From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6CCB4C433EF for ; Tue, 16 Nov 2021 15:31:38 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id E2B9861507 for ; Tue, 16 Nov 2021 15:31:37 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org E2B9861507 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=csgroup.eu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id EB3136B007B; Tue, 16 Nov 2021 10:31:36 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id E62F36B007D; Tue, 16 Nov 2021 10:31:36 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D2ACB6B007E; Tue, 16 Nov 2021 10:31:36 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0186.hostedemail.com [216.40.44.186]) by kanga.kvack.org (Postfix) with ESMTP id C0C446B007B for ; Tue, 16 Nov 2021 10:31:36 -0500 (EST) Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 380998249980 for ; Tue, 16 Nov 2021 15:31:33 +0000 (UTC) X-FDA: 78815182866.27.FA654C9 Received: from pegase2.c-s.fr (pegase2.c-s.fr [93.17.235.10]) by imf05.hostedemail.com (Postfix) with ESMTP id 9159550AE0BF for ; Tue, 16 Nov 2021 15:19:56 +0000 (UTC) Received: from localhost (mailhub3.si.c-s.fr [172.26.127.67]) by localhost (Postfix) with ESMTP id 4HtqDn6zyFz9sSD; Tue, 16 Nov 2021 16:07:53 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from pegase2.c-s.fr ([172.26.127.65]) by localhost (pegase2.c-s.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PgI9HqTlkXHf; Tue, 16 Nov 2021 16:07:53 +0100 (CET) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase2.c-s.fr (Postfix) with ESMTP id 4HtqDl0Nrmz9sS6; Tue, 16 Nov 2021 16:07:51 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id EBD668B77A; Tue, 16 Nov 2021 16:07:50 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id 81iAcOPwdzPt; Tue, 16 Nov 2021 16:07:50 +0100 (CET) Received: from [192.168.234.8] (unknown [192.168.234.8]) by messagerie.si.c-s.fr (Postfix) with ESMTP id DA0A08B763; Tue, 16 Nov 2021 16:07:49 +0100 (CET) Message-ID: <8ba77500-cb40-0662-f571-6a6f391374b9@csgroup.eu> Date: Tue, 16 Nov 2021 16:07:47 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: [PATCH v2 12/13] lkdtm: Fix execute_[user]_location() Content-Language: fr-FR From: Christophe Leroy To: Kees Cook Cc: Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman , Andrew Morton , "James E.J. Bottomley" , Helge Deller , Arnd Bergmann , Greg Kroah-Hartman , linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-ia64@vger.kernel.org, linux-parisc@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org References: <202110151428.187B1CF@keescook> <9b4c39d4-1322-89af-585c-679a574576a2@csgroup.eu> In-Reply-To: <9b4c39d4-1322-89af-585c-679a574576a2@csgroup.eu> Content-Type: text/plain; charset=UTF-8; format=flowed X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 9159550AE0BF X-Stat-Signature: bubrhd8k1hegwmi3mfojhiih9paqyc8n Authentication-Results: imf05.hostedemail.com; dkim=none; spf=pass (imf05.hostedemail.com: domain of christophe.leroy@csgroup.eu designates 93.17.235.10 as permitted sender) smtp.mailfrom=christophe.leroy@csgroup.eu; dmarc=none X-HE-Tag: 1637075996-876295 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi Kees, Le 16/10/2021 =C3=A0 08:42, Christophe Leroy a =C3=A9crit=C2=A0: >=20 >=20 > Le 15/10/2021 =C3=A0 23:31, Kees Cook a =C3=A9crit=C2=A0: >> On Thu, Oct 14, 2021 at 07:50:01AM +0200, Christophe Leroy wrote: >>> execute_location() and execute_user_location() intent >>> to copy do_nothing() text and execute it at a new location. >>> However, at the time being it doesn't copy do_nothing() function >>> but do_nothing() function descriptor which still points to the >>> original text. So at the end it still executes do_nothing() at >>> its original location allthough using a copied function descriptor. >>> >>> So, fix that by really copying do_nothing() text and build a new >>> function descriptor by copying do_nothing() function descriptor and >>> updating the target address with the new location. >>> >>> Also fix the displayed addresses by dereferencing do_nothing() >>> function descriptor. >>> >>> Signed-off-by: Christophe Leroy >>> --- >>> =C2=A0 drivers/misc/lkdtm/perms.c=C2=A0=C2=A0=C2=A0=C2=A0 | 25 ++++++= +++++++++++++++---- >>> =C2=A0 include/asm-generic/sections.h |=C2=A0 5 +++++ >>> =C2=A0 2 files changed, 26 insertions(+), 4 deletions(-) >>> >>> diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c >>> index 5266dc28df6e..96b3ebfcb8ed 100644 >>> --- a/drivers/misc/lkdtm/perms.c >>> +++ b/drivers/misc/lkdtm/perms.c >>> @@ -44,19 +44,32 @@ static noinline void do_overwritten(void) >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return; >>> =C2=A0 } >>> +static void *setup_function_descriptor(func_desc_t *fdesc, void *dst= ) >>> +{ >>> +=C2=A0=C2=A0=C2=A0 memcpy(fdesc, do_nothing, sizeof(*fdesc)); >>> +=C2=A0=C2=A0=C2=A0 fdesc->addr =3D (unsigned long)dst; >>> +=C2=A0=C2=A0=C2=A0 barrier(); >>> + >>> +=C2=A0=C2=A0=C2=A0 return fdesc; >>> +} >> >> How about collapsing the "have_function_descriptors()" check into >> setup_function_descriptor()? >> >> static void *setup_function_descriptor(func_desc_t *fdesc, void *dst) >> { >> =C2=A0=C2=A0=C2=A0=C2=A0if (__is_defined(HAVE_FUNCTION_DESCRIPTORS)) { >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 memcpy(fdesc, do_nothing, s= izeof(*fdesc)); >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 fdesc->addr =3D (unsigned l= ong)dst; >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 barrier(); >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return fdesc; >> =C2=A0=C2=A0=C2=A0=C2=A0} else { >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return dst; >> =C2=A0=C2=A0=C2=A0=C2=A0} >> } >=20 > Ok >=20 ... >> >>> diff --git a/include/asm-generic/sections.h=20 >>> b/include/asm-generic/sections.h >>> index 76163883c6ff..d225318538bd 100644 >>> --- a/include/asm-generic/sections.h >>> +++ b/include/asm-generic/sections.h >>> @@ -70,6 +70,11 @@ typedef struct { >>> =C2=A0 } func_desc_t; >>> =C2=A0 #endif >>> +static inline bool have_function_descriptors(void) >>> +{ >>> +=C2=A0=C2=A0=C2=A0 return __is_defined(HAVE_FUNCTION_DESCRIPTORS); >>> +} >>> + >>> =C2=A0 /* random extra sections (if any).=C2=A0 Override >>> =C2=A0=C2=A0 * in asm/sections.h */ >>> =C2=A0 #ifndef arch_is_kernel_text >> >> This hunk seems like it should live in a separate patch. >> >=20 > Ok I move it in a previous patch. Do you have any additional feedback or comment on series v3 ? What's the way forward, should it go via LKDTM tree or via powerpc tree=20 or another tree ? I see there are neither Ack-by nor Reviewed-by for the=20 last 2 patches. Thanks Christophe