From patchwork Wed Dec 12 00:03:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 10725325 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 04FFA159A for ; Wed, 12 Dec 2018 00:12:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E77502B550 for ; Wed, 12 Dec 2018 00:12:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DA9042B583; Wed, 12 Dec 2018 00:12:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 583A52B550 for ; Wed, 12 Dec 2018 00:12:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B61268E00E8; Tue, 11 Dec 2018 19:12:11 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id B12268E00E5; Tue, 11 Dec 2018 19:12:11 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 969FF8E00E8; Tue, 11 Dec 2018 19:12:11 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by kanga.kvack.org (Postfix) with ESMTP id 37A598E00E4 for ; Tue, 11 Dec 2018 19:12:11 -0500 (EST) Received: by mail-pf1-f200.google.com with SMTP id p15so13958736pfk.7 for ; Tue, 11 Dec 2018 16:12:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=aFkerf4UfjublRdDyI4ovkPEU9VLW1HJz1GA1vU6UUQ=; b=tEE5klbysEnOR8khuPacnCSZqsvMiZNqk/cHDO5pL5BdLRXm9cZ6JATy58lfBGoJ/v DHqcj2xh+Kj4AujdXChLRqLBlGVkoOnrCGtPHRDQ9vDjAaI7LOgz5uLelyCapTqR4m8X jnDtzz5CWhovXLY52gdAzmDgKa9q3H2uGwwhrSLmMpL8Jn6GueXY+5O7ipX5i3QZXnZ3 VQIindEjShgcQ60S4Sowg5HypOiRfiLczezHt2VfPKXTdD2pfe2kQGUwY+J8KF2Cjny6 pFhbnCIQuYUSuH6u3jkef0Ywz4x0T8WNfLM1WB6J7SN6Z6V2ZHK+WQHKtnyqGv3UlrSb bpKQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: AA+aEWYbr8PrXPCXID1ISlJ8DWscDmdjn2etWEZ6qLCelbM+q9S3n6o4 3zwN1D3exH5yxsgWiN3zWC4nLJCAWpf4TWXM4fNvE+Y3CO9lgoY6Nr8TgcgFYsHfYVDPP1LlKfj iomqOlkwc2sscPnXbbgNyxufefCIfDYkxejBrlItmLolc0mx3R/KLSIDOzjDVAM6Ylg== X-Received: by 2002:a65:6392:: with SMTP id h18mr16705334pgv.107.1544573530810; Tue, 11 Dec 2018 16:12:10 -0800 (PST) X-Google-Smtp-Source: AFSGD/WB5PUraIH5RgpTWBo6+9sgi3p2dEThlB3lMDRPYb2Bz7WXBBv0c1uJBDjrjqOuFtR2OV6P X-Received: by 2002:a65:6392:: with SMTP id h18mr16705303pgv.107.1544573529939; Tue, 11 Dec 2018 16:12:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544573529; cv=none; d=google.com; s=arc-20160816; b=PzQ+j2AkS7Y2WlFISsp9/Pz90NGDFaLZEb+M0TF/EK2gEtRWegJyCnwCHem8uHMYt3 gnWEhgzabh6+Kexz2ixv17M9kAzKnTl7sqFgfQWnaZ5okgOEcm4gR8D4ZW/VzCwynqHr WdBf5JZPfM6IpdcpKqsqUHCdxXf24CzmDcO/SMBoxFYqlJPzAlgors0hFLghdQOVOaq6 kPNTJiGUyivqt3NK1FbjNDEEpCD2PUC3rZU7j4+nniF0Skpx/zd8JRSb8Wlr7uBl1W5c 9VHp56XtxaIhSvd1g3sqhNvMLCRkVzdzPopsHk4tM9dSRYHyqR3wPRSBSBVvixaV6GGn HH3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=aFkerf4UfjublRdDyI4ovkPEU9VLW1HJz1GA1vU6UUQ=; b=KHeJch/2XQFmRy4h5D6cHIvkbjqvZFo1Vwj88NbRg90K31z8LUikTDrV8VX5SwpYat TUtG7ZktYixzmm3E/iU1ZJseYxtVV8vwhGSu/TUC0E55OyRiWD0HK23F99nuoxrKeYrx 8KZnICP6XKy7ljmZdzgu/xv979ReWtV4XvRjD1xfxOqaxh4RR811P41TBrWpPNbDZJ0s DyZTxhDmswK0AKxwIisCb0I6gkXhYgH4EOj3Y6lAhvLxy1mJPqbBsv2PP9z0Y8PUa0wh cP/gVhzW0+7AO3D+5RC2G7bp8aBDpkJVW8EpATTmVJ5HyGs5pufv+Gk7n3D3wFkix9cK u9wQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga06.intel.com (mga06.intel.com. [134.134.136.31]) by mx.google.com with ESMTPS id f18si13139318pgl.457.2018.12.11.16.12.09 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Dec 2018 16:12:09 -0800 (PST) Received-SPF: pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.31 as permitted sender) client-ip=134.134.136.31; Authentication-Results: mx.google.com; spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Dec 2018 16:12:07 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,343,1539673200"; d="scan'208";a="282839403" Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.141]) by orsmga005.jf.intel.com with ESMTP; 11 Dec 2018 16:12:07 -0800 From: Rick Edgecombe To: akpm@linux-foundation.org, luto@kernel.org, will.deacon@arm.