LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH 0/3] CONFIG_DEBUG_SET_MODULE_RONX fixups
@ 2015-02-25 22:14 Laura Abbott
  2015-02-25 22:14 ` [PATCH 1/3] arm64: Don't use is_module_addr in setting page attributes Laura Abbott
                   ` (3 more replies)
  0 siblings, 4 replies; 8+ messages in thread
From: Laura Abbott @ 2015-02-25 22:14 UTC (permalink / raw)
  To: Will Deacon, Catalin Marinas, Kees Cook, Rusty Russell, Russell King
  Cc: Laura Abbott, linux-arm-kernel, linux-kernel

Hi,

CONFIG_DEBUG_SET_MODULE_RONX is currently non-functional on arm and arm64
because of changes in behavior of is_module_addr. This series fixes
both arm and arm64 to work correctly and corrects a minor bug
related to section alignment in modules.

Laura Abbott (3):
  arm64: Don't use is_module_addr in setting page attributes
  arm: Don't use is_module_addr in setting page attributes
  kernel/module.c: Update debug alignment after symtable generation

 arch/arm/mm/pageattr.c   | 5 ++++-
 arch/arm64/mm/pageattr.c | 5 ++++-
 kernel/module.c          | 2 ++
 3 files changed, 10 insertions(+), 2 deletions(-)

-- 
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 1/3] arm64: Don't use is_module_addr in setting page attributes
  2015-02-25 22:14 [PATCH 0/3] CONFIG_DEBUG_SET_MODULE_RONX fixups Laura Abbott
@ 2015-02-25 22:14 ` Laura Abbott
  2015-03-04 16:47   ` Catalin Marinas
  2015-02-25 22:14 ` [PATCH 2/3] arm: " Laura Abbott
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 8+ messages in thread
From: Laura Abbott @ 2015-02-25 22:14 UTC (permalink / raw)
  To: Will Deacon, Catalin Marinas, Kees Cook
  Cc: Laura Abbott, Rusty Russell, Russell King, linux-arm-kernel,
	linux-kernel


The set_memory_* functions currently only support module
addresses. The addresses are validated using is_module_addr.
That function is special though and relies on internal state
in the module subsystem to work properly. At the time of
module initialization and calling set_memory_*, it's too early
for is_module_addr to work properly so it always returns
false. Rather than be subject to the whims of the module state,
just bounds check against the module virtual address range.

Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
---
 arch/arm64/mm/pageattr.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
index bb0ea94..1d3ec3d 100644
--- a/arch/arm64/mm/pageattr.c
+++ b/arch/arm64/mm/pageattr.c
@@ -51,7 +51,10 @@ static int change_memory_common(unsigned long addr, int numpages,
 		WARN_ON_ONCE(1);
 	}
 
-	if (!is_module_address(start) || !is_module_address(end - 1))
+	if (start < MODULES_VADDR || start >= MODULES_END)
+		return -EINVAL;
+
+	if (end < MODULES_VADDR || end >= MODULES_END)
 		return -EINVAL;
 
 	data.set_mask = set_mask;
-- 
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 2/3] arm: Don't use is_module_addr in setting page attributes
  2015-02-25 22:14 [PATCH 0/3] CONFIG_DEBUG_SET_MODULE_RONX fixups Laura Abbott
  2015-02-25 22:14 ` [PATCH 1/3] arm64: Don't use is_module_addr in setting page attributes Laura Abbott
@ 2015-02-25 22:14 ` Laura Abbott
  2015-02-25 22:14 ` [PATCH 3/3] kernel/module.c: Update debug alignment after symtable generation Laura Abbott
  2015-02-25 22:17 ` [PATCH 0/3] CONFIG_DEBUG_SET_MODULE_RONX fixups Kees Cook
  3 siblings, 0 replies; 8+ messages in thread
From: Laura Abbott @ 2015-02-25 22:14 UTC (permalink / raw)
  To: Will Deacon, Catalin Marinas, Kees Cook, Russell King
  Cc: Laura Abbott, Rusty Russell, linux-arm-kernel, linux-kernel


The set_memory_* functions currently only support module
addresses. The addresses are validated using is_module_addr.
That function is special though and relies on internal state
in the module subsystem to work properly. At the time of
module initialization and calling set_memory_*, it's too early
for is_module_addr to work properly so it always returns
false. Rather than be subject to the whims of the module state,
just bounds check against the module virtual address range.

Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
---
 arch/arm/mm/pageattr.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/arm/mm/pageattr.c b/arch/arm/mm/pageattr.c
index 004e35c..cf30daf 100644
--- a/arch/arm/mm/pageattr.c
+++ b/arch/arm/mm/pageattr.c
@@ -49,7 +49,10 @@ static int change_memory_common(unsigned long addr, int numpages,
 		WARN_ON_ONCE(1);
 	}
 
-	if (!is_module_address(start) || !is_module_address(end - 1))
+	if (start < MODULES_VADDR || start >= MODULES_END)
+		return -EINVAL;
+
+	if (end < MODULES_VADDR || start >= MODULES_END)
 		return -EINVAL;
 
 	data.set_mask = set_mask;
-- 
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 3/3] kernel/module.c: Update debug alignment after symtable generation
  2015-02-25 22:14 [PATCH 0/3] CONFIG_DEBUG_SET_MODULE_RONX fixups Laura Abbott
  2015-02-25 22:14 ` [PATCH 1/3] arm64: Don't use is_module_addr in setting page attributes Laura Abbott
  2015-02-25 22:14 ` [PATCH 2/3] arm: " Laura Abbott
@ 2015-02-25 22:14 ` Laura Abbott
  2015-02-26  1:33   ` Rusty Russell
  2015-02-25 22:17 ` [PATCH 0/3] CONFIG_DEBUG_SET_MODULE_RONX fixups Kees Cook
  3 siblings, 1 reply; 8+ messages in thread
From: Laura Abbott @ 2015-02-25 22:14 UTC (permalink / raw)
  To: Rusty Russell
  Cc: Laura Abbott, Will Deacon, Catalin Marinas, Kees Cook,
	Russell King, linux-arm-kernel, linux-kernel


When CONFIG_DEBUG_SET_MODULE_RONX is enabled, the sizes of
module sections are aligned up so appropriate permissions can
be applied. Adjusting for the symbol table may cause them to
become unaligned. Make sure to re-align the sizes afterward.

Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
---
 kernel/module.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/module.c b/kernel/module.c
index b34813f..cc93cf6 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2313,11 +2313,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
 	info->symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1);
 	info->stroffs = mod->core_size = info->symoffs + ndst * sizeof(Elf_Sym);
 	mod->core_size += strtab_size;
+	mod->core_size = debug_align(mod->core_size);
 
 	/* Put string table section at end of init part of module. */
 	strsect->sh_flags |= SHF_ALLOC;
 	strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect,
 					 info->index.str) | INIT_OFFSET_MASK;
+	mod->init_size = debug_align(mod->init_size);
 	pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
 }
 
-- 
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 0/3] CONFIG_DEBUG_SET_MODULE_RONX fixups
  2015-02-25 22:14 [PATCH 0/3] CONFIG_DEBUG_SET_MODULE_RONX fixups Laura Abbott
                   ` (2 preceding siblings ...)
  2015-02-25 22:14 ` [PATCH 3/3] kernel/module.c: Update debug alignment after symtable generation Laura Abbott
@ 2015-02-25 22:17 ` Kees Cook
  2015-03-24 12:04   ` Paolo Pisati
  3 siblings, 1 reply; 8+ messages in thread
From: Kees Cook @ 2015-02-25 22:17 UTC (permalink / raw)
  To: Laura Abbott
  Cc: Will Deacon, Catalin Marinas, Rusty Russell, Russell King,
	linux-arm-kernel, LKML

On Wed, Feb 25, 2015 at 2:14 PM, Laura Abbott <lauraa@codeaurora.org> wrote:
> Hi,
>
> CONFIG_DEBUG_SET_MODULE_RONX is currently non-functional on arm and arm64
> because of changes in behavior of is_module_addr. This series fixes
> both arm and arm64 to work correctly and corrects a minor bug
> related to section alignment in modules.
>
> Laura Abbott (3):
>   arm64: Don't use is_module_addr in setting page attributes
>   arm: Don't use is_module_addr in setting page attributes
>   kernel/module.c: Update debug alignment after symtable generation
>
>  arch/arm/mm/pageattr.c   | 5 ++++-
>  arch/arm64/mm/pageattr.c | 5 ++++-
>  kernel/module.c          | 2 ++
>  3 files changed, 10 insertions(+), 2 deletions(-)

Thanks for fixing this!

