From patchwork Tue Dec 24 05:55:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russell Currey X-Patchwork-Id: 11309101 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 843FE15AB for ; Tue, 24 Dec 2019 05:56:16 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id B6DAE20718 for ; Tue, 24 Dec 2019 05:56:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=russell.cc header.i=@russell.cc header.b="eHLEmCQ7"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="Do92WA0M" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B6DAE20718 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=russell.cc Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-17515-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 20012 invoked by uid 550); 24 Dec 2019 05:56:09 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 19896 invoked from network); 24 Dec 2019 05:56:08 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=russell.cc; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm3; bh=/ZAqtJdy+ln43 ioqFQJBYAV6EX+9TBgNroal6pRoyiA=; b=eHLEmCQ7ftwOduXWG7E5KB3TYj48d Z2dQiqLAAZmDIfCgqpdc2aS2mu+rQ2z6PLq+XYNc9diFsNjqHdBayz6p+An8UfoF czoGB/PpWP29dl10Qcz56zJ7FgH2WMPRAQt0pUEnmgiX7jeuEdTgFzBYU+fL0+8u YfGZcMtKBlxNEQ0xnQmVpIMl/UZndWwPZrEIRoydU+5G/3TEHVla5wqPpn6Kw+l6 bKivtbXlMEhzKbnZJryUODf9KuDY6y2QLxftceEo63ARFHge4/YucWk4oO7YYhHi N3GHMyUD5J/KrrP02OoB0Gdr0i+vGJ5qWwRGcMJfJK0v2RRpqqXlIRbbA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=/ZAqtJdy+ln43ioqFQJBYAV6EX+9TBgNroal6pRoyiA=; b=Do92WA0M 93EFff069P0gAjD/+Cu/Fv7+7sesresmXxESFxKwcs4Ymdaau352pSlJdCwD6M11 Xo6c760BAfA4MKjUTSrm5XY9HiIjLOLg9Ws2DM8QvQ8QhVtP4oZ4xy+TNwLYfLee hrZM09F8070WA4+A0y6ZXFFxT5+aOhaydomRqjyWltQS4Nq7kIxPgdjgX3YkZW3i ZUqr41G7UN2hrUA6SUzzCU9eagXu+0ks/4b7vlM0mCFGKPEHP/q3UlcPsD14UNi0 pC3J613TeVsKVP0hiDixbB8HSXs0EdhwFy0YdxaJPe0xpUZAqzlhfTkR1AB/trT7 qi7LPOZ/Y/lXCQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvddvuddgieduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucgfrhhlucfvnfffucdlfedtmdenucfjughrpefhvf fufffkofgjfhgggfestdekredtredttdenucfhrhhomheptfhushhsvghllhcuvehurhhr vgihuceorhhushgtuhhrsehruhhsshgvlhhlrdgttgeqnecukfhppeduvddvrdelledrke dvrddutdenucfrrghrrghmpehmrghilhhfrhhomheprhhushgtuhhrsehruhhsshgvlhhl rdgttgenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: From: Russell Currey To: linuxppc-dev@lists.ozlabs.org Cc: Russell Currey , christophe.leroy@c-s.fr, joel@jms.id.au, mpe@ellerman.id.au, ajd@linux.ibm.com, dja@axtens.net, npiggin@gmail.com, kernel-hardening@lists.openwall.com Subject: [PATCH v6 1/5] powerpc/mm: Implement set_memory() routines Date: Tue, 24 Dec 2019 16:55:41 +1100 Message-Id: <20191224055545.178462-2-ruscur@russell.cc> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191224055545.178462-1-ruscur@russell.cc> References: <20191224055545.178462-1-ruscur@russell.cc> MIME-Version: 1.0 The set_memory_{ro/rw/nx/x}() functions are required for STRICT_MODULE_RWX, and are generally useful primitives to have. This implementation is designed to be completely generic across powerpc's many MMUs. It's possible that this could be optimised to be faster for