Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp536235ybi; Fri, 7 Jun 2019 12:12:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqx8OabXBN45Fq0Iq1PRvypwdZpYoEzuDSKrvddp9pmBzhJa6WlB2au19I3GxRslEuVN/Q7D X-Received: by 2002:a62:304:: with SMTP id 4mr60839857pfd.186.1559934777508; Fri, 07 Jun 2019 12:12:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559934777; cv=none; d=google.com; s=arc-20160816; b=uREwTBzV8QOBupg2QNVkB6O5Cqk/XSmeeaULk8T62YK1uxqxuyS6tOZi16KcT6r4Qa 6uMkVulgF6ziHo4pVljK1SOeCzbiK3rBR/5NcRT+dwhrqttswP0aEGwsMCWGAKwtyhaN BbaLisTxx+BQOpIkp99PLeMaSSnHPxsJTqe/ITiD7Q3lyWk0hjhD7oUcg7mfJLP42MZR 6WmU+J5nOMw/8wrw9YX3gE2xRgEv7MJ87/8fqS9MbjX20IajFebsTU06LIQ5StUbdbCo j5d1MBYFyv9PJIXgqQHE8CBW0tNxaRVmfWCjjE9CT2rcA/CpWGxsIXwCWGPZl41JvaVA X2fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=tBPi3LK10hl+bwno9RQCz/qihPZehF+Kz3JJTtKVnho=; b=MhM3GjOa50QtvDZVG7PeddcFRCelWGrM4yY+NjYJtu6gBRpTQXnR4ROz92b1nwk+nL Ewg7ATeoynd3yqPKXoH1qEeqMhi47W3xFwvA/9FC6foS2Su6RC2xUJSjEDlrwlejtBLZ GnssKeTxWCUfMMOuv0+vvrSH8kvdpNeFLRBiGPO8TywqSDLevnKGsgublV/OFBAWqzDW eIpdW1JfUm5uNr74Ry5yWlHqJfKFUqli32VU/DENyMC+s6vX0TRgZfNFAslsrXy733De nw7eH1UwV2cw+Tdwtii6Ye6hOhkGcfgWQ0n3n/SzDfMRr0O+wmaGvdWQ1wC4eZHcJYNL 5a4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ThUi9svs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o26si2820696pgv.311.2019.06.07.12.12.40; Fri, 07 Jun 2019 12:12:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ThUi9svs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732209AbfFGPuo (ORCPT + 99 others); Fri, 7 Jun 2019 11:50:44 -0400 Received: from mail.kernel.org ([198.145.29.99]:37684 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732203AbfFGPul (ORCPT ); Fri, 7 Jun 2019 11:50:41 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D85A420840; Fri, 7 Jun 2019 15:50:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1559922640; bh=cd/ev9VaIWkYNYVnJKhJjuJBTw0BlAWFxLbrCgag56A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ThUi9svs6vijyCILYkhcgNiYwi4lKkr/EOz265TC7Dc3+5LXz07kjbn2b6Ac/aeAG BlbbADdg/lleLNo/J28USUNgd7xVxF3VpYBwvELO7o7V77UywhCg3k8Eb2ooaxOZDD 2bofmGaZPfuUW9C+7R6fZMcrbBxqQwajnK6w7LSQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Nadav Amit , Rick Edgecombe , "Peter Zijlstra (Intel)" , akpm@linux-foundation.org, ard.biesheuvel@linaro.org, deneen.t.dock@intel.com, kernel-hardening@lists.openwall.com, kristen@linux.intel.com, linux_dti@icloud.com, will.deacon@arm.com, Andy Lutomirski , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Linus Torvalds , Rik van Riel , Thomas Gleixner , Ingo Molnar , Sasha Levin Subject: [PATCH 5.1 85/85] x86/kprobes: Set instruction page as executable Date: Fri, 7 Jun 2019 17:40:10 +0200 Message-Id: <20190607153858.186248816@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190607153849.101321647@linuxfoundation.org> References: <20190607153849.101321647@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit 7298e24f904224fa79eb8fd7e0fbd78950ccf2db ] Set the page as executable after allocation. This patch is a preparatory patch for a following patch that makes module allocated pages non-executable. While at it, do some small cleanup of what appears to be unnecessary masking. Signed-off-by: Nadav Amit Signed-off-by: Rick Edgecombe Signed-off-by: Peter Zijlstra (Intel) Cc: Cc: Cc: Cc: Cc: Cc: Cc: Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Dave Hansen Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Rik van Riel Cc: Thomas Gleixner Link: https://lkml.kernel.org/r/20190426001143.4983-11-namit@vmware.com Signed-off-by: Ingo Molnar Signed-off-by: Sasha Levin --- arch/x86/kernel/kprobes/core.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c index fed46ddb1eef..06058c44ab57 100644 --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -431,8 +431,20 @@ void *alloc_insn_page(void) void *page; page = module_alloc(PAGE_SIZE); - if (page) - set_memory_ro((unsigned long)page & PAGE_MASK, 1); + if (!page) + return NULL; + + /* + * First make the page read-only, and only then make it executable to + * prevent it from being W+X in between. + */ + set_memory_ro((unsigned long)page, 1); + + /* + * TODO: Once additional kernel code protection mechanisms are set, ensure + * that the page was not maliciously altered and it is still zeroed. + */ + set_memory_x((unsigned long)page, 1); return page; } @@ -440,8 +452,12 @@ void *alloc_insn_page(void) /* Recover page to RW mode before releasing it */ void free_insn_page(void *page) { - set_memory_nx((unsigned long)page & PAGE_MASK, 1); - set_memory_rw((unsigned long)page & PAGE_MASK, 1); + /* + * First make the page non-executable, and only then make it writable to + * prevent it from being W+X in between. + */ + set_memory_nx((unsigned long)page, 1); + set_memory_rw((unsigned long)page, 1); module_memfree(page); } -- 2.20.1