| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 May 2017 19:46:04 +0200
From: "Luis R. Rodriguez" <mcgrof@...nel.org>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: Steven Rostedt <rostedt@...dmis.org>,
Kees Cook <keescook@...omium.org>,
LKML <linux-kernel@...r.kernel.org>, x86@...nel.org,
Masami Hiramatsu <mhiramat@...nel.org>,
"Luis R. Rodriguez" <mcgrof@...nel.org>,
Peter Zijlstra <peterz@...radead.org>
Subject: Re: [PATCH V2] x86/ftrace: Make sure that ftrace trampolines are not
RWX
On Thu, May 25, 2017 at 10:57:51AM +0200, Thomas Gleixner wrote:
> ftrace use module_alloc() to allocate trampoline pages. The mapping of
> module_alloc() is RWX, which makes sense as the memory is written to right
> after allocation. But nothing makes these pages RO after writing to them.
>
> Add proper set_memory_rw/ro() calls to protect the trampolines after
> modification.
>
> Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
> ---
> arch/x86/kernel/ftrace.c | 20 ++++++++++++++------
> 1 file changed, 14 insertions(+), 6 deletions(-)
>
> --- a/arch/x86/kernel/ftrace.c
> +++ b/arch/x86/kernel/ftrace.c
> @@ -689,8 +689,12 @@ static inline void *alloc_tramp(unsigned
> {
> return module_alloc(size);
> }
> -static inline void tramp_free(void *tramp)
> +static inline void tramp_free(void *tramp, int size)
> {
> + int npages = PAGE_ALIGN(size) >> PAGE_SHIFT;
> +
> + set_memory_nx((unsigned long)tramp, npages);
> + set_memory_rw((unsigned long)tramp, npages);
> module_memfree(tramp);
> }
Can/should module_memfree() just do this for users? With Masami's fix that'd
be 2 users already.
Luis
Powered by blists - more mailing lists