From: mat <castet.matthieu@free.fr>
To: Valdis.Kletnieks@vt.edu
Cc: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-next@vger.kernel.org,
Arjan van de Ven <arjan@infradead.org>,
James Morris <jmorris@namei.org>,
Andrew Morton <akpm@linux-foundation.org>, Andi Kleen <ak@muc.de>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@elte.hu>,
Rusty Russell <rusty@rustcorp.com.au>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Dave Jones <davej@redhat.com>,
Siarhei Liakh <sliakh.lkml@gmail.com>,
Kees Cook <kees.cook@canonical.com>
Subject: Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel
Date: Fri, 26 Nov 2010 18:23:55 +0100 [thread overview]
Message-ID: <20101126182355.62615dff@mat-laptop> (raw)
In-Reply-To: <24422.1290656467@localhost>
[-- Attachment #1: Type: text/plain, Size: 3837 bytes --]
Le Wed, 24 Nov 2010 22:41:07 -0500,
Valdis.Kletnieks@vt.edu a écrit :
> On Tue, 16 Nov 2010 22:35:16 +0100, matthieu castet said:
>
> > This patch is a logical extension of the protection provided by
> > CONFIG_DEBUG_RODATA to LKMs. The protection is provided by splitting
> > module_core and module_init into three logical parts each and
> > setting appropriate page access permissions for each individual
> > section:
> >
> > 1. Code: RO+X
> > 2. RO data: RO+NX
> > 3. RW data: RW+NX
>
> This is incompatible with CONFIG_JUMP_LABEL:
>
> [ 252.093624] BUG: unable to handle kernel paging request at
> ffffffffa0680764 [ 252.094008] IP: [<ffffffff81225ee0>]
> generic_swap+0xa/0x1a [ 252.094008] PGD 1a1e067 PUD 1a22063 PMD
> 1093ac067 PTE 8000000109786161 [ 252.094008] Oops: 0003 [#1] PREEMPT
> SMP
>
> [ 252.094008] Pid: 3740, comm: modprobe Not tainted
> 2.6.37-rc3-mmotm1123 #1 0X564R/Latitude E6500 [ 252.094008] RIP:
> 0010:[<ffffffff81225ee0>] [<ffffffff81225ee0>] generic_swap+0xa/0x1a
> [ 252.094008] RSP: 0018:ffff88011a217d98 EFLAGS: 00010206
> [ 252.094008] RAX: 00000000000000d9 RBX: 0000000000000030 RCX:
> 000000000000007c [ 252.094008] RDX: 0000000000000017 RSI:
> ffffffffa0680794 RDI: ffffffffa0680764 [ 252.094008] RBP:
> ffff88011a217d98 R08: 0000000000000000 R09: ffff88011a217d38
> [ 252.094008] R10: 0000000000000000 R11: 000000000000013d R12:
> ffffffffa0680764 [ 252.094008] R13: 0000000000000018 R14:
> 0000000000000018 R15: 0000000000000018 [ 252.094008] FS:
> 00007f6ecb897720(0000) GS:ffff8800df100000(0000)
> knlGS:0000000000000000 [ 252.094008] CS: 0010 DS: 0000 ES: 0000
> CR0: 000000008005003b [ 252.094008] CR2: ffffffffa0680764 CR3:
> 000000011911e000 CR4: 00000000000406e0 [ 252.094008] DR0:
> 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 252.094008] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
> 0000000000000400 [ 252.094008] Process modprobe (pid: 3740,
> threadinfo ffff88011a216000, task ffff88011861e300) [ 252.094008]
> Stack: [ 252.094008] ffff88011a217e28 ffffffff81226007
> ffffffff81a31158 0000000000000000 [ 252.094008] 0000000000000030
> 0000000000000048 ffffffff8105fa34 ffffffff81225ed6 [ 252.094008]
> ffffffff00000018 ffffffff00000018 0000000000000018 00000030ffffffff
> [ 252.094008] Call Trace: [ 252.094008] [<ffffffff81226007>]
> sort+0x117/0x1b0 [ 252.094008] [<ffffffff8105fa34>] ?
> jump_label_cmp+0x0/0x1b [ 252.094008] [<ffffffff81225ed6>] ?