specific MMUs, but the focus is on having a generic and safe implementation for now. This implementation does not handle cases where the caller is attempting to change the mapping of the page it is executing from, or if another CPU is concurrently using the page being altered. These cases likely shouldn't happen, but a more complex implementation with MMU-specific code could safely handle them, so that is left as a TODO for now. Signed-off-by: Russell Currey --- arch/powerpc/Kconfig | 1 + arch/powerpc/include/asm/set_memory.h | 32 +++++++++++ arch/powerpc/mm/Makefile | 1 + arch/powerpc/mm/pageattr.c | 83 +++++++++++++++++++++++++++ 4 files changed, 117 insertions(+) create mode 100644 arch/powerpc/include/asm/set_memory.h create mode 100644 arch/powerpc/mm/pageattr.c diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 1ec34e16ed65..f0b9b47b5353 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -133,6 +133,7 @@ config PPC select ARCH_HAS_PTE_SPECIAL select ARCH_HAS_MEMBARRIER_CALLBACKS select ARCH_HAS_SCALED_CPUTIME if VIRT_CPU_ACCOUNTING_NATIVE && PPC_BOOK3S_64 + select ARCH_HAS_SET_MEMORY select ARCH_HAS_STRICT_KERNEL_RWX if ((PPC_BOOK3S_64 || PPC32) && !RELOCATABLE && !HIBERNATION) select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST select ARCH_HAS_UACCESS_FLUSHCACHE diff --git a/arch/powerpc/include/asm/set_memory.h b/arch/powerpc/include/asm/set_memory.h new file mode 100644 index 000000000000..5230ddb2fefd --- /dev/null +++ b/arch/powerpc/include/asm/set_memory.h @@ -0,0 +1,32 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_POWERPC_SET_MEMORY_H +#define _ASM_POWERPC_SET_MEMORY_H + +#define SET_MEMORY_RO 1 +#define SET_MEMORY_RW 2 +#define SET_MEMORY_NX 3 +#define SET_MEMORY_X 4 + +int change_memory_attr(unsigned long addr, int numpages, int action); + +static inline int set_memory_ro(unsigned long addr, int numpages) +{ + return change_memory_attr(addr, numpages, SET_MEMORY_RO); +} + +static inline int set_memory_rw(unsigned long addr, int numpages) +{ + return change_memory_attr(addr, numpages, SET_MEMORY_RW); +} + +static inline int set_memory_nx(unsigned long addr, int numpages) +{ + return change_memory_attr(addr, numpages, SET_MEMORY_NX); +} + +static inline int set_memory_x(unsigned long addr, int numpages) +{ + return change_memory_attr(addr, numpages, SET_MEMORY_X); +} + +#endif diff --git a/arch/powerpc/mm/Makefile b/arch/powerpc/mm/Makefile index 5e147986400d..d0a0bcbc9289 100644 --- a/arch/powerpc/mm/Makefile +++ b/arch/powerpc/mm/Makefile @@ -20,3 +20,4 @@ obj-$(CONFIG_HIGHMEM) += highmem.o obj-$(CONFIG_PPC_COPRO_BASE) += copro_fault.o obj-$(CONFIG_PPC_PTDUMP) += ptdump/ obj-$(CONFIG_KASAN) += kasan/ +obj-$(CONFIG_ARCH_HAS_SET_MEMORY) += pageattr.o diff --git a/arch/powerpc/mm/pageattr.c b/arch/powerpc/mm/pageattr.c new file mode 100644 index 000000000000..15d5fb04f531 --- /dev/null +++ b/arch/powerpc/mm/pageattr.c @@ -0,0 +1,83 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * MMU-generic set_memory implementation for powerpc + * + * Copyright 2019, IBM Corporation. + */ + +#include +#include + +#include +#include +#include + + +/* + * Updates the attributes of a page in three steps: + * + * 1. invalidate the page table entry + * 2. flush the TLB + * 3. install the new entry with the updated attributes + * + * This is unsafe if the caller is attempting to change the mapping of the + * page it is executing from, or if another CPU is concurrently using the + * page being altered. + * + * TODO make the implementation resistant to this. + */ +static int __change_page_attr(pte_t *ptep, unsigned long addr, void *data) +{ + int action = *((int *)data); + pte_t pte_val; + + // invalidate the PTE so it's safe to modify + pte_val = ptep_get_and_clear(&init_mm, addr, ptep); + flush_tlb_kernel_range(addr, addr + PAGE_SIZE); + + // modify the PTE bits as desired, then apply + switch (action) { + case SET_MEMORY_RO: + pte_val = pte_wrprotect(pte_val); + break; + case SET_MEMORY_RW: + pte_val = pte_mkwrite(pte_val); + break; + case SET_MEMORY_NX: + pte_val = pte_exprotect(pte_val); + break; + case SET_MEMORY_X: + pte_val = pte_mkexec(pte_val); + break; + default: + WARN_ON(true); + return -EINVAL; + } + + set_pte_at(&init_mm, addr, ptep, pte_val); + + return 0; +} + +static int change_page_attr(pte_t *ptep, unsigned long addr, void *data) +{ + int ret; + + spin_lock(&init_mm.page_table_lock); + ret = __change_page_attr(ptep, addr, data); + spin_unlock(&init_mm.page_table_lock); + + return ret; +} + +int change_memory_attr(unsigned long addr, int numpages, int action) +{ + unsigned long start = ALIGN_DOWN(addr, PAGE_SIZE); + unsigned long size = numpages * PAGE_SIZE; + + if (!numpages) + return 0; + + return apply_to_page_range(&init_mm, start, size, change_page_attr, &action); +} From patchwork Tue Dec 24 05:55:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russell Currey X-Patchwork-Id: 11309103 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1E186138C for ; Tue, 24 Dec 2019 05:56:24 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 792F620718 for ; Tue, 24 Dec 2019 05:56:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=russell.cc header.i=@russell.cc header.b="E/oBDDmr"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="gG9hkhhz" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 792F620718 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=russell.cc Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-17516-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 20301 invoked by uid 550); 24 Dec 2019 05:56:11 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 20215 invoked from network); 24 Dec 2019 05:56:11 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=russell.cc; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm3; bh=g0JXM4p7ZeNbM /n/P1uBfa0xgPXj9o+bD1IfKhBoyFs=; b=E/oBDDmrGdr7dMrBGezj4+ZjJ1hjs SJkWR/CjPzeSBHXaMhNwy79AxONXFdHx6pWy+KPxSgo9sxBxBfzEMLW+chMb5IPg C85DOqebx73Mb4OalGKxyromzae4Vg0Ml7LdG/2uN6SnRZsPEEhoVTZkty60NEOv oPauEMNcwVyVodDFMcDNhI3ESN9b5MvbYmALr1RtrAjZu8fTbbIngpQ0ofJ13FWB rXzw7P+M5DK1FRhn66rRGIEonHICQmO4bFTF1+LCciFOnegS0xkF73kXffaYgt9G lr6xaRFOjAB1pnVNFUvoylmODzPXDcjCIXLNxI6eqn65RgbtDgwu1r9cQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=g0JXM4p7ZeNbM/n/P1uBfa0xgPXj9o+bD1IfKhBoyFs=; b=gG9hkhhz