Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp1066071pxb; Wed, 1 Sep 2021 16:41:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzrX5D1tc1Z6T/4fEo6Lo8mw/L1HWjpjmmU91IxQ08jlGgbVfaamxQH7FvBCJTU3V20w5f2 X-Received: by 2002:a92:d650:: with SMTP id x16mr173760ilp.253.1630539670906; Wed, 01 Sep 2021 16:41:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630539670; cv=none; d=google.com; s=arc-20160816; b=CDzClemblkUV0Wy99y9Eog+cWKGUuQQ0Tz/T7cI3Vyv/x/alZ5fAYK5AUmE87pPHJ4 QRp6ekP9SzPVw5/cmIHSLpWJ5jHzReUejSQZv9vGP5r18hrlEO2c00adbEcZXYRZNEdB ExqN9p2L8Hwzv/CPBSWEPho3/3Ad6+v6KG+2Sy7O99CLCEYjjedatJuYOFEGVEPTEOGH gRKhwnJELZOsW0uHgGm6knIGgIexAnNaZWwYSnVT7QsrwuWAB3MT6W/jrhxjuvkpaU+c pTqxezAssjza5vt90og0jgB3IRAF8qrUMCb5O1umLbsQ+UWf6IzubUUYUvsr/hlqz4Zo jueQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=VvPvP0nRsxQ3kkX46yakySUL2CaA4lERj2AqfItHK10=; b=uw6lSj35TwH6g/0ylq+OuUF+wV55kXOWWYWff/VhLklitS16IgHqIZXcPYfAyUwljc mLGESbFRNurMyjUGTpvU6FZKHdF8cjS5Yuy7p6WLgRaZbRRVhOwjHN43FfLn99kckpwR DTMjDg5HTJw8NXaTgfoGNx6jfd4sUuZlUdRSh+jXUa3WLarw2OPPM/c+sI2TT1+23ORW QuBLewOmmDELbFwJpQWHCpNmlhuGsjMdYrdDRZtZzY91QdZ2kcUjSAJR2f4eN3MVqg4b ovRpBJdE63ojsjFHxMjn/1k0E7e6yr5IgY7Ut8i4ADPzD+9FRR6bBpvoI6UQ7LWtUC+i WEwQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DwoX6EoL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e101si74780jai.50.2021.09.01.16.40.59; Wed, 01 Sep 2021 16:41:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DwoX6EoL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243129AbhIAXjG (ORCPT + 99 others); Wed, 1 Sep 2021 19:39:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242439AbhIAXi7 (ORCPT ); Wed, 1 Sep 2021 19:38:59 -0400 Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 554F8C061575 for ; Wed, 1 Sep 2021 16:38:02 -0700 (PDT) Received: by mail-pf1-x433.google.com with SMTP id 2so176998pfo.8 for ; Wed, 01 Sep 2021 16:38:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VvPvP0nRsxQ3kkX46yakySUL2CaA4lERj2AqfItHK10=; b=DwoX6EoLPPfWYs1uWTq18V8HVxBlevpESu8u4ShmR/6zIERDN5mRiVY3osfpafSTuf xwTY1WuqT9sGbJG8RMqfCyKnJkFuIpiREO+0P7yznZjqdkamQkvs4eiv59hVUM7tKPpw lTOzSQM923igOuXmyStOd8iiJIiT3aVbsMcO0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VvPvP0nRsxQ3kkX46yakySUL2CaA4lERj2AqfItHK10=; b=mSDOoNZkXAfiWa+ON3u/q+l4gx0YCM9q+BTMYizP40YJwLjOVLF+N/WTI7srYunVyL kBzuKoqvExGuqlcgFeKMigLs11Ocrm5WDMRfRyEesaeZVmKz8MLtCfhZnAhenXexigf4 NRtvXtiFj0DyOUd8O1m7ifshu91FC+XG8604WMxff1AZoM4vaDsF9RqeZTjJFIfpc+SR fLZy4tZ94/OzaDy8qvmtLI4UOM9E7VqyCSXrKsAxpAvGqFUvkMdgufK/+4DVFvoaK0gM NAx+v6w6QrtKmn1Jlx5juqawqSkmFMkqDszUs3ldzyqqHgXzcX+C3ATbvSI1hm0HwCrj LVOw== X-Gm-Message-State: AOAM533WqJXy5RN+2HB6k7Y7CrpT7q94V/mh9ZSb7l5pR0lD/H85vpzU NAYVxauXbGty0fZN671fFZR6uw== X-Received: by 2002:a63:b91d:: with SMTP id z29mr207957pge.436.1630539481956; Wed, 01 Sep 2021 16:38:01 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id a142sm80572pfd.172.2021.09.01.16.37.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Sep 2021 16:37:59 -0700 (PDT) From: Kees Cook To: Josh Poimboeuf Cc: Kees Cook , Arnd Bergmann , Jessica Yu , Peter Zijlstra , linux-arch@vger.kernel.org, Heiko Carstens , Vasily Gorbik , Christian Borntraeger , Alexander Egorenkov , Sven Schnelle , Ilya Leoshkevich , "Steven Rostedt (VMware)" , Ingo Molnar , Sami Tolvanen , linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 3/4] module: Use a list of strings for ro_after_init sections Date: Wed, 1 Sep 2021 16:37:56 -0700 Message-Id: <20210901233757.2571878-4-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210901233757.2571878-1-keescook@chromium.org> References: <20210901233757.2571878-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3174; h=from:subject; bh=Ok3nFwFwt1wHYs8UapY8Q4P5KHfmbREksRDyR3/xqoI=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhMA7VgNoX/TyNQu2ZCFYBTWLfvfIumM2gB94VWaFO