Received: by 2002:a17:90a:2044:0:0:0:0 with SMTP id n62csp8034398pjc; Mon, 27 May 2019 23:27:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqyfRZScc2TuYd752GNrZYJivrM5z9DeiaE4oXCIxkMIfT1izMal4AA2tlymKfuVO5Meg1gx X-Received: by 2002:a17:90a:d16:: with SMTP id t22mr3511124pja.130.1559024874561; Mon, 27 May 2019 23:27:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559024874; cv=none; d=google.com; s=arc-20160816; b=HV1GrC+2OrHqdsiYG9JJmOk3qAe11UNTIoNjrxnGAauFBIslvSPtOvHtrtJ7zoSIkH PUeygFxSj1ENqh9uaPfQ5kIbYIbZVdlbuXwkqY9HAU9q3MylHp2t+kO0CIddOR7JGZVd vRAqI33aBPRGjaZR3HwRK4k2UbunfK2xK+fqYOBKIji8lA7+XU2ExPB/jH3MF8cKLbmk V1gRnZkiV9p2s1PEU3Gyhj9jxB34tvuQ/RMwbwUXM6Q2/Hw80kCJxIN1w+xbfC3YY5Cb dJ9Bpx08nKwIuuxUNjmPcoBrZ4QHYptWXqt1fqvtjpBMCvf7k1LRMul0xvjfDcGhPzHS +Erg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=X9qqhzbhEcYsiL8PPSeT6HEHfBqWZyJz94sjyOUSv5Y=; b=pi1TzH6q9TK112dTrkzzket5L1+KtPwabW6KMGXZD2nwEZrun8dRSpdTm9GbwQYBH5 TcVsV3t9vln/k7vlKuP3OlwBPI1Z6SkoVvowRIKO8tACwRor8lg59hXcPEdHAQZ3AABl QGshUuiZL1HE45AFsjX24InUo0TQMGPiOAJJqa6rdobhA2Vte6GqLs8v/8leYuWdctqH UCbHWc57yFFctJwKf3ZJEX5cPwSF56RhliTQBks/n/MB69JzqE8Vn7nNGLXXfPydlqU0 HTBlbALl9RX266OnwhcDHTSBDm5DjpMCDloPBe0WM0BW4lGUs/92xmZrJQ767BJ+Q3Yv qIug== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j70si20176252pgc.7.2019.05.27.23.27.39; Mon, 27 May 2019 23:27:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727905AbfE1GZB (ORCPT + 99 others); Tue, 28 May 2019 02:25:01 -0400 Received: from foss.arm.com ([217.140.101.70]:49616 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726305AbfE1GY7 (ORCPT ); Tue, 28 May 2019 02:24:59 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6CF1AA78; Mon, 27 May 2019 23:24:59 -0700 (PDT) Received: from [192.168.1.27] (usa-sjc-mx-foss1.foss.arm.com [217.140.101.70]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id EDF5D3F690; Mon, 27 May 2019 23:24:56 -0700 (PDT) Subject: Re: [PATCH 1/4] arm64: module: create module allocations without exec permissions To: Anshuman Khandual , linux-arm-kernel@lists.infradead.org Cc: mark.rutland@arm.com, marc.zyngier@arm.com, Will Deacon , linux-kernel@vger.kernel.org, Peter Zijlstra , Nadav Amit , Masami Hiramatsu , James Morse , Andrew Morton , Rick Edgecombe References: <20190523102256.29168-1-ard.biesheuvel@arm.com> <20190523102256.29168-2-ard.biesheuvel@arm.com> From: Ard Biesheuvel Message-ID: Date: Tue, 28 May 2019 08:24:50 +0200 User-Agent: Mozilla/5.0 (X11; Linux aarch64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/28/19 7:35 AM, Anshuman Khandual wrote: > > > On 05/23/2019 03:52 PM, Ard Biesheuvel wrote: >> Now that the core code manages the executable permissions of code >> regions of modules explicitly, it is no longer necessary to create > > I guess the permission transition for various module sections happen > through module_enable_[ro|nx]() after allocating via module_alloc(). > Indeed. >> the module vmalloc regions with RWX permissions, and we can create >> them with RW- permissions instead, which is preferred from a >> security perspective. > > Makes sense. Will this be followed in all architectures now ? > I am not sure if every architecture implements module_enable_[ro|nx](), but if they do, they should probably apply this change as well. >> >> Signed-off-by: Ard Biesheuvel >> --- >> arch/arm64/kernel/module.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c >> index 2e4e3915b4d0..88f0ed31d9aa 100644 >> --- a/arch/arm64/kernel/module.c >> +++ b/arch/arm64/kernel/module.c >> @@ -41,7 +41,7 @@ void *module_alloc(unsigned long size) >> >> p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base, >> module_alloc_base + MODULES_VSIZE, >> - gfp_mask, PAGE_KERNEL_EXEC, 0, >> + gfp_mask, PAGE_KERNEL, 0, >> NUMA_NO_NODE, __builtin_return_address(0)); >> >> if (!p && IS_ENABLED(CONFIG_ARM64_MODULE_PLTS) && >> @@ -57,7 +57,7 @@ void *module_alloc(unsigned long size) >> */ >> p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base, >> module_alloc_base + SZ_4G, GFP_KERNEL, >> - PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE, >> + PAGE_KERNEL, 0, NUMA_NO_NODE, >> __builtin_return_address(0)); >> >> if (p && (kasan_module_alloc(p, size) < 0)) { >> > > Which just makes sure that PTE_PXN never gets dropped while creating > these mappings. > Not sure what you mean. Is there a question here?