From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754126Ab1AUCfy (ORCPT ); Thu, 20 Jan 2011 21:35:54 -0500 Received: from mail-vw0-f46.google.com ([209.85.212.46]:39426 "EHLO mail-vw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752024Ab1AUCfv convert rfc822-to-8bit (ORCPT ); Thu, 20 Jan 2011 21:35:51 -0500 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=UGiY4HsHWnCt+p+6b+Vgwt/P6B+kczKu3H2plT5poRY61MkydUf1B/l/xENB9UGgMg NTP5xtbFgjvPg3VSZdPV5ifjqVSFIt+S8ZigRJi+1fZGy3/cS/buNXTSQaEdFv+pI/ET uNDEjYqpx852oL2NKGbBKrFWZ8TggO3EGJDN4= MIME-Version: 1.0 In-Reply-To: <4D389BC0.8080900@free.fr> References: <4CE2F914.9070106@free.fr> <24422.1290656467@localhost> <20101126182355.62615dff@mat-laptop> <20101208221951.GO5750@outflux.net> <20101211001857.4c5e0794@mat-laptop> <20101222124019.GG10809@elte.hu> <34428.1293053719@localhost> <4D389BC0.8080900@free.fr> Date: Fri, 21 Jan 2011 10:35:49 +0800 Message-ID: Subject: Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel From: Xiaotian Feng To: matthieu castet Cc: Valdis.Kletnieks@vt.edu, Ingo Molnar , Kees Cook , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-next@vger.kernel.org, Arjan van de Ven , James Morris , Andrew Morton , Andi Kleen , Thomas Gleixner , "H. Peter Anvin" , Rusty Russell , Stephen Rothwell , Dave Jones , Siarhei Liakh , Steven Rostedt Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 21, 2011 at 4:32 AM, matthieu castet wrote: > Xiaotian Feng a écrit : >> >> On Thu, Dec 23, 2010 at 5:35 AM,   wrote: >>> >>> On Wed, 22 Dec 2010 13:40:19 +0100, Ingo Molnar said: >>>> >>>> * mat wrote: >>>> >>>>> Le Wed, 8 Dec 2010 14:19:51 -0800, >>>>> Kees Cook a écrit : >>>>> >>>>>> On Fri, Nov 26, 2010 at 06:23:55PM +0100, mat wrote: >>>>>>> >>>>>>> could you try the attached patch ? >>>>>>> >>>>>>> on module load, we sort the __jump_table section. So we should make >>>>>>> it writable. >>>>>>> >>>>>>> >>>>>>> Matthieu >>>>>>> diff --git a/arch/x86/include/asm/jump_label.h >>>>>>> b/arch/x86/include/asm/jump_label.h index f52d42e..574dbc2 100644 >>>>>>> --- a/arch/x86/include/asm/jump_label.h >>>>>>> +++ b/arch/x86/include/asm/jump_label.h >>>>>>> @@ -14,7 +14,7 @@ >>>>>>>        do >>>>>>> {                                                       \ asm >>>>>>> goto("1:"                                       \ >>>>>>> JUMP_LABEL_INITIAL_NOP                  \ >>>>>>> -                       ".pushsection __jump_table,  \"a\" \n\t"\ >>>>>>> +                       ".pushsection __jump_table,  \"aw\" \n\t"\ >>>>>>>                        _ASM_PTR "1b, %l[" #label "], %c0 \n\t" \ >>>>>>>                        ".popsection \n\t"                      \ >>>>>>>                        : :  "i" (key) :  : label); >>>>>>> \ >>>>>> >>>>>> Acked-by: Kees Cook >>>>>> >>>>>> Can this please get committed to tip? >>>>> >>>>> I think it is not need anymore with  Steven Rostedt patch [1] >>>>> >>>>> Matthieu >>>>> >>>>> [1] >>>>>>> >>>>>>> Here we set the text read only before we call the notifiers. The >>>>>>> function tracer changes the calls to mcount into nops via a notifier >>>>>>> call so this must be done after the module notifiers. >>>> >>>> What's the status of this bug? >>>> >>>> If we still need the patch then please submit it standalone with a >>>> proper subject >>>> line, with acks/signoffs added, etc. >>> >>> Steve Rostedt's patch that moves the setting of the page permissions >>> seems to >>> make this patch no longer necessary.  I tripped over this same issue, but >>> the >>> version in the latest -mmotm does not need it, as it includes Steve's >>> fix. >>> >> >> I'm facing a boot failure (panic'ed on remove_jump_label_module_init) >> on 2.6.37 (latest commit 3c0cb7c), which is 100% reproducible. >> With this patch applied, I can boot my machine successfully, so I do >> think this patch is needed. >> > Could you confirm that this patch fix the problem ? > Yes, I already applied this patch, and my system works fine now. > > Matthieu > From mboxrd@z Thu Jan 1 00:00:00 1970 From: Xiaotian Feng Subject: Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel Date: Fri, 21 Jan 2011 10:35:49 +0800 Message-ID: References: <4CE2F914.9070106@free.fr> <24422.1290656467@localhost> <20101126182355.62615dff@mat-laptop> <20101208221951.GO5750@outflux.net> <20101211001857.4c5e0794@mat-laptop> <20101222124019.GG10809@elte.hu> <34428.1293053719@localhost> <4D389BC0.8080900@free.