lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Zet61a2jTaSV1eF0@gmail.com>
Date: Fri, 8 Mar 2024 12:53:41 -0800
From: Calvin Owens <jcalvinowens@...il.com>
To: Christophe Leroy <christophe.leroy@...roup.eu>
Cc: Luis Chamberlain <mcgrof@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Alexei Starovoitov <ast@...nel.org>,
	Steven Rostedt <rostedt@...dmis.org>,
	Daniel Borkmann <daniel@...earbox.net>,
	Andrii Nakryiko <andrii@...nel.org>,
	Masami Hiramatsu <mhiramat@...nel.org>,
	Naveen N Rao <naveen.n.rao@...ux.ibm.com>,
	Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>,
	David S Miller <davem@...emloft.net>,
	Thomas Gleixner <tglx@...utronix.de>,
	"bpf@...r.kernel.org" <bpf@...r.kernel.org>,
	"linux-modules@...r.kernel.org" <linux-modules@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [RFC][PATCH 1/4] module: mm: Make module_alloc() generally
 available

On Thursday 03/07 at 14:43 +0000, Christophe Leroy wrote:
> Hi Calvin,
> 
> Le 06/03/2024 à 21:05, Calvin Owens a écrit :
> > [Vous ne recevez pas souvent de courriers de jcalvinowens@...il.com. Découvrez pourquoi ceci est important à https://aka.ms/LearnAboutSenderIdentification ]
> > 
> > Both BPF_JIT and KPROBES depend on CONFIG_MODULES, but only require
> > module_alloc() itself, which can be easily separated into a standalone
> > allocator for executable kernel memory.
> 
> Easily maybe, but not as easily as you think, see below.
> 
> > 
> > Thomas Gleixner sent a patch to do that for x86 as part of a larger
> > series a couple years ago:
> > 
> >      https://lore.kernel.org/all/20220716230953.442937066@linutronix.de/
> > 
> > I've simply extended that approach to the whole kernel.
> > 
> > Signed-off-by: Calvin Owens <jcalvinowens@...il.com>
> > ---
> >   arch/Kconfig                     |   2 +-
> >   arch/arm/kernel/module.c         |  35 ---------
> >   arch/arm/mm/Makefile             |   2 +
> >   arch/arm/mm/module_alloc.c       |  40 ++++++++++
> >   arch/arm64/kernel/module.c       | 127 ------------------------------
> >   arch/arm64/mm/Makefile           |   1 +
> >   arch/arm64/mm/module_alloc.c     | 130 +++++++++++++++++++++++++++++++
> >   arch/loongarch/kernel/module.c   |   6 --
> >   arch/loongarch/mm/Makefile       |   2 +
> >   arch/loongarch/mm/module_alloc.c |  10 +++
> >   arch/mips/kernel/module.c        |  10 ---
> >   arch/mips/mm/Makefile            |   2 +
> >   arch/mips/mm/module_alloc.c      |  13 ++++
> >   arch/nios2/kernel/module.c       |  20 -----
> >   arch/nios2/mm/Makefile           |   2 +
> >   arch/nios2/mm/module_alloc.c     |  22 ++++++
> >   arch/parisc/kernel/module.c      |  12 ---
> >   arch/parisc/mm/Makefile          |   1 +
> >   arch/parisc/mm/module_alloc.c    |  15 ++++
> >   arch/powerpc/kernel/module.c     |  36 ---------
> >   arch/powerpc/mm/Makefile         |   1 +
> >   arch/powerpc/mm/module_alloc.c   |  41 ++++++++++
> 
> Missing several powerpc changes to make it work. You must audit every 
> use of CONFIG_MODULES inside powerpc. Here are a few exemples:
> 
> Function get_patch_pfn() to enable text code patching.
> 
> arch/powerpc/Kconfig : 	select KASAN_VMALLOC			if KASAN && MODULES
> 
> arch/powerpc/include/asm/kasan.h:
> 
> #if defined(CONFIG_MODULES) && defined(CONFIG_PPC32)
> #define KASAN_KERN_START	ALIGN_DOWN(PAGE_OFFSET - SZ_256M, SZ_256M)
> #else
> #define KASAN_KERN_START	PAGE_OFFSET
> #endif
> 
> arch/powerpc/kernel/head_8xx.S and arch/powerpc/kernel/head_book3s_32.S: 
> InstructionTLBMiss interrupt handler must know that there is executable 
> kernel text outside kernel core.
> 
> Function is_module_segment() to identified segments used for module text 
> and set NX (NoExec) MMU flag on non-module segments.

Thanks Christophe, I'll fix that up.

I'm sure there are many other issues like this in the arch stuff here,
I'm going to run them all through QEMU to catch everything I can before
the next respin.

> >   arch/riscv/kernel/module.c       |  11 ---
> >   arch/riscv/mm/Makefile           |   1 +
> >   arch/riscv/mm/module_alloc.c     |  17 ++++
> >   arch/s390/kernel/module.c        |  37 ---------
> >   arch/s390/mm/Makefile            |   1 +
> >   arch/s390/mm/module_alloc.c      |  42 ++++++++++
> >   arch/sparc/kernel/module.c       |  31 --------
> >   arch/sparc/mm/Makefile           |   2 +
> >   arch/sparc/mm/module_alloc.c     |  31 ++++++++
> >   arch/x86/kernel/ftrace.c         |   2 +-
> >   arch/x86/kernel/module.c         |  56 -------------
> >   arch/x86/mm/Makefile             |   2 +
> >   arch/x86/mm/module_alloc.c       |  59 ++++++++++++++
> >   fs/proc/kcore.c                  |   2 +-
> >   kernel/module/Kconfig            |   1 +
> >   kernel/module/main.c             |  17 ----
> >   mm/Kconfig                       |   3 +
> >   mm/Makefile                      |   1 +
> >   mm/module_alloc.c                |  21 +++++
> >   mm/vmalloc.c                     |   2 +-
> >   42 files changed, 467 insertions(+), 402 deletions(-)
> 
> ...
> 
> > diff --git a/mm/Kconfig b/mm/Kconfig
> > index ffc3a2ba3a8c..92bfb5ae2e95 100644
> > --- a/mm/Kconfig
> > +++ b/mm/Kconfig
> > @@ -1261,6 +1261,9 @@ config LOCK_MM_AND_FIND_VMA
> >   config IOMMU_MM_DATA
> >          bool
> > 
> > +config MODULE_ALLOC
> > +       def_bool n
> > +
> 
> I'd call it something else than CONFIG_MODULE_ALLOC as you want to use 
> it when CONFIG_MODULE is not selected.
> 
> Something like CONFIG_EXECMEM_ALLOC or CONFIG_DYNAMIC_EXECMEM ?
> 
> 
> 
> Christophe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