K3dryN0VPnG8TXus1+47AVCkspzqvVHv1tfOvs4r8MHW6ZKB6TC8Rggm+O8aXXuK kNiThX5m29KP7QsDAsnaYtjU0OEX3cgAaqb+/9JhWVyTYzZ46Gm9ZeVrmLY76Ukv LVFHR7Lb4SmfxHzXsh4HMzn6Tby22TdmshTe/MiVqNtPerJGLXVEevI7YccdX8az nzohIQNB3QM6YISyl81wjF41XJctia0hDZYskSq0xLk9PFb3Y8pVJBmuHHkCSQiC +ck8gCIwMjFMFimVmdPqZYAefbPXhcjnnixNVrulAchmk0gyJWPPs2IS8WtaXiTE VBBlngQVxmSzvg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvddvuddgieduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucgfrhhlucfvnfffucdludehmdenucfjughrpefhvf fufffkofgjfhgggfestdekredtredttdenucfhrhhomheptfhushhsvghllhcuvehurhhr vgihuceorhhushgtuhhrsehruhhsshgvlhhlrdgttgeqnecukfhppeduvddvrdelledrke dvrddutdenucfrrghrrghmpehmrghilhhfrhhomheprhhushgtuhhrsehruhhsshgvlhhl rdgttgenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: From: Russell Currey To: linuxppc-dev@lists.ozlabs.org Cc: Russell Currey , christophe.leroy@c-s.fr, joel@jms.id.au, mpe@ellerman.id.au, ajd@linux.ibm.com, dja@axtens.net, npiggin@gmail.com, kernel-hardening@lists.openwall.com Subject: [PATCH v6 2/5] powerpc/kprobes: Mark newly allocated probes as RO Date: Tue, 24 Dec 2019 16:55:42 +1100 Message-Id: <20191224055545.178462-3-ruscur@russell.cc> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191224055545.178462-1-ruscur@russell.cc> References: <20191224055545.178462-1-ruscur@russell.cc> MIME-Version: 1.0 With CONFIG_STRICT_KERNEL_RWX=y and CONFIG_KPROBES=y, there will be one W+X page at boot by default. This can be tested with CONFIG_PPC_PTDUMP=y and CONFIG_PPC_DEBUG_WX=y set, and checking the kernel log during boot. powerpc doesn't implement its own alloc() for kprobes like other architectures do, but we couldn't immediately mark RO anyway since we do a memcpy to the page we allocate later. After that, nothing should be allowed to modify the page, and write permissions are removed well before the kprobe is armed. The memcpy() would fail if >1 probes were allocated, so use patch_instruction() instead which is safe for RO. Reviewed-by: Daniel Axtens Signed-off-by: Russell Currey --- arch/powerpc/kernel/kprobes.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/kprobes.c b/arch/powerpc/kernel/kprobes.c index 2d27ec4feee4..b72761f0c9e3 100644 --- a/arch/powerpc/kernel/kprobes.c +++ b/arch/powerpc/kernel/kprobes.c @@ -24,6 +24,7 @@ #include #include #include +#include DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL; DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk); @@ -124,13 +125,14 @@ int arch_prepare_kprobe(struct kprobe *p) } if (!ret) { - memcpy(p->ainsn.insn, p->addr, - MAX_INSN_SIZE * sizeof(kprobe_opcode_t)); + patch_instruction(p->ainsn.insn, *p->addr); p->opcode = *p->addr; flush_icache_range((unsigned long)p->ainsn.insn, (unsigned long)p->ainsn.insn + sizeof(kprobe_opcode_t)); } + set_memory_ro((unsigned long)p->ainsn.insn, 1); + p->ainsn.boostable = 0; return ret; } From patchwork Tue Dec 24 05:55:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russell Currey X-Patchwork-Id: 11309105 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C38AE15AB