Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1311907pxa; Thu, 13 Aug 2020 06:08:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzgrUYNNQaUAOsK0SUV8n1pY4J9eFYVS3zYqYzVQQnlondhNbpncEXh6JKqa5IRcNnIN/J3 X-Received: by 2002:a50:da44:: with SMTP id a4mr4747758edk.36.1597324099678; Thu, 13 Aug 2020 06:08:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597324099; cv=none; d=google.com; s=arc-20160816; b=utl5CoOrfD+Bdd0fDxwcE+jgcLDNL7jXv8WnN9G+hllB0ICCQcWBrUL5RuJzus7tmC qBbOtZpwru/uxvkELPAKueFTf/xCYy4JtD87MW2jO79gZVrDMGzWzedDhQQPspuSoWkb 8Byl09bzYOOeYSWa0CodeGyy3UG9yyCkUhdxQAfWHhCdU21snnqgdLlu+5iz27O3HU9T r5otcnpEWQvUY0L2g/+E/a3DU6JCgoz+nQgBHbnBLhFPMwK6BVBY+/F5uLm6qJy6SQSN sc4UDvszMJrYMgPFn74ASAUym5X9GeJvNkLf4Yr4VmyTq3AdhQSEmslH8R9meO/2MrQa bxig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=aUrdC7BjrMyddwq11z4yIb7jUkTQ5qki7kurpRx3Ukc=; b=XfiKyYW0v9wDFEd4wqdBanRLsRWtsQmzFBzA1c55gEsBmHEXPSp3qV5g0ySoxB2Qay //wvX3h2J2M9EtuS2dKFZmVO2H+QwEKCiAN4mnZ+58q45PNHpJCt1I2O684sGMqnX7Ws 0f4qJ3SXYJJFmuAhhDJl+s2+cYzzuM5aiI7c6BYo01xCrhggCslbkBlcmWQHEIAndsyQ WwOxpznJ7q2KHdClXJE7NGnEMgSi39AeGPKG/0Qkw/M1D7EXF/PBvMJ4WKjXQry7eSMq mkCvxc0E7st5j1iBuTnfADZwnWHf2kWLjM+FfiyTt3G3ccjOCiybFw/4nVI8lacaKxcO +wNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=twReRzYk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a3si3348864ejd.449.2020.08.13.06.07.54; Thu, 13 Aug 2020 06:08:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=twReRzYk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726576AbgHMNEb (ORCPT + 99 others); Thu, 13 Aug 2020 09:04:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:57274 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726427AbgHMNE2 (ORCPT ); Thu, 13 Aug 2020 09:04:28 -0400 Received: from linux-8ccs (p57a236d4.dip0.t-ipconnect.de [87.162.54.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BFA37207DA; Thu, 13 Aug 2020 13:04:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597323868; bh=Nuw5mIFQBrem99QMknSs/J0bUVGvpZ6iKTJjKn2hiSI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=twReRzYklTVmelZWwGuHgx9+OlEATxb4XaOrAYWdecQZE6U1rPnRGX5muT0SVuZgo acnHgw0lCpoHdefJWsQBld+9zm3AKdDqcf+Py7UVBDSSLe7QObRZYOYtt6prRFcZue XN4J1JGcZMXgCfCFSCL5q/8WCvLH5bhMZ1TWVmmE= Date: Thu, 13 Aug 2020 15:04:22 +0200 From: Jessica Yu To: Ard Biesheuvel Cc: Peter Zijlstra , Szabolcs Nagy , Will Deacon , Mauro Carvalho Chehab , Linux Kernel Mailing List , Thomas Gleixner , Kees Cook , Josh Poimboeuf , Miroslav Benes , Mark Rutland , nd Subject: Re: [PATCH v2] module: Harden STRICT_MODULE_RWX Message-ID: <20200813130422.GA16938@linux-8ccs> References: <20200811172738.2d632a09@coco.lan> <20200811160134.GA13652@linux-8ccs> <20200812104005.GN2674@hirez.programming.kicks-ass.net> <20200812125645.GA8675@willie-the-truck> <20200812141557.GQ14398@arm.com> <20200812160017.GA30302@linux-8ccs> <20200812200019.GY3982@worktop.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: X-OS: Linux linux-8ccs 5.8.0-rc6-lp150.12.61-default+ x86_64 User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +++ Ard Biesheuvel [13/08/20 10:36 +0200]: >On Wed, 12 Aug 2020 at 22:00, Peter Zijlstra wrote: >> >> On Wed, Aug 12, 2020 at 06:37:57PM +0200, Ard Biesheuvel wrote: >> > I know there is little we can do at this point, apart from ignoring >> > the permissions - perhaps we should just defer the w^x check until >> > after calling module_frob_arch_sections()? >> >> My earlier suggestion was to ignore it for 0-sized sections. > >Only they are 1 byte sections in this case. > >We override the sh_type and sh_flags explicitly for these sections at >module load time, so deferring the check seems like a reasonable >alternative to me. So module_enforce_rwx_sections() is already called after module_frob_arch_sections() - which really baffled me at first, since sh_type and sh_flags should have been set already in module_frob_arch_sections(). I added some debug prints to see which section the module code was tripping on, and it was .text.ftrace_trampoline. See this snippet from arm64's module_frob_arch_sections(): else if (IS_ENABLED(CONFIG_DYNAMIC_FTRACE) && !strcmp(secstrings + sechdrs[i].sh_name, ".text.ftrace_trampoline")) tramp = sechdrs + i; Since Mauro's config doesn't have CONFIG_DYNAMIC_FTRACE enabled, tramp is never set here and the if (tramp) check at the end of the function fails, so its section flags are never set, so they remain WAX and fail the rwx check.