Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3277203ybb; Mon, 6 Apr 2020 05:54:33 -0700 (PDT) X-Google-Smtp-Source: APiQypKfbfRSt+/gkJG2j0/umKW9a/ved47saRSPA/nj1PCYZndXYpIieyzlejZLHIUIb6JU5f6z X-Received: by 2002:aca:b602:: with SMTP id g2mr12340226oif.82.1586177673464; Mon, 06 Apr 2020 05:54:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586177673; cv=none; d=google.com; s=arc-20160816; b=y/XKk9a5KS8smBRjZyPXQKosi2VHF9O4/LCQfVusfYd2SzEg5FR0XPSL2bIkaAiU8V REfQmh91Zp60GJitfzXEeSsrsHnWzNDQ77J97mvSl87xB+ScN0/Sk1t/0HDF0GV1k1V8 rMUo4AbhOZOQcqEUQ821KklRmoSuzvZkUkOUeTyxP0J2Rfr/kUxeCpD3Mn4hBrXd2S2C u6lAn8QuU4D9OfYtc7xhzol7V2gwQFqGNDgVo0QfTkQTrm7ihS7iw65PxUZeDRAsaO6q cCLB/lFCwONfq16Tne6vVCf4RQTybMhgJg5oolFKeMgsqgsFMFnuvmtgertT+VEPOLIe 3iMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=lQohNzM11YcwUnGbKVriSxvpkxClX90GjjP5n6dQx5w=; b=B+t4KcsxJnjvoJxaH7Ur1Jw2b1IAlDU30CdKSGwT10fUA3oXDJBpDVpCEOi1oeZJyM RkPK//xCI+/US2f52B88edI++FeQui6phOWqBvWCBjh1hIwnpOwhqXEoScEF8qF9A7ft ONe9nDlJoGUun+kRtfAGpt9EdFQwE9gofW8msRDk/Cj0cV9zjB8Q+68hS447bwY/rVb0 w+JkanYkpaAjeIvFbW5QUeSiGQZtjty2QXr9G2gg/8o1zjDglw6knZf2UBIarvla8nAf TQfcV1NCWkO3cgDAuHcG/E5Zp/JfMQm1gJTw1EqQv8jBg6NckKih8iU553a8jzx1+okA nOBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=GjrZbmPP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r82si7871470oia.155.2020.04.06.05.54.21; Mon, 06 Apr 2020 05:54:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=GjrZbmPP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728202AbgDFMxm (ORCPT + 99 others); Mon, 6 Apr 2020 08:53:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:54778 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728041AbgDFMxm (ORCPT ); Mon, 6 Apr 2020 08:53:42 -0400 Received: from linux-8ccs (p3EE2C7AC.dip0.t-ipconnect.de [62.226.199.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1389222205; Mon, 6 Apr 2020 12:53:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586177621; bh=bJ6dHQ+dU4Gwaqq98S5TKRBD0OIF5fwK51njnQkIHpA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=GjrZbmPPR6KGv95jck7xM0A0OUTHFTE3Aw9ztAQC0gH+2jFYRKd3EE346MvrOUcn6 GeZ1OEonLUZz736ojym0weT6lIc5dFFTI/pqOJBXpioOAw6rEM4av2Ssd676414zRo qdf37HZLNr0OW81BXTSlmwteh+hW2j3dNsK9c8mM= Date: Mon, 6 Apr 2020 14:53:37 +0200 From: Jessica Yu To: Peter Zijlstra Cc: Miroslav Benes , Josh Poimboeuf , linux-kernel@vger.kernel.org, Thomas Gleixner , keescook@chromium.org Subject: Re: [PATCH] module: Harden STRICT_MODULE_RWX Message-ID: <20200406125336.GA21006@linux-8ccs> References: <20200403163716.GV20730@hirez.programming.kicks-ass.net> <20200403165631.hrxxm3pnzqa4vxln@treble> <20200406104615.GA9629@linux-8ccs> <20200406112732.GK20730@hirez.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20200406112732.GK20730@hirez.programming.kicks-ass.net> X-OS: Linux linux-8ccs 4.12.14-lp150.12.61-default x86_64 User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +++ Peter Zijlstra [06/04/20 13:27 +0200]: >On Mon, Apr 06, 2020 at 12:46:17PM +0200, Jessica Yu wrote: >> +++ Miroslav Benes [06/04/20 11:55 +0200]: >> > On Fri, 3 Apr 2020, Josh Poimboeuf wrote: >> > >> > > On Fri, Apr 03, 2020 at 06:37:16PM +0200, Peter Zijlstra wrote: >> > > > +{ >> > > > + int i; >> > > > + >> > > > + for (i = 0; i < hdr->e_shnum; i++) { >> > > > + if (sechdrs[i].sh_flags & (SHF_EXECINSTR|SHF_WRITE)) >> > > > + return -ENOEXEC; >> > > >> > > I think you only want the error when both are set? >> > > >> > > if (sechdrs[i].sh_flags & (SHF_EXECINSTR|SHF_WRITE) == (SHF_EXECINSTR|SHF_WRITE)) >> > >> > A section with SHF_EXECINSTR and SHF_WRITE but without SHF_ALLOC would be >> > strange though, no? It wouldn't be copied to the final module later >> > anyway. >> >> That's right - move_module() ignores !SHF_ALLOC sections and does not >> copy them over to their final location. So I think we want to look for >> SHF_EXECINSTR|SHF_WRITE|SHF_ALLOC here.. > >So I did notice that !SHF_ALLOC sections get ignored, but since this >check is about W^X we don't strictly care about SHF_ALLOC. What we care >about it never allowing a writable and executable map. > >Adding ALLOC to the test only allows for future mistakes and doesn't >make the check any better. Ugh sorry, my brain shorted out and for some reason I mistakenly thought the check excluded SHF_WRITE|SHF_EXECINSTR|SHF_ALLOC sections. It doesn't obviously. Sorry for the noise.