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: In-Reply-To: <4D389BC0.8080900@free.fr> Sender: linux-security-module-owner@vger.kernel.org To: matthieu castet Cc: Valdis.Kletnieks@vt.edu, Ingo Molnar , Kees Cook , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-next@vger.kernel.org, Arjan van de Ven , James Morris , Andrew Morton , Andi Kleen , Thomas Gleixner , "H. Peter Anvin" , Rusty Russell , Stephen Rothwell , Dave Jones , Siarhei Liakh , Steven Rostedt List-Id: linux-next.vger.kernel.org On Fri, Jan 21, 2011 at 4:32 AM, matthieu castet wrote: > Xiaotian Feng a =C3=A9crit : >> >> On Thu, Dec 23, 2010 at 5:35 AM, =C2=A0 wro= te: >>> >>> On Wed, 22 Dec 2010 13:40:19 +0100, Ingo Molnar said: >>>> >>>> * mat wrote: >>>> >>>>> Le Wed, 8 Dec 2010 14:19:51 -0800, >>>>> Kees Cook a =C3=A9crit : >>>>> >>>>>> On Fri, Nov 26, 2010 at 06:23:55PM +0100, mat wrote: >>>>>>> >>>>>>> could you try the attached patch ? >>>>>>> >>>>>>> on module load, we sort the __jump_table section. So we should = make >>>>>>> it writable. >>>>>>> >>>>>>> >>>>>>> Matthieu >>>>>>> diff --git a/arch/x86/include/asm/jump_label.h >>>>>>> b/arch/x86/include/asm/jump_label.h index f52d42e..574dbc2 1006= 44 >>>>>>> --- a/arch/x86/include/asm/jump_label.h >>>>>>> +++ b/arch/x86/include/asm/jump_label.h >>>>>>> @@ -14,7 +14,7 @@ >>>>>>> =C2=A0 =C2=A0 =C2=A0 =C2=A0do >>>>>>> { =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 \ asm >>>>>>> goto("1:" =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 \ >>>>>>> JUMP_LABEL_INITIAL_NOP =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0\ >>>>>>> - =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 ".pushsection __jump_table, =C2=A0\"a\" \n\t"\ >>>>>>> + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 ".pushsection __jump_table, =C2=A0\"aw\" \n\t"\ >>>>>>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0_ASM_PTR "1b, %l[" #label "], %c0 \n\t" \ >>>>>>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0".popsection \n\t" =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0\ >>>>>>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0: : =C2=A0"i" (key) : =C2=A0: label); >>>>>>> \ >>>>>> >>>>>> Acked-by: Kees Cook >>>>>> >>>>>> Can this please get committed to tip? >>>>> >>>>> I think it is not need anymore with =C2=A0Steven Rostedt patch [1= ] >>>>> >>>>> Matthieu >>>>> >>>>> [1] >>>>>>> >>>>>>> Here we set the text read only before we call the notifiers. Th= e >>>>>>> function tracer changes the calls to mcount into nops via a not= ifier >>>>>>> call so this must be done after the module notifiers. >>>> >>>> What's the status of this bug? >>>> >>>> If we still need the patch then please submit it standalone with a >>>> proper subject >>>> line, with acks/signoffs added, etc. >>> >>> Steve Rostedt's patch that moves the setting of the page permission= s >>> seems to >>> make this patch no longer necessary. =C2=A0I tripped over this same= issue, but >>> the >>> version in the latest -mmotm does not need it, as it includes Steve= 's >>> fix. >>> >> >> I'm facing a boot failure (panic'ed on remove_jump_label_module_init= ) >> on 2.6.37 (latest commit 3c0cb7c), which is 100% reproducible. >> With this patch applied, I can boot my machine successfully, so I do >> think this patch is needed. >> > Could you confirm that this patch fix the problem ? > Yes, I already applied this patch, and my system works fine now. > > Matthieu > -- To unsubscribe from this list: send the line "unsubscribe linux-securit= y-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html