Out of curiosity, which change broke DEBUG_SET_MODULE_RONX ? (i.e.
does this need a CC: stable, and if so, through which release?)

Regardless, consider them:

Reviewed-by: Kees Cook <keescook@chromium.org>

Thanks!

-Kees

-- 
Kees Cook
Chrome OS Security

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 3/3] kernel/module.c: Update debug alignment after symtable generation
  2015-02-25 22:14 ` [PATCH 3/3] kernel/module.c: Update debug alignment after symtable generation Laura Abbott
@ 2015-02-26  1:33   ` Rusty Russell
  0 siblings, 0 replies; 8+ messages in thread
From: Rusty Russell @ 2015-02-26  1:33 UTC (permalink / raw)
  To: Laura Abbott
  Cc: Laura Abbott, Will Deacon, Catalin Marinas, Kees Cook,
	Russell King, linux-arm-kernel, linux-kernel

Laura Abbott <lauraa@codeaurora.org> writes:
> When CONFIG_DEBUG_SET_MODULE_RONX is enabled, the sizes of
> module sections are aligned up so appropriate permissions can
> be applied. Adjusting for the symbol table may cause them to
> become unaligned. Make sure to re-align the sizes afterward.
>
> Signed-off-by: Laura Abbott <lauraa@codeaurora.org>

Acked-by: Rusty Russell <rusty@rustcorp.com.au>

This won't clash with anything I'm planning, so happy for this to go in
through the arm trees.  CC:stable should be fine if you want too.

Thanks,
Rusty.

> ---
>  kernel/module.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index b34813f..cc93cf6 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -2313,11 +2313,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
>  	info->symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1);
>  	info->stroffs = mod->core_size = info->symoffs + ndst * sizeof(Elf_Sym);
>  	mod->core_size += strtab_size;
> +	mod->core_size = debug_align(mod->core_size);
>  
>  	/* Put string table section at end of init part of module. */
>  	strsect->sh_flags |= SHF_ALLOC;
>  	strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect,
>  					 info->index.str) | INIT_OFFSET_MASK;
> +	mod->init_size = debug_align(mod->init_size);
>  	pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
>  }
>  
> -- 
> Qualcomm Innovation Center, Inc.
> Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/3] arm64: Don't use is_module_addr in setting page attributes
  2015-02-25 22:14 ` [PATCH 1/3] arm64: Don't use is_module_addr in setting page attributes Laura Abbott
@ 2015-03-04 16:47   ` Catalin Marinas
  0 siblings, 0 replies; 8+ messages in thread
From: Catalin Marinas @ 2015-03-04 16:47 UTC (permalink / raw)
  To: Laura Abbott
  Cc: Will Deacon, Kees Cook, Russell King, Rusty Russell,
	linux-kernel, linux-arm-kernel

On Wed, Feb 25, 2015 at 02:14:55PM -0800, Laura Abbott wrote:
> 
> The set_memory_* functions currently only support module
> addresses. The addresses are validated using is_module_addr.
> That function is special though and relies on internal state
> in the module subsystem to work properly. At the time of
> module initialization and calling set_memory_*, it's too early
> for is_module_addr to work properly so it always returns
> false. Rather than be subject to the whims of the module state,
> just bounds check against the module virtual address range.
> 
> Signed-off-by: Laura Abbott <lauraa@codeaurora.org>

Not sure which tree this would be merged through, so:

Acked-by: Catalin Marinas <catalin.marinas@arm.com>

I can pick up the arm64 patch and the module.c one with Rusty's ack (as
for the arm one, I think it could go in via rmk's patch system).

