Message ID | 20191004075050.73327-5-ruscur@russell.cc (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | Implement STRICT_MODULE_RWX for powerpc | expand |
Context | Check | Description |
---|---|---|
snowpatch_ozlabs/apply_patch | success | Successfully applied on branch next (6edfc6487b474fe01857dc3f1a9cd701bb9b21c8) |
snowpatch_ozlabs/build-ppc64le | success | Build succeeded |
snowpatch_ozlabs/build-ppc64be | success | Build succeeded |
snowpatch_ozlabs/build-ppc64e | success | Build succeeded |
snowpatch_ozlabs/build-pmac32 | success | Build succeeded |
snowpatch_ozlabs/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 14 lines checked |
Hi Russell, Tested-by: Daniel Axtens <dja@axtens.net> # e6500 Because ptdump isn't quite working on book3e 64bit atm, I hacked it up to print the raw PTE and the extracted flags. After loading a module, I see the supervisor write bit set without module RWX, and it cleared with module RWX. Modules still seem to work, which is good. There is one small quirk which I mention only for completeness, and it comes from arch/Kconfig: config STRICT_MODULE_RWX bool "Set loadable kernel module data as NX and text as RO" if ARCH_OPTIONAL_KERNEL_RWX ^^^^^^^^^^^^^^^^^^^^^^^^^^^ depends on ARCH_HAS_STRICT_MODULE_RWX && MODULES default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT 64bit Book3E doesn't have ARCH_OPTIONAL_KERNEL_RWX, so the option doesn't show up in the config menus. Instead, we always get the default, which is for it to be enabled. That's probably not a problem (so long as I haven't missed some edge case), but it is a bit weird. I don't think you can fix this without either hacking up arch/Kconfig or actually implementing Strict RWX for book3e. I think both of those are cures worse than the disease, so I think just let it be for now. Regards, Daniel > Whether STRICT_MODULE_RWX is enabled by default depends on powerpc > platform - in arch/Kconfig, STRICT_MODULE_RWX depends on > ARCH_OPTIONAL_KERNEL_RWX, which in arch/powerpc/Kconfig is selected if > ARCH_HAS_STRICT_KERNEL_RWX is selected, which is only true with > CONFIG_RELOCATABLE *disabled*. > > defconfigs like skiroot_defconfig which turn STRICT_KERNEL_RWX on when > it is not already on by default also do NOT enable STRICT_MODULE_RWX > automatically, so it is explicitly enabled there in this patch. > > Thus, on by default for ppc32 only. Module RWX doesn't provide a whole > lot of value with Kernel RWX off, but it doesn't hurt, either. The next > step is to make STRICT_KERNEL_RWX compatible with RELOCATABLE so it can > be on by default. > > Signed-off-by: Russell Currey <ruscur@russell.cc> > --- > arch/powerpc/Kconfig | 1 + > arch/powerpc/configs/skiroot_defconfig | 1 + > 2 files changed, 2 insertions(+) > > diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig > index 8f7005f0d097..212c4d02be40 100644 > --- a/arch/powerpc/Kconfig > +++ b/arch/powerpc/Kconfig > @@ -135,6 +135,7 @@ config PPC > select ARCH_HAS_SCALED_CPUTIME if VIRT_CPU_ACCOUNTING_NATIVE && PPC_BOOK3S_64 > select ARCH_HAS_SET_MEMORY > select ARCH_HAS_STRICT_KERNEL_RWX if ((PPC_BOOK3S_64 || PPC32) && !RELOCATABLE && !HIBERNATION) > + select ARCH_HAS_STRICT_MODULE_RWX > select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST > select ARCH_HAS_UACCESS_FLUSHCACHE > select ARCH_HAS_UACCESS_MCSAFE if PPC64 > diff --git a/arch/powerpc/configs/skiroot_defconfig b/arch/powerpc/configs/skiroot_defconfig > index 1253482a67c0..719d899081b3 100644 > --- a/arch/powerpc/configs/skiroot_defconfig > +++ b/arch/powerpc/configs/skiroot_defconfig > @@ -31,6 +31,7 @@ CONFIG_PERF_EVENTS=y > CONFIG_SLAB_FREELIST_HARDENED=y > CONFIG_JUMP_LABEL=y > CONFIG_STRICT_KERNEL_RWX=y > +CONFIG_STRICT_MODULE_RWX=y > CONFIG_MODULES=y > CONFIG_MODULE_UNLOAD=y > CONFIG_MODULE_SIG=y > -- > 2.23.0
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 8f7005f0d097..212c4d02be40 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -135,6 +135,7 @@ config PPC select ARCH_HAS_SCALED_CPUTIME if VIRT_CPU_ACCOUNTING_NATIVE && PPC_BOOK3S_64 select ARCH_HAS_SET_MEMORY select ARCH_HAS_STRICT_KERNEL_RWX if ((PPC_BOOK3S_64 || PPC32) && !RELOCATABLE && !HIBERNATION) + select ARCH_HAS_STRICT_MODULE_RWX select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST select ARCH_HAS_UACCESS_FLUSHCACHE select ARCH_HAS_UACCESS_MCSAFE if PPC64 diff --git a/arch/powerpc/configs/skiroot_defconfig b/arch/powerpc/configs/skiroot_defconfig index 1253482a67c0..719d899081b3 100644 --- a/arch/powerpc/configs/skiroot_defconfig +++ b/arch/powerpc/configs/skiroot_defconfig @@ -31,6 +31,7 @@ CONFIG_PERF_EVENTS=y CONFIG_SLAB_FREELIST_HARDENED=y CONFIG_JUMP_LABEL=y CONFIG_STRICT_KERNEL_RWX=y +CONFIG_STRICT_MODULE_RWX=y CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_SIG=y
Whether STRICT_MODULE_RWX is enabled by default depends on powerpc platform - in arch/Kconfig, STRICT_MODULE_RWX depends on ARCH_OPTIONAL_KERNEL_RWX, which in arch/powerpc/Kconfig is selected if ARCH_HAS_STRICT_KERNEL_RWX is selected, which is only true with CONFIG_RELOCATABLE *disabled*. defconfigs like skiroot_defconfig which turn STRICT_KERNEL_RWX on when it is not already on by default also do NOT enable STRICT_MODULE_RWX automatically, so it is explicitly enabled there in this patch. Thus, on by default for ppc32 only. Module RWX doesn't provide a whole lot of value with Kernel RWX off, but it doesn't hurt, either. The next step is to make STRICT_KERNEL_RWX compatible with RELOCATABLE so it can be on by default. Signed-off-by: Russell Currey <ruscur@russell.cc> --- arch/powerpc/Kconfig | 1 + arch/powerpc/configs/skiroot_defconfig | 1 + 2 files changed, 2 insertions(+)