for ; Tue, 24 Dec 2019 05:56:31 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 2C69420718 for ; Tue, 24 Dec 2019 05:56:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=russell.cc header.i=@russell.cc header.b="IbzIp6E6"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="wZC2mhCu" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2C69420718 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=russell.cc Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-17517-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 21632 invoked by uid 550); 24 Dec 2019 05:56:15 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 21528 invoked from network); 24 Dec 2019 05:56:14 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=russell.cc; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm3; bh=HNaf5NLW14hQr LdxJDMbqeAu56lYddI2fvxI/Oi2Q/k=; b=IbzIp6E6KQyiIG9rgeFnW3fsle+lZ JyV0i6l09BrMpOSmyF4VjAfSg2rF0BeoapfxwQ7n9Te6C4uLyHURjVFQBgq4dp2m N08rF7QIym+65gl4tWtM29Gj0rCM88/JFtul1SWTr7NHLvEBwRPdq85OZoRZAXUW 6MT1G5Ah4UNFDq64O1J5IYNEmvqaYhEyAlIjFw8U2toAed4Ho5PQ2zoH5uAGV1vG wkBqqvU9y0BgwjJbyiBZOARyDyalRuK39jWXmQ2UEEG3uxpndETk2r6EEYOOSgHv kqjiVq34f2LuycC8OXGW3pacbV3vr/MCSv+qTOc05YceqC8ClbzgSKQ/w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=HNaf5NLW14hQrLdxJDMbqeAu56lYddI2fvxI/Oi2Q/k=; b=wZC2mhCu 2+60kjZBIOrFAAgxXPXmngg4oD5xhdXASIxx17e7bchkcuPrmVkFbJSYshDyM4on VCfiP2zO3UeZ3+mzBxqv2czUqXcv/zX7L6+71H0PchwCwvwjUVmXSm+6o3bBJagJ PbXt7NGQ4mK3SpABlJsqvZ5G+V5OD0RpH/1x4Yf4eixAMszrM+rosaKNUcC5AL8e N9JjqUHKuhdvUVkYqT4izSsthG7xC0/Gq109dar1+Ae3AAVLUaThnt1npiLjcN9g Hq4XfJ7fAgDI6K47DUDnQnj0GDKTAVgSOzwwx0C+RznekoYeqeYD8QNnQVkXCv7o iaFApKS9kyiz8Q== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvddvuddgieduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucgfrhhlucfvnfffucdlfedtmdenucfjughrpefhvf fufffkofgjfhgggfestdekredtredttdenucfhrhhomheptfhushhsvghllhcuvehurhhr vgihuceorhhushgtuhhrsehruhhsshgvlhhlrdgttgeqnecukfhppeduvddvrdelledrke dvrddutdenucfrrghrrghmpehmrghilhhfrhhomheprhhushgtuhhrsehruhhsshgvlhhl rdgttgenucevlhhushhtvghrufhiiigvpedv X-ME-Proxy: From: Russell Currey To: linuxppc-dev@lists.ozlabs.org Cc: Russell Currey , christophe.leroy@c-s.fr, joel@jms.id.au, mpe@ellerman.id.au, ajd@linux.ibm.com, dja@axtens.net, npiggin@gmail.com, kernel-hardening@lists.openwall.com Subject: [PATCH v6 3/5] powerpc/mm/ptdump: debugfs handler for W+X checks at runtime Date: Tue, 24 Dec 2019 16:55:43 +1100 Message-Id: <20191224055545.178462-4-ruscur@russell.cc> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191224055545.178462-1-ruscur@russell.cc> References: <20191224055545.178462-1-ruscur@russell.cc> MIME-Version: 1.0 Very rudimentary, just echo 1 > [debugfs]/check_wx_pages and check the kernel log. Useful for testing strict module RWX. Updated the Kconfig entry to reflect this. Also fixed a typo. Signed-off-by: Russell Currey --- arch/powerpc/Kconfig.debug | 6 ++++-- arch/powerpc/mm/ptdump/ptdump.c | 21 ++++++++++++++++++++- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug index 4e1d39847462..7c14c9728bc0 100644 --- a/arch/powerpc/Kconfig.debug +++ b/arch/powerpc/Kconfig.debug @@ -370,7 +370,7 @@ config PPC_PTDUMP If you are unsure, say N. config PPC_DEBUG_WX - bool "Warn on W+X mappings at boot" + bool "Warn on W+X mappings at boot & enable manual checks at runtime" depends on PPC_PTDUMP help Generate a warning if any W+X mappings are found at boot. @@ -384,7 +384,9 @@ config PPC_DEBUG_WX of other unfixed kernel bugs easier. There is no runtime or memory usage effect of this option - once the kernel has booted up - it's a one time check. + once the kernel has booted up, it only automatically checks once. + + Enables the "check_wx_pages" debugfs entry for checking at runtime. If in doubt, say "Y". diff --git a/arch/powerpc/mm/ptdump/ptdump.c b/arch/powerpc/mm/ptdump/ptdump.c index 2f9ddc29c535..b6cba29ae4a0 100644 --- a/arch/powerpc/mm/ptdump/ptdump.c +++ b/arch/powerpc/mm/ptdump/ptdump.c @@ -4,7 +4,7 @@ * * This traverses the kernel pagetables and dumps the * information about the used sections of memory to - * /sys/kernel/debug/kernel_pagetables. + * /sys/kernel/debug/kernel_page_tables. * * Derived from the arm64 implementation: * Copyright (c) 2014, The Linux Foundation, Laura Abbott. @@ -409,6 +409,25 @@ void ptdump_check_wx(void) else pr_info("Checked W+X mappings: passed, no W+X pages found\n"); } + +static int check_wx_debugfs_set(void *data, u64 val) +{ + if (val != 1ULL) + return -EINVAL; + + ptdump_check_wx(); + + return 0; +} + +DEFINE_SIMPLE_ATTRIBUTE(check_wx_fops, NULL, check_wx_debugfs_set, "%llu\n"); + +static int ptdump_check_wx_init(void) +{ + return debugfs_create_file("check_wx_pages", 0200, NULL, + NULL, &check_wx_fops) ? 0 : -ENOMEM; +} +device_initcall(ptdump_check_wx_init); #endif static int ptdump_init(void) From patchwork Tue Dec 24 05:55:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russell Currey X-Patchwork-Id: 11309107 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 38F1D138C for ; Tue, 24 Dec 2019 05:56:40 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 94607206B7 for ; Tue, 24 Dec 2019 05:56:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=russell.cc header.i=@russell.cc header.b="S4Zlhh/D"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="K15uznEx" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 94607206B7 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=russell.cc Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-17518-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 21956 invoked by uid 550); 24 Dec 2019 05:56:18 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 21867 invoked from network); 24 Dec 2019 05:56:17 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=russell.cc; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm3; bh=iBR0oQDDjQO6Y Gl4XkS1WHXbmGR1LldgL5SE2D45VZ8=; b=S4Zlhh/DMWIu3RBFXKAJEZoLpOUz6 zNcsQHS6x/eOYYJ+0B7vTXL79+S9pTZG3tnAxW3r7TORPtlCF4bbu/+iFNgG1WY2 VnDDf0+vHvENtXN16uCQiLqpCgU6nAhJ0vPnNX1uIsHtDBNH1TyQTBuC0puR5bwE YTN9wB26mTQ1JEA9KdTeUr56cEszq2XbnUUsSuhNbyoDK3sJ3DE4zuxbzV4KmygY QGABM73ytLQiGxXFzwQwdffQOoSzEqywNM0NZa6FhsJAOjUafbY+Anr8HVPQ1+uE 