHQcmowi3DXS0LTxQl6e8YpSStOHe3UeHdf0x1+gaAJL3r6f AGqDSi5193ZiL5egBIazFNvkZIM1SeEXCWpyH70pcxHYuXqqW/Pst3R9Ol37AegZ2F7V bZc/W2JBvBM5HD8MyEMLEtYM3aAOeMNfJHYWdbd7bovrtz1ivanubqQov9FQlViYQPTY HSjX6E7b0l1AXoBrrpyPLyBgdeAUvY7D8g/EQaQHwiGp8Xan/Lf+gLyKRfdMTrM6bdDH NamyPyqikYPx0HHfkQ/M4eZtLO/pb6hYTK8Qzspt9DES9zdqrqBxZDLX5fWGuwe67Qrg 3ZDw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v9si18422444pfm.50.2019.05.27.22.45.27; Mon, 27 May 2019 22:45:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727342AbfE1Ff0 (ORCPT + 99 others); Tue, 28 May 2019 01:35:26 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:48830 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726269AbfE1Ff0 (ORCPT ); Tue, 28 May 2019 01:35:26 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DB1C8A78; Mon, 27 May 2019 22:35:25 -0700 (PDT) Received: from [10.162.40.141] (p8cg001049571a15.blr.arm.com [10.162.40.141]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 004CB3F690; Mon, 27 May 2019 22:35:21 -0700 (PDT) Subject: Re: [PATCH 1/4] arm64: module: create module allocations without exec permissions To: Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Cc: mark.rutland@arm.com, marc.zyngier@arm.com, Will Deacon , linux-kernel@vger.kernel.org, Peter Zijlstra , Nadav Amit , Masami Hiramatsu , James Morse , Andrew Morton , Rick Edgecombe References: <20190523102256.29168-1-ard.biesheuvel@arm.com> <20190523102256.29168-2-ard.biesheuvel@arm.com> From: Anshuman Khandual Message-ID: Date: Tue, 28 May 2019 11:05:33 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20190523102256.29168-2-ard.biesheuvel@arm.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/23/2019 03:52 PM, Ard Biesheuvel wrote: > Now that the core code manages the executable permissions of code > regions of modules explicitly, it is no longer necessary to create I guess the permission transition for various module sections happen through module_enable_[ro|nx]() after allocating via module_alloc(). > the module vmalloc regions with RWX permissions, and we can create > them with RW- permissions instead, which is preferred from a > security perspective. Makes sense. Will this be followed in all architectures now ? > > Signed-off-by: Ard Biesheuvel > --- > arch/arm64/kernel/module.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c > index 2e4e3915b4d0..88f0ed31d9aa 100644 > --- a/arch/arm64/kernel/module.c > +++ b/arch/arm64/kernel/module.c > @@ -41,7 +41,7 @@ void *module_alloc(unsigned long size) > > p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base, > module_alloc_base + MODULES_VSIZE, > - gfp_mask, PAGE_KERNEL_EXEC, 0, > + gfp_mask, PAGE_KERNEL, 0, > NUMA_NO_NODE, __builtin_return_address(0)); > > if (!p && IS_ENABLED(CONFIG_ARM64_MODULE_PLTS) && > @@ -57,7 +57,7 @@ void *module_alloc(unsigned long size) > */ > p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base, > module_alloc_base + SZ_4G, GFP_KERNEL, > - PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE, > + PAGE_KERNEL, 0, NUMA_NO_NODE, > __builtin_return_address(0)); > > if (p && (kasan_module_alloc(p, size) < 0)) { > Which just makes sure that PTE_PXN never gets dropped while creating these mappings.