Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp21924957ybl; Mon, 6 Jan 2020 14:14:16 -0800 (PST) X-Google-Smtp-Source: APXvYqxsjwZjVvvqTywHt2ZstMM53rQg5uAUxPHMfOzl1LFIfILU+Und6IY+spSmD3DAlfxhyEE1 X-Received: by 2002:a9d:6181:: with SMTP id g1mr121503315otk.104.1578348855871; Mon, 06 Jan 2020 14:14:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578348855; cv=none; d=google.com; s=arc-20160816; b=eopJuUHOur3mPDRGWsI98rwTa9MKmKhZsvIw9KyHW+SMF0c6S2ScOTWwUy4poMWhCv AyetbQlEXpYXvEJZAuISo7ELpHERa9WcQLAjrR3NOo1U2oK4iEwx36QhUXe66fFlZ6mx M99mdKSSNy2nvNxW1qYd+ivdCPJzgY4dgkRmTGiQZeDLFQe4SB9hxCG++myE/53c8Mtu fhwIcMGY2943INEx+1tM5sR/Y8kTUphjYOMte7yaCbqBC1cTwRUxvafZ8lt/1Srw2mvf 1YjDe0WP7g7ksAOoTAtMFPClyeA/jRKC/bJR5ssdOk9oiss1dwsbvsNZ/b6OiPBwsjYr n7Bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=eyolJd68ERnJpeKV8cAEbEAjcAmeu/bmG+0f7OhQ2SA=; b=X77Hf20E14ZpBYSQafTGEA5WXwRLu+3cOdq4KJAR4zv1SGXOjuKi2RMA5jXIt2Ewnb 8dNmB3+V9WzgjXGPTePojEza0/VhpG/wnQbr4M44op4G6w8eN2+eBi5ARDiadeiKCSrI tjlb+yeh3rseBGVz+HRl3UEoWu/obW9zgtJ7IHWdD2YmVlPkLGfzoPvPiKbjjMAxK7OV eR9O9YSMbSzyZunbGvlWbubheWGAoLo8xRFT8LoE8QG2xS3mQsTRoARbtxf/c5+gzO2J y6+xu/IKyLaoKn7bDkokD6sHZ1j6E4vamGDgm/g6QMsgqQgBlqp+BPXrteUW9hTYdZfC Yt4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Yijm0XTU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k23si28515684oiw.238.2020.01.06.14.14.02; Mon, 06 Jan 2020 14:14:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Yijm0XTU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726774AbgAFWNW (ORCPT + 99 others); Mon, 6 Jan 2020 17:13:22 -0500 Received: from mail-pg1-f193.google.com ([209.85.215.193]:36679 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726695AbgAFWNV (ORCPT ); Mon, 6 Jan 2020 17:13:21 -0500 Received: by mail-pg1-f193.google.com with SMTP id k3so27493050pgc.3; Mon, 06 Jan 2020 14:13:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=eyolJd68ERnJpeKV8cAEbEAjcAmeu/bmG+0f7OhQ2SA=; b=Yijm0XTU+T/0xsej33JyRLg5dgQC8KC6yShekyLo5/vaHao2/7DcUd/SI8l20lCGjS mRL39ZS33Ne/7Xm2Xr0sU8REN9pHR8iHGfOPR8aFm6qsoL9a5bDUvRjAKzh1H8gTlYXD vA+ciQ0duA1TVCe/iUPA98eLjzYzfOznyTYKt26YlD2xIA1iR5QxQw7oKy+44L788t+0 wY8COOYx7B1l+NnVPkBDk6qqAZy8y6rR/ERf5q324H0L4iTy6eyLKivhcRUHS/vhPsoh rjV0KqBOp+Skwxq71Lo0SP/nGtKA3TTCzRrtYu6jJ/vVG/IqlW7FjkIb2QuFmRVpzDTu EN8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=eyolJd68ERnJpeKV8cAEbEAjcAmeu/bmG+0f7OhQ2SA=; b=p+UKY58PiIUATy9p9bK+zSQllH62xQFusFAyFxW/Wvxo7JP/JwcxHj44his3hjEV9u /+HCRz5/XRSjhm6i3mbB307YIy/mSvedWv25Z7NmGl1Vlk9Ha6wA6vB4q1sAB4ypOY0s Tr3qb2Q1VyK9X/Vpt4HX+WlUirAOHEuIwxhL4gsSsQH2aNiyFYwLNunlX8mizuHaIY7L lYSk10KKLa37sP390jxrB3cJrFXFsF8XoSTVuLmcfog/zPLOgdxSXKOueYr52XYN9IDL MveM7tYJyKKq0u0om3IpM3O5YCaFqxHhGvILpPvUO5Ao6IN0Z+wuJ7Php6k2Rn2QYmCS InAA== X-Gm-Message-State: APjAAAUSBqJv/YIWkFFxMRD9KxgMI+yiKD2NItFSeJV8qXFIOIqHb0PH xNwxm/1fvz4EYK39X00cN2A= X-Received: by 2002:a63:31d1:: with SMTP id x200mr106298627pgx.405.1578348801200; Mon, 06 Jan 2020 14:13:21 -0800 (PST) Received: from ast-mbp ([2620:10d:c090:200::1:2bf6]) by smtp.gmail.com with ESMTPSA id w131sm81274287pfc.16.2020.01.06.14.13.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Jan 2020 14:13:20 -0800 (PST) Date: Mon, 6 Jan 2020 14:13:18 -0800 From: Alexei Starovoitov To: Andy Lutomirski Cc: Justin Capella , KP Singh , Rick Edgecombe , linux-kernel@vger.kernel.org, bpf@vger.kernel.org, x86@kernel.org, linux-security-module@vger.kernel.org, Kees Cook , "David S. Miller" , Alexey Kuznetsov , Hideaki YOSHIFUJI , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , Andrii Nakryiko , Thomas Garnier , Florent Revest , Brendan Jackman , Jann Horn , Matthew Garrett , Michael Halcrow Subject: Re: [PATCH bpf-next] bpf: Make trampolines W^X Message-ID: <20200106221317.wpwut2rgw23tdaoo@ast-mbp> References: <768BAF04-BEBF-489A-8737-B645816B262A@amacapital.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <768BAF04-BEBF-489A-8737-B645816B262A@amacapital.net> User-Agent: NeoMutt/20180223 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jan 05, 2020 at 10:33:54AM +0900, Andy Lutomirski wrote: > > >> On Jan 4, 2020, at 8:03 PM, Justin Capella wrote: > >  > > I'm rather ignorant about this topic but it would make sense to check prior to making executable from a security standpoint wouldn't it? (In support of the (set_memory_ro + set_memory_x) > > > > Maybe, depends if it’s structured in a way that’s actually helpful from a security perspective. > > It doesn’t help that set_memory_x and friends are not optimized at all. These functions are very, very, very slow and adversely affect all CPUs. That was one of the reason it wasn't done in the first. Also ftrace trampoline break w^x as well. Not sure what is the plan for ftrace, but for bpf trampoline I'm going to switch to text_poke (without _bp) once tip bits get merged during next merge window. Then bpf trampoline will be allocated as ro+x and text_poke will be used instead of memcpy.