mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2024-12-28 16:52:18 +00:00
0c133b1e78
In order to support ROX allocations for module text, it is necessary to handle modifications to the code, such as relocations and alternatives patching, without write access to that memory. One option is to use text patching, but this would make module loading extremely slow and will expose executable code that is not finally formed. A better way is to have memory allocated with ROX permissions contain invalid instructions and keep a writable, but not executable copy of the module text. The relocations and alternative patches would be done on the writable copy using the addresses of the ROX memory. Once the module is completely ready, the updated text will be copied to ROX memory using text patching in one go and the writable copy will be freed. Add support for that to module initialization code and provide necessary interfaces in execmem. Link: https://lkml.kernel.org/r/20241023162711.2579610-5-rppt@kernel.org Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org> Reviewd-by: Luis Chamberlain <mcgrof@kernel.org> Tested-by: kdevops <kdevops@lists.linux.dev> Cc: Andreas Larsson <andreas@gaisler.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Borislav Petkov (AMD) <bp@alien8.de> Cc: Brian Cain <bcain@quicinc.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Cc: Christoph Hellwig <hch@lst.de> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Dinh Nguyen <dinguyen@kernel.org> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Cc: Guo Ren <guoren@kernel.org> Cc: Helge Deller <deller@gmx.de> Cc: Huacai Chen <chenhuacai@kernel.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Cc: Kent Overstreet <kent.overstreet@linux.dev> Cc: Liam R. Howlett <Liam.Howlett@Oracle.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Masami Hiramatsu (Google) <mhiramat@kernel.org> Cc: Matt Turner <mattst88@gmail.com> Cc: Max Filippov <jcmvbkbc@gmail.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Michal Simek <monstr@monstr.eu> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Palmer Dabbelt <palmer@dabbelt.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Richard Weinberger <richard@nod.at> Cc: Russell King <linux@armlinux.org.uk> Cc: Song Liu <song@kernel.org> Cc: Stafford Horne <shorne@gmail.com> Cc: Steven Rostedt (Google) <rostedt@goodmis.org> Cc: Suren Baghdasaryan <surenb@google.com> Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Uladzislau Rezki (Sony) <urezki@gmail.com> Cc: Vineet Gupta <vgupta@kernel.org> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
103 lines
2.3 KiB
C
103 lines
2.3 KiB
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/*
|
|
* Module strict rwx
|
|
*
|
|
* Copyright (C) 2015 Rusty Russell
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/vmalloc.h>
|
|
#include <linux/set_memory.h>
|
|
#include "internal.h"
|
|
|
|
static int module_set_memory(const struct module *mod, enum mod_mem_type type,
|
|
int (*set_memory)(unsigned long start, int num_pages))
|
|
{
|
|
const struct module_memory *mod_mem = &mod->mem[type];
|
|
|
|
if (!mod_mem->base)
|
|
return 0;
|
|
|
|
set_vm_flush_reset_perms(mod_mem->base);
|
|
return set_memory((unsigned long)mod_mem->base, mod_mem->size >> PAGE_SHIFT);
|
|
}
|
|
|
|
/*
|
|
* Since some arches are moving towards PAGE_KERNEL module allocations instead
|
|
* of PAGE_KERNEL_EXEC, keep module_enable_x() independent of
|
|
* CONFIG_STRICT_MODULE_RWX because they are needed regardless of whether we
|
|
* are strict.
|
|
*/
|
|
int module_enable_text_rox(const struct module *mod)
|
|
{
|
|
for_class_mod_mem_type(type, text) {
|
|
int ret;
|
|
|
|
if (mod->mem[type].is_rox)
|
|
continue;
|
|
|
|
if (IS_ENABLED(CONFIG_STRICT_MODULE_RWX))
|
|
ret = module_set_memory(mod, type, set_memory_rox);
|
|
else
|
|
ret = module_set_memory(mod, type, set_memory_x);
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int module_enable_rodata_ro(const struct module *mod, bool after_init)
|
|
{
|
|
int ret;
|
|
|
|
if (!IS_ENABLED(CONFIG_STRICT_MODULE_RWX) || !rodata_enabled)
|
|
return 0;
|
|
|
|
ret = module_set_memory(mod, MOD_RODATA, set_memory_ro);
|
|
if (ret)
|
|
return ret;
|
|
ret = module_set_memory(mod, MOD_INIT_RODATA, set_memory_ro);
|
|
if (ret)
|
|
return ret;
|
|
|
|
if (after_init)
|
|
return module_set_memory(mod, MOD_RO_AFTER_INIT, set_memory_ro);
|
|
|
|
return 0;
|
|
}
|
|
|
|
int module_enable_data_nx(const struct module *mod)
|
|
{
|
|
if (!IS_ENABLED(CONFIG_STRICT_MODULE_RWX))
|
|
return 0;
|
|
|
|
for_class_mod_mem_type(type, data) {
|
|
int ret = module_set_memory(mod, type, set_memory_nx);
|
|
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int module_enforce_rwx_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
|
|
char *secstrings, struct module *mod)
|
|
{
|
|
const unsigned long shf_wx = SHF_WRITE | SHF_EXECINSTR;
|
|
int i;
|
|
|
|
if (!IS_ENABLED(CONFIG_STRICT_MODULE_RWX))
|
|
return 0;
|
|
|
|
for (i = 0; i < hdr->e_shnum; i++) {
|
|
if ((sechdrs[i].sh_flags & shf_wx) == shf_wx) {
|
|
pr_err("%s: section %s (index %d) has invalid WRITE|EXEC flags\n",
|
|
mod->name, secstrings + sechdrs[i].sh_name, i);
|
|
return -ENOEXEC;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|