Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp448554pxa; Wed, 12 Aug 2020 06:16:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxeV6zyyOO23hDGjI/2ykSX9yBHp3Fu5G0J8sLWXMhSdyuC/BlD9jFK9uVeNcpnoBFVFBvS X-Received: by 2002:a17:906:ce37:: with SMTP id sd23mr32658806ejb.272.1597238218289; Wed, 12 Aug 2020 06:16:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597238218; cv=none; d=google.com; s=arc-20160816; b=NncRZSMMqFhHzROs3Gk4eOE9bEzloOL3/fcfU5Iq0MSACUS4ZfsGPfPlQqXO8lVm99 UoYPjgMZX1kWXCh6i4ZiqD3p5LgW49q/lzPTAsRPgny+ATpw6HotdaYn5UxbkYHev5IK /y0LMsW5lnlMQ+VcqHJxlWqLR4Qokc8VrEJ1QfuNq/w8VxcmOvIvJQTRLtePe5dwa1Dl ZCbbhtuWpPBCNiqVv5wLpZcEQ7+w5rdiD/Rsa5ErbyPHiBu8VSE1YmGAldEnbzkZojD8 mfJeFfVbflcz9OxvkCqbffLcOpC68OL90tDTl3JVUs8eSbNfzNknGiNjN2egQsoQmD88 OFtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=79Y+QMDHezU/5SURd8Ma018LuzReHRkJThB2i60XPmw=; b=0jJJvP5DzHatLhkeIfKtJGe4Hl1Tu3IA9pV56IR/iH5mztIGYyXf2nJ5OLhn0TA0uW /AFUa5WpJn9v+8oktBm/+Q66mXn07ZIz4rf2qp3NbcJgbtjacx7oxLrepoDfp12ot0LS WBMRzRy4/lwWD6OTxtU7SnnWd31sYH8Ox266xlmwtySOkK1vNbIyWNuzKrRPJvj3A/Ye AYLUDLUVeiuMGLmMhHSkSjO2jwUf6OBda2UD0oIXGNh+n67NXrNrKmVM5xIVmC6BOjER lUQV4FA6caOahQFjUhQrJp3PmxmxoWvTzftNtfia79fP0l7naeJlXM/jl8MOCk/HqGzd cItw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lF32krpO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id si6si1078355ejb.331.2020.08.12.06.16.34; Wed, 12 Aug 2020 06:16:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lF32krpO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727964AbgHLNOq (ORCPT + 99 others); Wed, 12 Aug 2020 09:14:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34920 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727936AbgHLNOp (ORCPT ); Wed, 12 Aug 2020 09:14:45 -0400 Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C4805C06174A for ; Wed, 12 Aug 2020 06:14:44 -0700 (PDT) Received: by mail-io1-xd44.google.com with SMTP id a5so2343230ioa.13 for ; Wed, 12 Aug 2020 06:14:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=79Y+QMDHezU/5SURd8Ma018LuzReHRkJThB2i60XPmw=; b=lF32krpO4NcmaJVg3GSzk3XwJJB5WCYVAl9nrA9tEULjvQDM4/2Esppyr6zdfgJuem lnD6DvUPJh0ZLb3qQT+MUoIpFyTqHaNe1hv5R95tCkzAwQlaAY/1upfAbl3pDehJS9fO qo8gEBztMC/SeqhIHikTr9j2H31MBu3VJ6ikQs/s/OxgWnsmBhnviI3uyFzb9KSBuTzM HB+35g0tGZlRNT3M/6YZn3lkxjSaf66tqhyNIVgmSG0Ef5v4f7x0585NokvUIP0n4oIK iU1XfBLzixoO3EfS4nOygsTzm8bhXAsGtB2QBp+Pd1/H+BmMqwpdPtAIbOE4xZLVPEGu V2tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=79Y+QMDHezU/5SURd8Ma018LuzReHRkJThB2i60XPmw=; b=l/qeeJHoFUOyikfevf7tKy7VJ07ZeQ5qCIj7Jpzduq07RtSyFD5PM3owPvenhRxs0t 5bpkG6uGfe9g/hMnvd0I/VuRtLkVmrtxJI/clnH0u9e7mTvqMnbxGf0UqB7m93UbkA2g 7xHA8UlgpkdMOSY7FUb6KD2rz3g7TqJSS/2lIkN5k+k/mm/6dvuyzxwWUbmcEOiq7x3w x6UGcCx3yd47cJd4EyScgTRFSm8YV0+zBw4CBv1G9CaPDrdzCiAB+Nd/dr5n6oN/jpSg yA3NN5UButDjCNyqkLmXYONAgHQF67ffrMqvBD848n/FjzRyv0JytINJ4IMmRgxS6Rsn LHzA== X-Gm-Message-State: AOAM5324yzzCwFMpVX0xSXnLXhwYtWM7MaoFHVocQC7TopRIXPxJ52zc KCsAsHkdU7chFoI2k+0WcwhyHjZ4jYS9IO+2SzE= X-Received: by 2002:a02:b159:: with SMTP id s25mr31218462jah.4.1597238084132; Wed, 12 Aug 2020 06:14:44 -0700 (PDT) MIME-Version: 1.0 References: <20200403171303.GK20760@hirez.programming.kicks-ass.net> <20200808101222.5103093e@coco.lan> <20200810092523.GA8612@linux-8ccs> <20200810150647.GB8612@linux-8ccs> <20200811163427.6edbf343@coco.lan> <20200811145524.GE2674@hirez.programming.kicks-ass.net> <20200811172738.2d632a09@coco.lan> <20200811160134.GA13652@linux-8ccs> <20200812104005.GN2674@hirez.programming.kicks-ass.net> <20200812114127.GA10824@linux-8ccs.fritz.box> In-Reply-To: <20200812114127.GA10824@linux-8ccs.fritz.box> From: "H.J. Lu" Date: Wed, 12 Aug 2020 06:14:08 -0700 Message-ID: Subject: Re: [PATCH v2] module: Harden STRICT_MODULE_RWX To: Jessica Yu Cc: Peter Zijlstra , Mark Rutland , Kees Cook , Mauro Carvalho Chehab , Linux Kernel Mailing List , Binutils , Josh Poimboeuf , Thomas Gleixner , Miroslav Benes , Ard Biesheuvel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 12, 2020 at 4:42 AM Jessica Yu via Binutils wrote: > > +++ peterz@infradead.org [12/08/20 12:40 +0200]: > >On Wed, Aug 12, 2020 at 10:56:56AM +0200, Ard Biesheuvel wrote: > >> The module .lds has BYTE(0) in the section contents to prevent the > >> linker from pruning them entirely. The (NOLOAD) is there to ensure > >> that this byte does not end up in the .ko, which is more a matter of > >> principle than anything else, so we can happily drop that if it helps. > >> > >> However, this should only affect the PROGBITS vs NOBITS designation, > >> and so I am not sure whether it makes a difference. > >> > >> Depending on where the w^x check occurs, we might simply override the > >> permissions of these sections, and strip the writable permission if it > >> is set in the PLT handling init code, which manipulates the metadata > >> of all these 3 sections before the module space is vmalloc'ed. > > > >What's curious is that this seems the result of some recent binutils > >change. Every build with binutils-2.34 (or older) does not seem to > >generate these as WAX, but has the much more sensible WA. > > > >I suppose we can change the kernel check and 'allow' W^X for 0 sized > >sections, but I think we should still figure out why binutils-2.35 is > >now generating WAX sections all of a sudden, it might come bite us > >elsewhere. > > I have just tested with binutils-2.35 and am observing the same > behavior. Both .plt and .text.ftrace_trampoline end up with > SHT_PROGBITS and are marked 'WAX'. With binutils-2.34 they keep the > NOBITS designation. > > I had thought NOLOAD implies NOBITS, but that doesn't seem to be the > case anymore? I tinkered with module.lds a bit and noticed that the > name of the section seems to matters. So this: > > SECTIONS { > .plt (NOLOAD) : { BYTE(0) } > .init.plt (NOLOAD) : { BYTE(0) } > .text.ftrace_trampoline (NOLOAD) : { BYTE(0) } > + .test (NOLOAD) : { BYTE(0) } > + .text.test (NOLOAD) : { BYTE(0) } > + .plt.test (NOLOAD) : { BYTE(0) } > } > > Yielded the following: > > [22] .plt PROGBITS 0000000000000340 000e40 000001 00 WAX 0 0 1 > [23] .init.plt NOBITS 0000000000000341 000e41 000001 00 WA 0 0 1 > [24] .text.ftrace_trampoline PROGBITS 0000000000000342 000e41 000001 00 WAX 0 0 1 > [25] .test NOBITS 0000000000000343 000e42 000001 00 WA 0 0 1 > [26] .text.test PROGBITS 0000000000000344 000e42 000001 00 WAX 0 0 1 > [27] .plt.test NOBITS 0000000000000345 000e43 000001 00 WA 0 0 1 > > So ".plt" and any section starting with ".text" were automatically > designated as SHT_PROGBITS and given the executable flag. It appears > the NOLOAD directive has been ignored or overridden in the case of > these sections. I am not sure if this is a bug in binutils or if this > behavior is intentional. > > I tried to grok the changelog between 2.34 and 2.35 but could not find > anything glaringly obvious that would cause this change. CC'ing the > binutils mailing list, hopefully that's the right place to ask. > Please open a binutils bug with a testcase. -- H.J.