Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3175795ybb; Mon, 6 Apr 2020 03:48:11 -0700 (PDT) X-Google-Smtp-Source: APiQypLo9Yd3kPU1W2pVW0Xr4v3/TFxTv0YR3ez2pI4Msq/BWl7Op2Tz78Myeac75W7Q42Hdtcbi X-Received: by 2002:a4a:9190:: with SMTP id d16mr17092457ooh.38.1586170090933; Mon, 06 Apr 2020 03:48:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586170090; cv=none; d=google.com; s=arc-20160816; b=KGPxgzkqGo2dgeA3GI4aMM9z/eh9deARYZ1nqjKAixllxdNQZ6YfdmgumSzTuK6302 r97hhmjvQVVHXlqpS0wazd6PV7j1NbS5oZxukbf5BIRVojRO68jl4Mps65VyXrNqW3SQ Y5QspCqLItWwkvFmAwviiOiaAZKelyuDA2wZ4TaZXXk4le9ndvyd2RTtOZVWTcFQL1/T ePeCl2aZvl4FIaMsT1pdGEsARdUXU9kAZaIgXMtp1kpH4gTFdo6JOfWyoeeyS9LTv5Cv AkQug4iyMeqGBKmbZfas8UfBo/1FrvQKJo01bAwYeeJa1e48Gi3DoYSik9iy7AONXzrN +lbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=SAOtOtsnMhSB630jVBxpSFOuDa6yuC7Vlw/Z6D6YZU4=; b=uo9MMLpMMY8m9H+yg0HxFO30/WI+HVWUGzmZM8GppWOqsDoi6kvKh6dPUQ4bw1SdNM BUHxhJG+iPbYNs4ZPSK1IqQY9eHjaPfHRDEJR82wom9BkIEEcT6MSK7SsFJC5aN3U9Ee wPdiHJXTD4GHs20jtjedbS1yjmKmYaNOtBxrKjTiZRiyopVRwsblMYKb9Uoy2OqbcHyo aLORq76N4Jsj1RsyVWfjM1NXdVQjIZLfMwdNNlgfD5YC8MgbYFq32BZ2gibtnenx0ZEj wJoCE6wtgU4PxaILKNX9ThlFalv8Cs/loI3GAuXdONVPfvK3pm031gz4kPqdIhmLd36F 2rmA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=mJZCbwkb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a21si9536903otk.277.2020.04.06.03.47.59; Mon, 06 Apr 2020 03:48:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=mJZCbwkb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727192AbgDFKqX (ORCPT + 99 others); Mon, 6 Apr 2020 06:46:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:34768 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726841AbgDFKqX (ORCPT ); Mon, 6 Apr 2020 06:46:23 -0400 Received: from linux-8ccs (p3EE2C7AC.dip0.t-ipconnect.de [62.226.199.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3E0512072A; Mon, 6 Apr 2020 10:46:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586169982; bh=VeFFXsuWR9uPnSwDIxLT71XI7ZXHdNrRVMRE7hUENAI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=mJZCbwkbRogcgKRxcNXZSbRnvT9QZHFNAxjiSFYxhNorCHA1rUD8O4fgrVgumj6rG B1zu+ds1Fy+WIm8V6c39ZkyoQmwmHHeJ48uqi61gWhJcP/7Z4VWlE1ufTIkoK2MZT2 E2cLhUEUhqSxw9nQRr0gSgGCZ69kh/CGEt+ge1Ts= Date: Mon, 6 Apr 2020 12:46:17 +0200 From: Jessica Yu To: Miroslav Benes Cc: Josh Poimboeuf , Peter Zijlstra , linux-kernel@vger.kernel.org, Thomas Gleixner , keescook@chromium.org Subject: Re: [PATCH] module: Harden STRICT_MODULE_RWX Message-ID: <20200406104615.GA9629@linux-8ccs> References: <20200403163716.GV20730@hirez.programming.kicks-ass.net> <20200403165631.hrxxm3pnzqa4vxln@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: X-OS: Linux linux-8ccs 4.12.14-lp150.12.61-default x86_64 User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +++ Miroslav Benes [06/04/20 11:55 +0200]: >On Fri, 3 Apr 2020, Josh Poimboeuf wrote: > >> On Fri, Apr 03, 2020 at 06:37:16PM +0200, Peter Zijlstra wrote: >> > +{ >> > + int i; >> > + >> > + for (i = 0; i < hdr->e_shnum; i++) { >> > + if (sechdrs[i].sh_flags & (SHF_EXECINSTR|SHF_WRITE)) >> > + return -ENOEXEC; >> >> I think you only want the error when both are set? >> >> if (sechdrs[i].sh_flags & (SHF_EXECINSTR|SHF_WRITE) == (SHF_EXECINSTR|SHF_WRITE)) > >A section with SHF_EXECINSTR and SHF_WRITE but without SHF_ALLOC would be >strange though, no? It wouldn't be copied to the final module later >anyway. That's right - move_module() ignores !SHF_ALLOC sections and does not copy them over to their final location. So I think we want to look for SHF_EXECINSTR|SHF_WRITE|SHF_ALLOC here.. >Looking at layout_sections()... a section with >SHF_EXECINSTR|SHF_WRITE|SHF_ALLOC would not be counted at all. Also correct, a section with SHF_EXECINSTR|SHF_WRITE|SHF_ALLOC would be ignored as it matches none of the masks listed in layout_sections() - its section->sh_entsize will stay ~0UL. >However, >move_module() later copies everything with SHF_ALLOC flag to the final >module. If there is WXA section, there would be a bug because the >allocation there would not get the correct size. In that case it is >important to error out early as you're proposing. That would be a bug indeed, - we'd get a completely wrong offset to copy into since sh_entsize was never initialized. Actually, there should probably be a check for that in move_module() :-/ >Am I missing something? Nope, thanks for double checking everything! Jessica