lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230617064421.GQ52412@kernel.org>
Date: Sat, 17 Jun 2023 09:44:21 +0300
From: Mike Rapoport <rppt@...nel.org>
To: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"tglx@...utronix.de" <tglx@...utronix.de>,
	"mcgrof@...nel.org" <mcgrof@...nel.org>,
	"deller@....de" <deller@....de>,
	"davem@...emloft.net" <davem@...emloft.net>,
	"nadav.amit@...il.com" <nadav.amit@...il.com>,
	"linux@...linux.org.uk" <linux@...linux.org.uk>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"linux-mips@...r.kernel.org" <linux-mips@...r.kernel.org>,
	"linux-riscv@...ts.infradead.org" <linux-riscv@...ts.infradead.org>,
	"hca@...ux.ibm.com" <hca@...ux.ibm.com>,
	"catalin.marinas@....com" <catalin.marinas@....com>,
	"kent.overstreet@...ux.dev" <kent.overstreet@...ux.dev>,
	"puranjay12@...il.com" <puranjay12@...il.com>,
	"linux-s390@...r.kernel.org" <linux-s390@...r.kernel.org>,
	"palmer@...belt.com" <palmer@...belt.com>,
	"chenhuacai@...nel.org" <chenhuacai@...nel.org>,
	"tsbogend@...ha.franken.de" <tsbogend@...ha.franken.de>,
	"linux-trace-kernel@...r.kernel.org" <linux-trace-kernel@...r.kernel.org>,
	"linux-parisc@...r.kernel.org" <linux-parisc@...r.kernel.org>,
	"christophe.leroy@...roup.eu" <christophe.leroy@...roup.eu>,
	"x86@...nel.org" <x86@...nel.org>,
	"mpe@...erman.id.au" <mpe@...erman.id.au>,
	"mark.rutland@....com" <mark.rutland@....com>,
	"rostedt@...dmis.org" <rostedt@...dmis.org>,
	"linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>,
	"will@...nel.org" <will@...nel.org>,
	"dinguyen@...nel.org" <dinguyen@...nel.org>,
	"naveen.n.rao@...ux.ibm.com" <naveen.n.rao@...ux.ibm.com>,
	"sparclinux@...r.kernel.org" <sparclinux@...r.kernel.org>,
	"linux-modules@...r.kernel.org" <linux-modules@...r.kernel.org>,
	"bpf@...r.kernel.org" <bpf@...r.kernel.org>,
	"linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>,
	"song@...nel.org" <song@...nel.org>,
	"linux-mm@...ck.org" <linux-mm@...ck.org>,
	"loongarch@...ts.linux.dev" <loongarch@...ts.linux.dev>,
	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>
Subject: Re: [PATCH v2 06/12] mm/execmem: introduce execmem_data_alloc()

On Fri, Jun 16, 2023 at 04:55:53PM +0000, Edgecombe, Rick P wrote:
> On Fri, 2023-06-16 at 11:50 +0300, Mike Rapoport wrote:
> > From: "Mike Rapoport (IBM)" <rppt@...nel.org>
> > 
> > Data related to code allocations, such as module data section, need
> > to
> > comply with architecture constraints for its placement and its
> > allocation right now was done using execmem_text_alloc().
> > 
> > Create a dedicated API for allocating data related to code
> > allocations
> > and allow architectures to define address ranges for data
> > allocations.
> 
> Right now the cross-arch way to specify kernel memory permissions is
> encoded in the function names of all the set_memory_foo()'s. You can't
> just have unified prot names because some arch's have NX and some have
> X bits, etc. CPA wouldn't know if it needs to set or unset a bit if you
> pass in a PROT.

The idea is that allocator never uses CPA. It allocates with the
permissions defined by architecture at the first place and then the callers
might use CPA to change them. Ideally, that shouldn't be needed for
anything but ro_after_init, but we are far from there.

> But then you end up with a new function for *each* combination (i.e.
> set_memory_rox()). I wish CPA has flags like mmap() does, and I wonder
> if it makes sense here instead of execmem_data_alloc().

I don't think execmem should handle all the combinations. The code is
always allocated as ROX for architectures that support text poking and as
RWX for those that don't.

Maybe execmem_data_alloc() will need to able to handle RW and RO data
differently at some point, but that's the only variant I can think of, but
even then I don't expect CPA will be used by execmem. 

We also might move resetting the permissions to default from vmalloc to
execmem, but again, we are far from there.
 
> Maybe that is an overhaul for another day though...

CPA surely needs some love :)

-- 
Sincerely yours,
Mike.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