dyRIIB2JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYTAO1QAKCRCJcvTf3G3AJvAOD/ wPxMVQA6Vmz9d/0SDtspYT1KR1euVl+8Xff9h/ruugR3+rxx879yMUqBZPSVI3PdxwW99f5QcPqSEx b6O5ZSyJQXu98M1iITlyEN/WFiGSXUngPrnfylUHR3k4iGCJQKyuwmImfCtwanF3SBLJtkyFyrLnQv JwtSOBUR3J7wNVtJdytQitI5RRho2650NunUlCWZ0k5vxdc3QteoDmDuucrInUi83T0a3a/KF7PfPs r+TecNOCliA7TRzSgoUNrek3xZy7DEFWRSdSqA1a7NNzoBXOV0AryDuIozXbSY3FdFMOnN7ByucqK5 tt88/yTrCBkICByhkDons8qyuCsZrI0LxkjjUeV5+yOgB4IXqZKHu/Qw02WymJPXZH+WMg1uHbs7Qi aKBsi+k4keSRr0LrTJ+B7cKef+cph9og0yxzvdkCjSNXE04R48baHJ8WWwddqPmZr2trA2UY8MUUb1 smxYUUdThpmqUfVz4t6txKUG/cuQTBXAYaPekWDFtGgwnJUbfCZbgtkd42ak3Jxn6R6E04xOHpMmW8 fkQUDa1HqwCGSBQojbwo22f1Y4Tx4vT6PTCxdDDFHmgemg8IjGUMZACqwSQhCaSPb3KnUxZEfLvvY2 HbLpZQzbst9yCYNXOsrK8I2bsUaV8Bnvg5AsKLJRknfGCApgdbIeuFfreNjw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Instead of open-coding the section names, use a list for the sections that need to be marked read-only after init. Unfortunately, it seems we can't do normal section merging with scripts/module.lds.S as ld.bfd doesn't correctly update symbol tables. For more details, see commit 6a3193cdd5e5 ("kbuild: lto: Merge module sections if and only if CONFIG_LTO_CLANG is enabled"). Cc: Arnd Bergmann Cc: Jessica Yu Cc: Josh Poimboeuf Cc: Peter Zijlstra (Intel) Cc: linux-arch@vger.kernel.org Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 4 +++- kernel/module.c | 28 ++++++++++++++++------------ 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 4781a8154254..d532baadaeae 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -418,7 +418,9 @@ /* * Allow architectures to handle ro_after_init data on their - * own by defining an empty RO_AFTER_INIT_DATA. + * own by defining an empty RO_AFTER_INIT_DATA. Any sections + * added here must be explicitly marked SHF_RO_AFTER_INIT + * via module_sections_ro_after_init[] in kernel/module.c. */ #ifndef RO_AFTER_INIT_DATA #define RO_AFTER_INIT_DATA \ diff --git a/kernel/module.c b/kernel/module.c index ed13917ea5f3..b0ff82cc48fe 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -3514,10 +3514,21 @@ static bool blacklisted(const char *module_name) } core_param(module_blacklist, module_blacklist, charp, 0400); +/* + * List of sections to be marked read-only after init. This should match + * the RO_AFTER_INIT_DATA macro in include/asm-generic/vmlinux.lds.h. + */ +static const char * const module_sections_ro_after_init[] = { + ".data..ro_after_init", + "__jump_table", + NULL +}; + static struct module *layout_and_allocate(struct load_info *info, int flags) { struct module *mod; unsigned int ndx; + const char * const *section; int err; err = check_modinfo(info->mod, info, flags); @@ -3543,18 +3554,11 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) * layout_sections() can put it in the right place. * Note: ro_after_init sections also have SHF_{WRITE,ALLOC} set. */ - ndx = find_sec(info, ".data..ro_after_init"); - if (ndx) - info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; - /* - * Mark the __jump_table section as ro_after_init as well: these data - * structures are never modified, with the exception of entries that - * refer to code in the __init section, which are annotated as such - * at module load time. - */ - ndx = find_sec(info, "__jump_table"); - if (ndx) - info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; + for (section = module_sections_ro_after_init; *section; section++) { + ndx = find_sec(info, *section); + if (ndx) + info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; + } /* * Determine total sizes, and put offsets in sh_entsize. For now -- 2.30.2