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, naveen.n.rao@linux.vnet.ibm.com, anil.s.keshavamurthy@intel.com, davem@davemloft.net, mhiramat@kernel.org, rostedt@goodmis.org, mingo@redhat.com, ast@kernel.org, daniel@iogearbox.net, jeyu@kernel.org, namit@vmware.com, netdev@vger.kernel.org, ard.biesheuvel@linaro.org, jannh@google.com Cc: kristen@linux.intel.com, dave.hansen@intel.com, deneen.t.dock@intel.com, Rick Edgecombe Subject: [PATCH v2 2/4] modules: Add new special vfree flags Date: Tue, 11 Dec 2018 16:03:52 -0800 Message-Id: <20181212000354.31955-3-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181212000354.31955-1-rick.p.edgecombe@intel.com> References: <20181212000354.31955-1-rick.p.edgecombe@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add new flags for handling freeing of special permissioned memory in vmalloc, and remove places where the handling was done in module.c. This will enable this flag for all architectures. Signed-off-by: Rick Edgecombe --- kernel/module.c | 43 ++++++++++++------------------------------- 1 file changed, 12 insertions(+), 31 deletions(-) diff --git a/kernel/module.c b/kernel/module.c index 49a405891587..910f92b402f8 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -1941,11 +1941,23 @@ void module_disable_ro(const struct module *mod) frob_rodata(&mod->init_layout, set_memory_rw); } +static void module_set_vm_flags(const struct module_layout *layout) +{ + struct vm_struct *vm = find_vm_area(layout->base); + + if (vm) { + vm->flags |= VM_HAS_SPECIAL_PERMS; + vm->flags |= VM_IMMEDIATE_UNMAP; + } +} + void module_enable_ro(const struct module *mod, bool after_init) { if (!rodata_enabled) return; + module_set_vm_flags(&mod->core_layout); + module_set_vm_flags(&mod->init_layout); frob_text(&mod->core_layout, set_memory_ro); frob_rodata(&mod->core_layout, set_memory_ro); frob_text(&mod->init_layout, set_memory_ro); @@ -1964,15 +1976,6 @@ static void module_enable_nx(const struct module *mod) frob_writable_data(&mod->init_layout, set_memory_nx); } -static void module_disable_nx(const struct module *mod) -{ - frob_rodata(&mod->core_layout, set_memory_x); - frob_ro_after_init(&mod->core_layout, set_memory_x); - frob_writable_data(&mod->core_layout, set_memory_x); - frob_rodata(&mod->init_layout, set_memory_x); - frob_writable_data(&mod->init_layout, set_memory_x); -} - /* Iterate through all modules and set each module's text as RW */ void set_all_modules_text_rw(void) { @@ -2016,23 +2019,8 @@ void set_all_modules_text_ro(void) } mutex_unlock(&module_mutex); } - -static void disable_ro_nx(const struct module_layout *layout) -{ - if (rodata_enabled) { - frob_text(layout, set_memory_rw); - frob_rodata(layout, set_memory_rw); - frob_ro_after_init(layout, set_memory_rw); - } - frob_rodata(layout, set_memory_x); - frob_ro_after_init(layout, set_memory_x); - frob_writable_data(layout, set_memory_x); -} - #else -static void disable_ro_nx(const struct module_layout *layout) { } static void module_enable_nx(const struct module *mod) { } -static void module_disable_nx(const struct module *mod) { } #endif #ifdef CONFIG_LIVEPATCH @@ -2163,7 +2151,6 @@ static void free_module(struct module *mod) mutex_unlock(&module_mutex); /* This may be empty, but that's OK */ - disable_ro_nx(&mod->init_layout); module_arch_freeing_init(mod); module_memfree(mod->init_layout.base); kfree(mod->args); @@ -2173,7 +2160,6 @@ static void free_module(struct module *mod) lockdep_free_key_range(mod->core_layout.base, mod->core_layout.size); /* Finally, free the core (containing the module structure) */ - disable_ro_nx(&mod->core_layout); module_memfree(mod->core_layout.base); } @@ -3497,7 +3483,6 @@ static noinline int do_init_module(struct module *mod) #endif module_enable_ro(mod, true); mod_tree_remove_init(mod); - disable_ro_nx(&mod->init_layout); module_arch_freeing_init(mod); mod->init_layout.base = NULL; mod->init_layout.size = 0; @@ -3812,10 +3797,6 @@ static int load_module(struct load_info *info, const char __user *uargs, module_bug_cleanup(mod); mutex_unlock(&module_mutex); - /* we can't deallocate the module until we clear memory protection */ - module_disable_ro(mod); - module_disable_nx(mod); - ddebug_cleanup: ftrace_release_mod(mod); dynamic_debug_remove(mod, info->debug);