-- 
Catalin

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 0/3] CONFIG_DEBUG_SET_MODULE_RONX fixups
  2015-02-25 22:17 ` [PATCH 0/3] CONFIG_DEBUG_SET_MODULE_RONX fixups Kees Cook
@ 2015-03-24 12:04   ` Paolo Pisati
  0 siblings, 0 replies; 8+ messages in thread
From: Paolo Pisati @ 2015-03-24 12:04 UTC (permalink / raw)
  To: Laura Abbott
  Cc: Kees Cook, Will Deacon, Catalin Marinas, Rusty Russell,
	Russell King, linux-arm-kernel, LKML

On Wed, Feb 25, 2015 at 02:17:55PM -0800, Kees Cook wrote:
> On Wed, Feb 25, 2015 at 2:14 PM, Laura Abbott <lauraa@codeaurora.org> wrote:
> > Hi,
> >
> > CONFIG_DEBUG_SET_MODULE_RONX is currently non-functional on arm and arm64
> > because of changes in behavior of is_module_addr. This series fixes
> > both arm and arm64 to work correctly and corrects a minor bug
> > related to section alignment in modules.
> >
> > Laura Abbott (3):
> >   arm64: Don't use is_module_addr in setting page attributes
> >   arm: Don't use is_module_addr in setting page attributes
> >   kernel/module.c: Update debug alignment after symtable generation
> >
> >  arch/arm/mm/pageattr.c   | 5 ++++-
> >  arch/arm64/mm/pageattr.c | 5 ++++-
> >  kernel/module.c          | 2 ++
> >  3 files changed, 10 insertions(+), 2 deletions(-)
> 
> Thanks for fixing this!
> 
> Out of curiosity, which change broke DEBUG_SET_MODULE_RONX ? (i.e.
> does this need a CC: stable, and if so, through which release?)

we need it for 3.19.x too:

without your patches:

root@beaglebone:~# cat /sys/module/bridge/sections/.text
0xbf199000
root@beaglebone:~# cat /sys/module/bridge/sections/.data
0xbf1ae000
root@beaglebone:~# grep -e 0xbf199000 -e 0xbf1ae000 /sys/kernel/debug/kernel_page_tables
0xbf199000-0xbf1b6000         116K     RW x      MEM/CACHED/WBRA

with you patches:

root@beaglebone:~# cat /sys/module/bridge/sections/.text                                                                                   
0xbf191000
root@beaglebone:~# cat /sys/module/bridge/sections/.data
0xbf1a6000
root@beaglebone:~# grep -e 0xbf191000 -e 0xbf1a6000 /sys/kernel/debug/kernel_page_tables                                                   
0xbf191000-0xbf1a2000          68K     ro x      MEM/CACHED/WBRA
0xbf1a2000-0xbf1a6000          16K     ro NX     MEM/CACHED/WBRA
0xbf1a6000-0xbf1ae000          32K     RW NX     MEM/CACHED/WBRA
root@beaglebone:~# uname -a
Linux beaglebone 3.19.0-9-generic #9~RONXFIX SMP Tue Mar 24 10:34:39 UTC 2015
armv7l armv7l armv7l GNU/Linux
root@beaglebone:~#

can you cc: stable@ ?
-- 
bye,
p.

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2015-03-24 12:04 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-25 22:14 [PATCH 0/3] CONFIG_DEBUG_SET_MODULE_RONX fixups Laura Abbott
2015-02-25 22:14 ` [PATCH 1/3] arm64: Don't use is_module_addr in setting page attributes Laura Abbott
2015-03-04 16:47   ` Catalin Marinas
2015-02-25 22:14 ` [PATCH 2/3] arm: " Laura Abbott
2015-02-25 22:14 ` [PATCH 3/3] kernel/module.c: Update debug alignment after symtable generation Laura Abbott
2015-02-26  1:33   ` Rusty Russell
2015-02-25 22:17 ` [PATCH 0/3] CONFIG_DEBUG_SET_MODULE_RONX fixups Kees Cook
2015-03-24 12:04   ` Paolo Pisati

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).