Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1312041pxa;
        Thu, 13 Aug 2020 06:08:28 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxR8OoC87Qk7AbX/Tndlb8S7xPnBfND2yhGoGvWZMCf23mM7WJdZeSPtdAYO8uOnEKk/xZs
X-Received: by 2002:a17:906:4dcb:: with SMTP id f11mr4573613ejw.454.1597324108273;
        Thu, 13 Aug 2020 06:08:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1597324108; cv=none;
        d=google.com; s=arc-20160816;
        b=rDm6qvHhlG0S/Qnx/96UlnDidI0G9Uf3OOzxG9ZB7Udw78UmXWC58JVpyiH83XFkZk
         lC7oDe9K5oUuJHqZm7Wfbd93/dKtHjtE3fFvNvADYU90cB/RYP4FkpnyzD8to7YMAuE9
         vT7q3N5f/ejj9BmjoCeLC6jsSvoaeo1nyPHezjiMT1j4pSmCVMaQAzC3pbQsw6d//l0u
         sOBgMSrzcXKqcO264buSWkQzP1df02xTriSy+9+7yUBkgqkVBKojVE6hgTRph+PpuhTy
         ZY/d8+nZ2KytLpfMxVt9nCEjVRehZ1UTpofYrscvg6e2xewss9PPagyCL0cPEvbxaUN5
         KkvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=VwuF/zMtYVIelFkx6ELH0E/1q4DrTcNb15XW4ScgHag=;
        b=bouLeby3/wDkVHmThr8r8j/y7355KKpQlqUbGILQGnjQd+3utRikNXQB42HipBducB
         UHXM5wQTRrQCX05q3ajQsh0x2CQPGcftkJRkzzfEIAMQtM8XuMBXjNZ9KmOaA0UpUXYA
         8xdUbhe6rr1ZHbvE/h/2JxdVi0uOcnlbOqNxaPjY6nRNykqEs06cOiOLD/oPGbI6tOPZ
         BmC2vC2SfLedwvzDPFLTjX9UhHgmqt74pELe5jjsM569CO3EbzYDIWFwQDdvTWXal/ao
         PkAvtFDaoYPR/VjA8WOjIqldvUnw9fBmOZfowdLCr/u7mw2rDIh24nPjTv/1QNeagBs0
         E6+g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=gVBS22cS;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id p8si3137751ejf.352.2020.08.13.06.08.04;
        Thu, 13 Aug 2020 06:08:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=gVBS22cS;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726557AbgHMNH1 (ORCPT <rfc822;rajatbajpailinux@gmail.com>
        + 99 others); Thu, 13 Aug 2020 09:07:27 -0400
Received: from mail.kernel.org ([198.145.29.99]:59390 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726131AbgHMNH0 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 Aug 2020 09:07:26 -0400
Received: from mail-oi1-f173.google.com (mail-oi1-f173.google.com [209.85.167.173])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id D218C2087C
        for <linux-kernel@vger.kernel.org>; Thu, 13 Aug 2020 13:07:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1597324045;
        bh=VcwApqM6DK8ecEh+UIkhoHA0RLne+ZImllm8gN6jcVE=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=gVBS22cSg1yykUPgCjhs3OEKYO/ySG7YzbCnzKWILSmyjDaKbLmHDQjehMjMz7IwJ
         w/Ss5NWKEz3Rb2EGYgpjAEg5aO+EWbfGmCDfByoQUESUJhPEL9fD+FRXtmWTigUPaD
         MIEJqpTkcPNOFN+/7o8/p4gzy0pVFn7CkDVw1Ik8=
Received: by mail-oi1-f173.google.com with SMTP id e6so4961112oii.4
        for <linux-kernel@vger.kernel.org>; Thu, 13 Aug 2020 06:07:25 -0700 (PDT)
X-Gm-Message-State: AOAM5315yP/gX3rk+s13sONRYVBYfRafjTobjBi/mJe/8yo5OaeCeXlJ
        Tkp1zoXVNxYGMNE0QjVBRO4tbFIc0nPoidIJmN8=
X-Received: by 2002:aca:d8c5:: with SMTP id p188mr3103262oig.47.1597324045108;
 Thu, 13 Aug 2020 06:07:25 -0700 (PDT)
MIME-Version: 1.0
References: <20200811172738.2d632a09@coco.lan> <20200811160134.GA13652@linux-8ccs>
 <CAMj1kXF8fm=9CdQykqDbgYCJSP88ezMs3EOosCW+SDi+Lve0zg@mail.gmail.com>
 <20200812104005.GN2674@hirez.programming.kicks-ass.net> <20200812125645.GA8675@willie-the-truck>
 <20200812141557.GQ14398@arm.com> <20200812160017.GA30302@linux-8ccs>
 <CAMj1kXFfSLvujJYk4Em6T+UvAUDW3VX0BibsD43z30Q_TSsehg@mail.gmail.com>
 <20200812200019.GY3982@worktop.programming.kicks-ass.net> <CAMj1kXEn5o_7OOqgcntOPCqBYmpY74OkGqQ_bUBJvHG6Q9GVLA@mail.gmail.com>
 <20200813130422.GA16938@linux-8ccs>
In-Reply-To: <20200813130422.GA16938@linux-8ccs>
From:   Ard Biesheuvel <ardb@kernel.org>
Date:   Thu, 13 Aug 2020 15:07:13 +0200
X-Gmail-Original-Message-ID: <CAMj1kXErCQYNN9r5siGNukc+9KC=QnER8LfFXVfbHdeDivYztg@mail.gmail.com>
Message-ID: <CAMj1kXErCQYNN9r5siGNukc+9KC=QnER8LfFXVfbHdeDivYztg@mail.gmail.com>
Subject: Re: [PATCH v2] module: Harden STRICT_MODULE_RWX
To:     Jessica Yu <jeyu@kernel.org>
Cc:     Peter Zijlstra <peterz@infradead.org>,
        Szabolcs Nagy <szabolcs.nagy@arm.com>,
        Will Deacon <will@kernel.org>,
        Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Kees Cook <keescook@chromium.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Miroslav Benes <mbenes@suse.cz>,
        Mark Rutland <mark.rutland@arm.com>, nd <nd@arm.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 13 Aug 2020 at 15:04, Jessica Yu <jeyu@kernel.org> wrote:
>
> +++ Ard Biesheuvel [13/08/20 10:36 +0200]:
> >On Wed, 12 Aug 2020 at 22:00, Peter Zijlstra <peterz@infradead.org> wrote:
> >>
> >> On Wed, Aug 12, 2020 at 06:37:57PM +0200, Ard Biesheuvel wrote:
> >> > I know there is little we can do at this point, apart from ignoring
> >> > the permissions - perhaps we should just defer the w^x check until
> >> > after calling module_frob_arch_sections()?
> >>
> >> My earlier suggestion was to ignore it for 0-sized sections.
> >
> >Only they are 1 byte sections in this case.
> >
> >We override the sh_type and sh_flags explicitly for these sections at
> >module load time, so deferring the check seems like a reasonable
> >alternative to me.
>
> So module_enforce_rwx_sections() is already called after
> module_frob_arch_sections() - which really baffled me at first, since
> sh_type and sh_flags should have been set already in
> module_frob_arch_sections().
>
> I added some debug prints to see which section the module code was
> tripping on, and it was .text.ftrace_trampoline. See this snippet from
> arm64's module_frob_arch_sections():
>
>                 else if (IS_ENABLED(CONFIG_DYNAMIC_FTRACE) &&
>                          !strcmp(secstrings + sechdrs[i].sh_name,
>                                  ".text.ftrace_trampoline"))
>                         tramp = sechdrs + i;
>
> Since Mauro's config doesn't have CONFIG_DYNAMIC_FTRACE enabled, tramp
> is never set here and the if (tramp) check at the end of the function
> fails, so its section flags are never set, so they remain WAX and fail
> the rwx check.

Right. Our module.lds does not go through the preprocessor, so we
cannot add the #ifdef check there currently. So we should either drop
the IS_ENABLED() check here, or simply rename the section, dropping
the .text prefix (which doesn't seem to have any significance outside
this context)

I'll leave it to Will to make the final call here.