4uRPI43Go4J/78xM+X2ur5mBFH327fnEOBaCf1qlXTiJgeg6YRJrlXoFg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=iBR0oQDDjQO6YGl4XkS1WHXbmGR1LldgL5SE2D45VZ8=; b=K15uznEx FjNaTkcMEvX1L8kj7tPSHbgCSB30bFIG46NTXv2uBZPc/TiAGgNDvPbUnAgDMNiA WNKwIFPz22mfVO711TvkAkaHNVREZ0QSrTC4SpJ61oU6S9sA1P2ChNxFwxMysmuu 3KHp/79uR/6ZUKpxZd/9RYAJTcZkSKGbCo99inhdiw2EzQYGkq6flxxPOyQRBNMi o5Y+VWqH0TdW+RI0gsXpTimWrzu+IGomUa5RWA7Z6ym4Lm7lRlRoVCPeDNNqyMZ9 6sLHFlJt+gzm1CyB5wJa9vugSlFaWfalWsPdkoSD6XTsz9EP13YRozJeLCuz/xxJ m4/FK1iQGeZzYw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvddvuddgieduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucgfrhhlucfvnfffucdlfedtmdenucfjughrpefhvf fufffkofgjfhgggfestdekredtredttdenucfhrhhomheptfhushhsvghllhcuvehurhhr vgihuceorhhushgtuhhrsehruhhsshgvlhhlrdgttgeqnecukfhppeduvddvrdelledrke dvrddutdenucfrrghrrghmpehmrghilhhfrhhomheprhhushgtuhhrsehruhhsshgvlhhl rdgttgenucevlhhushhtvghrufhiiigvpedv X-ME-Proxy: From: Russell Currey To: linuxppc-dev@lists.ozlabs.org Cc: Russell Currey , christophe.leroy@c-s.fr, joel@jms.id.au, mpe@ellerman.id.au, ajd@linux.ibm.com, dja@axtens.net, npiggin@gmail.com, kernel-hardening@lists.openwall.com Subject: [PATCH v6 4/5] powerpc: Set ARCH_HAS_STRICT_MODULE_RWX Date: Tue, 24 Dec 2019 16:55:44 +1100 Message-Id: <20191224055545.178462-5-ruscur@russell.cc> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191224055545.178462-1-ruscur@russell.cc> References: <20191224055545.178462-1-ruscur@russell.cc> MIME-Version: 1.0 To enable strict module RWX on powerpc, set: CONFIG_STRICT_MODULE_RWX=y You should also have CONFIG_STRICT_KERNEL_RWX=y set to have any real security benefit. ARCH_HAS_STRICT_MODULE_RWX is set to require ARCH_HAS_STRICT_KERNEL_RWX. This is due to a quirk in arch/Kconfig and arch/powerpc/Kconfig that makes STRICT_MODULE_RWX *on by default* in configurations where STRICT_KERNEL_RWX is *unavailable*. Since this doesn't make much sense, and module RWX without kernel RWX doesn't make much sense, having the same dependencies as kernel RWX works around this problem. Signed-off-by: Russell Currey --- arch/powerpc/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index f0b9b47b5353..97ea012fdff9 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -135,6 +135,7 @@ config PPC select ARCH_HAS_SCALED_CPUTIME if VIRT_CPU_ACCOUNTING_NATIVE && PPC_BOOK3S_64 select ARCH_HAS_SET_MEMORY select ARCH_HAS_STRICT_KERNEL_RWX if ((PPC_BOOK3S_64 || PPC32) && !RELOCATABLE && !HIBERNATION) + select ARCH_HAS_STRICT_MODULE_RWX if ARCH_HAS_STRICT_KERNEL_RWX select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST select ARCH_HAS_UACCESS_FLUSHCACHE select ARCH_HAS_UACCESS_MCSAFE if PPC64 From patchwork Tue Dec 24 05:55:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russell Currey X-Patchwork-Id: 11309109 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B1C83138C for ; Tue, 24 Dec 2019 05:56:48 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 168E820718 for ; Tue, 24 Dec 2019 05:56:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=russell.cc header.i=@russell.cc header.b="RNY1BDc3"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="X/dXvbKi" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 