> generic_swap+0x0/0x1a [ 252.094008] [<ffffffff8105faa6>]
> sort_jump_label_entries+0x2b/0x2d [ 252.094008]
> [<ffffffff8105feda>] jump_label_module_notify+0x58/0x253
> [ 252.094008] [<ffffffff8155e816>] notifier_call_chain+0x54/0x81
> [ 252.094008] [<ffffffff8105d9b2>]
> __blocking_notifier_call_chain+0x5c/0x79 [ 252.094008]
> [<ffffffff8105d9de>] blocking_notifier_call_chain+0xf/0x11
> [ 252.094008] [<ffffffff810778cc>] sys_init_module+0x76/0x1f5
> [ 252.094008] [<ffffffff8100277b>] system_call_fastpath+0x16/0x1b
> [ 252.094008] Code: 05 ff c0 48 29 f7 48 39 f7 73 f6 48 89 3a c9 c3
> 90 90 90 8b 07 8b 16 55 89 17 48 89 e5 89 06 c9 c3 55 48 89 e5 8a 07
> 8a 0e ff ca <88> 0f 48 ff c7 88 06 48 ff c6 85 d2 7f ec c9 c3 55 89
> d0 48 89 [ 252.094008] RIP [<ffffffff81225ee0>]
> generic_swap+0xa/0x1a [ 252.094008] RSP <ffff88011a217d98>
> [ 252.094008] CR2: ffffffffa0680764 [ 252.094008] ---[ end trace
> f88479be6b01e4c4 ]---
>
>
> > +config DEBUG_SET_MODULE_RONX
> > + bool "Set loadable kernel module data as NX and text as RO"
> > + default n
> > + depends on X86 && MODULES
>
> depends on X86 && MODULES && !JUMP_LABEL
could you try the attached patch ?
on module load, we sort the __jump_table section. So we should make it
writable.
Matthieu
[-- Attachment #2: jmp_label.diff --]
[-- Type: text/x-patch, Size: 481 bytes --]
diff --git a/arch/x86/include/asm/jump_label.h b/arch/x86/include/asm/jump_label.h
index f52d42e..574dbc2 100644
--- a/arch/x86/include/asm/jump_label.h
+++ b/arch/x86/include/asm/jump_label.h
@@ -14,7 +14,7 @@
do { \
asm goto("1:" \
JUMP_LABEL_INITIAL_NOP \
- ".pushsection __jump_table, \"a\" \n\t"\
+ ".pushsection __jump_table, \"aw\" \n\t"\
_ASM_PTR "1b, %l[" #label "], %c0 \n\t" \
".popsection \n\t" \
: : "i" (key) : : label); \
next prev parent reply other threads:[~2010-11-26 17:24 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-16 21:35 [PATCH 3/3 V13] RO/NX protection for loadable kernel matthieu castet
2010-11-18 14:13 ` [tip:x86/security] x86: Add RO/NX protection for loadable kernel modules tip-bot for matthieu castet
2010-11-25 3:41 ` [PATCH 3/3 V13] RO/NX protection for loadable kernel Valdis.Kletnieks
2010-11-26 17:23 ` mat [this message]
2010-11-29 16:59 ` Valdis.Kletnieks
2010-12-08 22:19 ` Kees Cook
2010-12-10 23:18 ` mat
2010-12-11 0:27 ` Kees Cook
[not found] ` <20101211115735.21b616fe@mat-laptop>
2010-12-11 23:15 ` Kees Cook
2010-12-22 12:40 ` Ingo Molnar
2010-12-22 21:35 ` Valdis.Kletnieks
2010-12-22 21:57 ` Ingo Molnar
2010-12-22 21:57 ` Ingo Molnar
2010-12-22 22:02 ` Steven Rostedt
2010-12-23 8:49 ` Ingo Molnar
2010-12-23 15:01 ` Steven Rostedt
2010-12-24 1:43 ` Valdis.Kletnieks
2011-01-07 9:34 ` Xiaotian Feng
2011-01-07 9:34 ` Xiaotian Feng
2011-01-07 13:04 ` Ingo Molnar
2011-01-08 11:24 ` matthieu castet
2011-01-10 23:49 ` Kees Cook
2011-01-11 22:42 ` matthieu castet
2011-01-11 22:42 ` matthieu castet
2011-01-20 20:32 ` matthieu castet
2011-01-21 2:35 ` Xiaotian Feng
2011-01-21 2:35 ` Xiaotian Feng
2010-11-29 18:15 ` Steven Rostedt
2010-11-29 23:35 ` Rusty Russell
2010-11-30 14:46 ` Steven Rostedt
2010-12-01 13:36 ` Rusty Russell
2010-11-30 21:20 ` mat
2010-12-01 0:38 ` Steven Rostedt
2011-01-03 12:46 Tobias Karnat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101126182355.62615dff@mat-laptop \
--to=castet.matthieu@free.fr \
--cc=Valdis.Kletnieks@vt.edu \
--cc=ak@muc.de \
--cc=akpm@linux-foundation.org \
--cc=arjan@infradead.org \
--cc=davej@redhat.com \
--cc=hpa@zytor.com \
--cc=jmorris@namei.org \
--cc=kees.cook@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=rusty@rustcorp.com.au \
--cc=sfr@canb.auug.org.au \
--cc=sliakh.lkml@gmail.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.