From patchwork Thu Nov 20 23:20:40 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Laura Abbott X-Patchwork-Id: 5351291 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 22389C11AC for ; Thu, 20 Nov 2014 23:23:27 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 26AA0201FA for ; Thu, 20 Nov 2014 23:23:27 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E4EA4201EF for ; Thu, 20 Nov 2014 23:23:25 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1Xrb2C-0003KK-HH; Thu, 20 Nov 2014 23:21:08 +0000 Received: from smtp.codeaurora.org ([198.145.11.231]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1Xrb28-0003HY-6E for linux-arm-kernel@lists.infradead.org; Thu, 20 Nov 2014 23:21:05 +0000 Received: from smtp.codeaurora.org (localhost [127.0.0.1]) by smtp.codeaurora.org (Postfix) with ESMTP id C9B08140AC7; Thu, 20 Nov 2014 23:20:41 +0000 (UTC) Received: by smtp.codeaurora.org (Postfix, from userid 486) id B8C37140ACC; Thu, 20 Nov 2014 23:20:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_LOW, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 Received: from [10.42.111.116] (i-global254.qualcomm.com [199.106.103.254]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: lauraa@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id 15DFF140AC7; Thu, 20 Nov 2014 23:20:41 +0000 (UTC) Message-ID: <546E7748.4000603@codeaurora.org> Date: Thu, 20 Nov 2014 15:20:40 -0800 From: Laura Abbott User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Kees Cook Subject: CONFIG_DEBUG_SET_MODULE_RONX broken (was Re: [PATCHv2] arm64: add support to dump the kernel page tables) References: <1416262710-7798-1-git-send-email-lauraa@codeaurora.org> In-Reply-To: X-Virus-Scanned: ClamAV using ClamSMTP X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20141120_152104_399949_A4686A17 X-CRM114-Status: GOOD ( 23.06 ) X-Spam-Score: -0.0 (/) Cc: Mark Rutland , Steve Capper , Catalin Marinas , Rusty Russell , Will Deacon , "linux-arm-kernel@lists.infradead.org" X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP (cc Rusty Russell for reference) On 11/19/2014 3:01 PM, Kees Cook wrote: > On Mon, Nov 17, 2014 at 2:18 PM, Laura Abbott wrote: >> In a similar manner to arm, it's useful to be able to dump the page >> tables to verify permissions and memory types. Add a debugfs file >> to check the page tables. >> >> Signed-off-by: Laura Abbott > > This seems to behave well for me. Thanks! > > Tested-by: Kees Cook > > In my configuration, though, with CONFIG_DEBUG_SET_MODULE_RONX=y, I'm > only seeing RO, and no NX changes. I haven't constructed a test for > the module memory behavior directly (to see if this is a page table > issue or a PTDUMP reporting issue). This series I'm testing has gone > through some backporting on my end, so I wanted to just double-check > and see if you saw this too, or if it's specific to my environment: > > ---[ Modules ]--- > 0xffffffbffc000000-0xffffffbffc005000 20K ro x SHD AF > UXN MEM/NORMAL > 0xffffffbffc005000-0xffffffbffc007000 8K RW x SHD AF > UXN MEM/NORMAL > 0xffffffbffc00c000-0xffffffbffc00e000 8K ro x SHD AF > UXN MEM/NORMAL > 0xffffffbffc00e000-0xffffffbffc010000 8K RW x SHD AF > UXN MEM/NORMAL > ... > > Thanks, > > -Kees > Yep, I'm seeing the same thing. We're failing the bounds check: if (!is_module_address(start) || !is_module_address(end - 1)) return -EINVAL; There are now two problems with this check 1) 4982223e51e8 module: set nx before marking module MODULE_STATE_COMING moved around the order of when nx was set. Now we hit the mod->state == MODULE_STATE_UNFORMED in __module_address so module_address on anything always returns false. I think my previous testing must have been done on a branch without that patch. 2) It's possible for the end of the region we are trying to set as nx to not be fully page size aligned. This seems to be caused by things getting aligned in layout_section but becoming unaligned in layout_symtab I haven't tried a bisect to see if this is new. I'm kind of tempted to switch the bounds check back to (addr >= MODULES_VADDR && addr < MODULES_END) unless there is a clean way to fixup module.c Thanks, Laura diff --git a/kernel/module.c b/kernel/module.c index 972151b..3791330 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2316,10 +2316,14 @@ static void layout_symtab(struct module *mod, struct load_info *info) info->stroffs = mod->core_size = info->symoffs + ndst * sizeof(Elf_Sym); mod->core_size += strtab_size; + mod->core_size = debug_align(mod->core_size); + /* Put string table section at end of init part of module. */ strsect->sh_flags |= SHF_ALLOC; strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect, info->index.str) | INIT_OFFSET_MASK; + + mod->init_size = debug_align(mod->init_size); pr_debug("\t%s\n", info->secstrings + strsect->sh_name); }