168E820718 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=russell.cc Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-17519-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 22310 invoked by uid 550); 24 Dec 2019 05:56:22 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 22224 invoked from network); 24 Dec 2019 05:56:21 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=russell.cc; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm3; bh=4VL2rvXf5bbo/ YYVlys+nvN5T+AYKTkC0MAqwoxcqsI=; b=RNY1BDc3jqyQ7snuL6VqhiYFbV451 qo5KtP0LkobTzZTw9CcwZMP/JyCJWr6gx6hTfjDGxY4bTlRJuU+uj00Sxk2RAhit Rdw1CvQhsScp4lcd43tyJtHRhJ3PvU8/0NZ9pbgpqr25Cn8oHFwAD6ddIhRszjKq ran4fi76zAGVuGQgo6HfKlGWy/2lU0WMBrn9YFCwSHknjeme5G3uquNf9g2SeZqn fYO/S9fEGDoRo26g+kut2nebFUrDv7TKzko+2onAdO99c7o5B0WdPwXUd0fG+Hsa C65846M1vA3AhFhvbWCq4mb7SMbAR75tpfzxAFAv3ue3rQ/h2CKPxZhzA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=4VL2rvXf5bbo/YYVlys+nvN5T+AYKTkC0MAqwoxcqsI=; b=X/dXvbKi fOvuRuADJ1aBGEP88UvQHraAOuT2/5AWDr7lJtWg+8Q6gjhc/E6A7r19MSQ2zR3W 8RUzRACWn6Q4EocfTpS9Bg5V7O0V4Q/2pdj3hH3RQti5M/UHIOyZhfODOl4NIQGY e8KSg5cTu/W8s7tT8OpQL0tqt8PzhOUKGrK5U1yP3IN06yWIVYxZF5yzAelcvTc2 7RvySaQiYKWZ4OKAPs8Rf+es0yLcVvDl1AWnn+3ZGdl2CMBggZLv+CasNTkLD5tz gA+Pfiac6Z+VN561qjn/ZKql/Oh+YNNs6DvoyGxMwwh+xIOa5z+B95Fxv32qWLfO VVLJyhIU6J+jnQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvddvuddgieduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne gfrhhlucfvnfffucdludehmdenucfjughrpefhvffufffkofgjfhgggfestdekredtredt tdenucfhrhhomheptfhushhsvghllhcuvehurhhrvgihuceorhhushgtuhhrsehruhhssh gvlhhlrdgttgeqnecukfhppeduvddvrdelledrkedvrddutdenucfrrghrrghmpehmrghi lhhfrhhomheprhhushgtuhhrsehruhhsshgvlhhlrdgttgenucevlhhushhtvghrufhiii gvpeeg X-ME-Proxy: From: Russell Currey To: linuxppc-dev@lists.ozlabs.org Cc: Russell Currey , christophe.leroy@c-s.fr, joel@jms.id.au, mpe@ellerman.id.au, ajd@linux.ibm.com, dja@axtens.net, npiggin@gmail.com, kernel-hardening@lists.openwall.com, Joel Stanley Subject: [PATCH v6 5/5] powerpc/configs: Enable STRICT_MODULE_RWX in skiroot_defconfig Date: Tue, 24 Dec 2019 16:55:45 +1100 Message-Id: <20191224055545.178462-6-ruscur@russell.cc> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191224055545.178462-1-ruscur@russell.cc> References: <20191224055545.178462-1-ruscur@russell.cc> MIME-Version: 1.0 skiroot_defconfig is the only powerpc defconfig with STRICT_KERNEL_RWX enabled, and if you want memory protection for kernel text you'd want it for modules too, so enable STRICT_MODULE_RWX there. Acked-by: Joel Stanley Signed-off-by: Russell Currey --- arch/powerpc/configs/skiroot_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/configs/skiroot_defconfig b/arch/powerpc/configs/skiroot_defconfig index 069f67f12731..b74358c3ede8 100644 --- a/arch/powerpc/configs/skiroot_defconfig +++ b/arch/powerpc/configs/skiroot_defconfig @@ -31,6 +31,7 @@ CONFIG_PERF_EVENTS=y CONFIG_SLAB_FREELIST_HARDENED=y CONFIG_JUMP_LABEL=y CONFIG_STRICT_KERNEL_RWX=y +CONFIG_STRICT_MODULE_RWX=y CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_SIG=y