Re: [PATCH bpf-next] bpf: Make trampolines W^X

LKML Archive on lore.kernel.org
help / color / mirror / Atom feed

From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Justin Capella <justincapella@gmail.com>,
	KP Singh <kpsingh@chromium.org>,
	Rick Edgecombe <rick.p.edgecombe@intel.com>,
	linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
	x86@kernel.org, linux-security-module@vger.kernel.org,
	Kees Cook <keescook@chromium.org>,
	"David S. Miller" <davem@davemloft.net>,
	Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
	Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
	Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
	Yonghong Song <yhs@fb.com>, Andrii Nakryiko <andriin@fb.com>,
	Thomas Garnier <thgarnie@chromium.org>,
	Florent Revest <revest@chromium.org>,
	Brendan Jackman <jackmanb@chromium.org>,
	Jann Horn <jannh@google.com>, Matthew Garrett <mjg59@google.com>,
	Michael Halcrow <mhalcrow@google.com>
Subject: Re: [PATCH bpf-next] bpf: Make trampolines W^X
Date: Mon, 6 Jan 2020 14:13:18 -0800	[thread overview]
Message-ID: <20200106221317.wpwut2rgw23tdaoo@ast-mbp> (raw)
In-Reply-To: <768BAF04-BEBF-489A-8737-B645816B262A@amacapital.net>

On Sun, Jan 05, 2020 at 10:33:54AM +0900, Andy Lutomirski wrote:
> 
> >> On Jan 4, 2020, at 8:03 PM, Justin Capella <justincapella@gmail.com> wrote:
> > 
> > I'm rather ignorant about this topic but it would make sense to check prior to making executable from a security standpoint wouldn't it? (In support of the (set_memory_ro + set_memory_x)
> > 
> 
> Maybe, depends if it’s structured in a way that’s actually helpful from a security perspective.
> 
> It doesn’t help that set_memory_x and friends are not optimized at all. These functions are very, very, very slow and adversely affect all CPUs.

That was one of the reason it wasn't done in the first.
Also ftrace trampoline break w^x as well.
Not sure what is the plan for ftrace, but for bpf trampoline I'm going to switch
to text_poke (without _bp) once tip bits get merged during next merge window.
Then bpf trampoline will be allocated as ro+x and text_poke will be used instead of memcpy.

next      parent reply	other threads:[~2020-01-06 22:13 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAMrEMU8Vsn8rfULqf1gfuYL_-ybqzit29CLYReskaZ8XUroZww@mail.gmail.com>
     [not found] ` <768BAF04-BEBF-489A-8737-B645816B262A@amacapital.net>
2020-01-06 22:13   ` Alexei Starovoitov [this message]
2020-01-07  9:11     ` Peter Zijlstra
2020-01-07 18:55       ` Alexei Starovoitov
2020-01-03 23:47 KP Singh
2020-01-04  0:49 ` Andy Lutomirski
2020-01-05  1:19   ` Justin Capella
2020-01-06  8:23   ` Peter Zijlstra
2020-01-06 22:25   ` Edgecombe, Rick P
2020-01-07  1:36     ` Andy Lutomirski
2020-01-07 19:01       ` Edgecombe, Rick P
2020-01-08  8:41         ` Andy Lutomirski
2020-01-08 20:52           ` Edgecombe, Rick P
2020-01-09  6:48             ` Andy Lutomirski
2020-01-10  1:00               ` Edgecombe, Rick P
2020-01-10 18:35                 ` Andy Lutomirski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200106221317.wpwut2rgw23tdaoo@ast-mbp \
    --to=alexei.starovoitov@gmail.com \
    --cc=andriin@fb.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=jackmanb@chromium.org \
    --cc=jannh@google.com \
    --cc=justincapella@gmail.com \
    --cc=kafai@fb.com \
    --cc=keescook@chromium.org \
    --cc=kpsingh@chromium.org \
    --cc=kuznet@ms2.inr.ac.ru \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mhalcrow@google.com \
    --cc=mjg59@google.com \
    --cc=revest@chromium.org \
    --cc=rick.p.edgecombe@intel.com \
    --cc=songliubraving@fb.com \
    --cc=thgarnie@chromium.org \
    --cc=x86@kernel.org \
    --cc=yhs@fb.com \
    --cc=yoshfuji@linux-ipv6.org \
    --subject='Re: [PATCH bpf-next] bpf: Make trampolines W^X' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).