| Message ID | a20285472ad0a0a13a1d93c4707180be5b4fa092.1643282353.git.christophe.leroy@csgroup.eu (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Allocate module text and data separately | expand |
On Thu, Jan 27, 2022 at 11:28:12AM +0000, Christophe Leroy wrote: > book3s/32 and 8xx have a separate area for allocating modules, > defined by MODULES_VADDR / MODULES_END. > > On book3s/32, it is not possible to protect against execution > on a page basis. A full 256M segment is either Exec or NoExec. > The module area is in an Exec segment while vmalloc area is > in a NoExec segment. > > In order to protect module data against execution, select > ARCH_WANTS_MODULES_DATA_IN_VMALLOC. > > For the 8xx (and possibly other 32 bits platform in the future), > there is no such constraint on Exec/NoExec protection, however > there is a critical distance between kernel functions and callers > that needs to remain below 32Mbytes in order to avoid costly > trampolines. By allocating data outside of module area, we > increase the chance for module text to remain within acceptable > distance from kernel core text. > > So select ARCH_WANTS_MODULES_DATA_IN_VMALLOC for 8xx as well. > > Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> > Cc: Michael Ellerman <mpe@ellerman.id.au> > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> > Cc: Paul Mackerras <paulus@samba.org> Cc list first and then the SOB. Luis
Luis Chamberlain <mcgrof@kernel.org> writes: > On Thu, Jan 27, 2022 at 11:28:12AM +0000, Christophe Leroy wrote: >> book3s/32 and 8xx have a separate area for allocating modules, >> defined by MODULES_VADDR / MODULES_END. >> >> On book3s/32, it is not possible to protect against execution >> on a page basis. A full 256M segment is either Exec or NoExec. >> The module area is in an Exec segment while vmalloc area is >> in a NoExec segment. >> >> In order to protect module data against execution, select >> ARCH_WANTS_MODULES_DATA_IN_VMALLOC. >> >> For the 8xx (and possibly other 32 bits platform in the future), >> there is no such constraint on Exec/NoExec protection, however >> there is a critical distance between kernel functions and callers >> that needs to remain below 32Mbytes in order to avoid costly >> trampolines. By allocating data outside of module area, we >> increase the chance for module text to remain within acceptable >> distance from kernel core text. >> >> So select ARCH_WANTS_MODULES_DATA_IN_VMALLOC for 8xx as well. >> >> Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> >> Cc: Michael Ellerman <mpe@ellerman.id.au> >> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> >> Cc: Paul Mackerras <paulus@samba.org> > > Cc list first and then the SOB. Just delete the Cc: list, it's meaningless. cheers
Le 03/02/2022 à 06:39, Michael Ellerman a écrit : > Luis Chamberlain <mcgrof@kernel.org> writes: >> On Thu, Jan 27, 2022 at 11:28:12AM +0000, Christophe Leroy wrote: >>> book3s/32 and 8xx have a separate area for allocating modules, >>> defined by MODULES_VADDR / MODULES_END. >>> >>> On book3s/32, it is not possible to protect against execution >>> on a page basis. A full 256M segment is either Exec or NoExec. >>> The module area is in an Exec segment while vmalloc area is >>> in a NoExec segment. >>> >>> In order to protect module data against execution, select >>> ARCH_WANTS_MODULES_DATA_IN_VMALLOC. >>> >>> For the 8xx (and possibly other 32 bits platform in the future), >>> there is no such constraint on Exec/NoExec protection, however >>> there is a critical distance between kernel functions and callers >>> that needs to remain below 32Mbytes in order to avoid costly >>> trampolines. By allocating data outside of module area, we >>> increase the chance for module text to remain within acceptable >>> distance from kernel core text. >>> >>> So select ARCH_WANTS_MODULES_DATA_IN_VMALLOC for 8xx as well. >>> >>> Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> >>> Cc: Michael Ellerman <mpe@ellerman.id.au> >>> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> >>> Cc: Paul Mackerras <paulus@samba.org> >> >> Cc list first and then the SOB. > > Just delete the Cc: list, it's meaningless. > Was an easy way to copy you automatically with 'git send-email', but getting it through linuxppc-dev list is enough I guess ? Christophe
Christophe Leroy <christophe.leroy@csgroup.eu> writes: > Le 03/02/2022 à 06:39, Michael Ellerman a écrit : >> Luis Chamberlain <mcgrof@kernel.org> writes: >>> On Thu, Jan 27, 2022 at 11:28:12AM +0000, Christophe Leroy wrote: >>>> book3s/32 and 8xx have a separate area for allocating modules, >>>> defined by MODULES_VADDR / MODULES_END. >>>> >>>> On book3s/32, it is not possible to protect against execution >>>> on a page basis. A full 256M segment is either Exec or NoExec. >>>> The module area is in an Exec segment while vmalloc area is >>>> in a NoExec segment. >>>> >>>> In order to protect module data against execution, select >>>> ARCH_WANTS_MODULES_DATA_IN_VMALLOC. >>>> >>>> For the 8xx (and possibly other 32 bits platform in the future), >>>> there is no such constraint on Exec/NoExec protection, however >>>> there is a critical distance between kernel functions and callers >>>> that needs to remain below 32Mbytes in order to avoid costly >>>> trampolines. By allocating data outside of module area, we >>>> increase the chance for module text to remain within acceptable >>>> distance from kernel core text. >>>> >>>> So select ARCH_WANTS_MODULES_DATA_IN_VMALLOC for 8xx as well. >>>> >>>> Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> >>>> Cc: Michael Ellerman <mpe@ellerman.id.au> >>>> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> >>>> Cc: Paul Mackerras <paulus@samba.org> >>> >>> Cc list first and then the SOB. >> >> Just delete the Cc: list, it's meaningless. >> > > Was an easy way to copy you automatically with 'git send-email', but > getting it through linuxppc-dev list is enough I guess ? It's useful for making the tooling Cc the right people, it's fine to use them for that. But there's no value in committing them to the git history, I actively strip them when applying. The fact that someone is Cc'ed on a patch tells you nothing, given the volume of mail maintainers receive. The link tag back to the original submission gives you the Cc list anyway. cheers
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index b779603978e1..242eed8cedf8 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -152,6 +152,7 @@ config PPC select ARCH_WANT_IPC_PARSE_VERSION select ARCH_WANT_IRQS_OFF_ACTIVATE_MM select ARCH_WANT_LD_ORPHAN_WARN + select ARCH_WANTS_MODULES_DATA_IN_VMALLOC if PPC_BOOK3S_32 || PPC_8xx select ARCH_WEAK_RELEASE_ACQUIRE select BINFMT_ELF select BUILDTIME_TABLE_SORT
book3s/32 and 8xx have a separate area for allocating modules, defined by MODULES_VADDR / MODULES_END. On book3s/32, it is not possible to protect against execution on a page basis. A full 256M segment is either Exec or NoExec. The module area is in an Exec segment while vmalloc area is in a NoExec segment. In order to protect module data against execution, select ARCH_WANTS_MODULES_DATA_IN_VMALLOC. For the 8xx (and possibly other 32 bits platform in the future), there is no such constraint on Exec/NoExec protection, however there is a critical distance between kernel functions and callers that needs to remain below 32Mbytes in order to avoid costly trampolines. By allocating data outside of module area, we increase the chance for module text to remain within acceptable distance from kernel core text. So select ARCH_WANTS_MODULES_DATA_IN_VMALLOC for 8xx as well. Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> --- arch/powerpc/Kconfig | 1 + 1 file changed, 1 insertion(+)