| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Jun 2009 11:53:32 -0400 From: Siarhei Liakh <sliakh.lkml@...il.com> To: Ingo Molnar <mingo@...e.hu> Cc: James Morris <jmorris@...ei.org>, Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Arjan van de Ven <arjan@...radead.org>, Andi Kleen <ak@....de>, Rusty Russell <rusty@...tcorp.com.au>, Thomas Gleixner <tglx@...utronix.de>, "H. Peter Anvin" <hpa@...or.com> Subject: Re: [PATCH] RO/NX protection for loadable kernel modules On Tue, Jun 23, 2009 at 6:00 AM, Ingo Molnar<mingo@...e.hu> wrote: > > * James Morris <jmorris@...ei.org> wrote: > >> On Thu, 18 Jun 2009, Siarhei Liakh wrote: >> >> > This patch is a logical extension of the protection provided by >> > CONFIG_DEBUG_RODATA to LKMs. The protection is provided by splitting >> > module_core and module_init into three logical parts each and setting >> > appropriate page access permissions for each individual section: >> > >> > 1. Code: RO+X >> > 2. RO data: RO+NX >> > 3. RW data: RW+NX >> > >> > In order to achieve proper protection, layout_sections() have been >> > modified to align each of the three parts mentioned above onto page >> > boundary. Next, the corresponding page access permissions are set >> > right before successful exit from load_module(). Further, >> > module_free() have been modified to set module_core or module_init as >> > RW+NX right before calling vfree(). Functionality of this patch is >> > enabled only when CONFIG_DEBUG_RODATA defined at compile time. >> > >> >> This looks potentially useful to me, but I'm not an x86 expert >> (several now added to Cc:). > > Pinged a few folks about this already. It looks useful, with the > main worry being: > > 1) the increase in effective module size (probably worth the price) > 2) some uglies in the patch (fixable) > > The main ugliness is the excessive use of #ifdefs - those should be > eliminated. Also, most scripts/checkpatch.pl warnings about this > patch should be taken seriously. > > Ingo 1: You are correct. This patch effectively sets the lower limit of 3 pages for a module (well, there are some modules that do not have .text and/or .data, but we are not talking about these extremes). So, for small (sub-one-page) modules this will create 300% overhead. However, for large modules the overhead is not that significant. 2: Agree. Will fix. The main reason the #ifdefs are there is to make this patch dependent on CONFIG_DEBUG_RODATA, since not everyone may be willing to pay 300% overhead for the modules they use. I guess I could do some code re-factoring, but #ifdefs will still be there. Or did you really mean to eliminate all of them, making this patch a permanent feature of the kernel? Can you please point me into right direction on how to eliminate the #ifdefs while allowing to exclude the patch at compile time if necessary? Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists