From patchwork Mon Jul 2 18:11:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 10502243 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4D3AF60284 for ; Mon, 2 Jul 2018 18:13:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3D8F82846F for ; Mon, 2 Jul 2018 18:13:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3082C28816; Mon, 2 Jul 2018 18:13:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C29602846F for ; Mon, 2 Jul 2018 18:13:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=XY0lhA72hRAPQy2IF+MvYEqfu1AlMmNk2pl9R9xk/PM=; b=Le/IphTfFMjX2W+8VDhH5ap8e5 cRl/2AgGhWO1bFAEUe9ykUgPD58dK4lshKbdDnkGENQrJY7+zTNHc2zSFBSMWF9Lu/WgvLyyf8pqm qnzE0p0qAYbFqLFdsGfTWvHCAmdshquAy/jBUPcBGoc9I6ozOwbYcqiS67TkvNNRz/aNDXxkzYvYE TlTtDFLoLLAT8MlqUddW9WLNdqaBIkHf/1OJMPXTLHUAf14DOM1IJytfcwy2tuQdqs9EiBh3x0MCj 5cYh5gZjoLNLQpNGrGeve/UTJALjnBrZFb0dMKAH6nIrzIn29g8WWhzNwGgQYKsOIzrh6wRMWMspx ivDpSU5w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fa3KF-0000N3-VX; Mon, 02 Jul 2018 18:13:23 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fa3JJ-00086l-VL for linux-arm-kernel@bombadil.infradead.org; Mon, 02 Jul 2018 18:12:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=7N9XKGd0sxRVNc0we3lJWgc+AZzZcg0kB6rVsSIgvFo=; b=mkbOam7Vfw9xgylZleiC6LUIs jeVAJTOxZrtN5twRRxvTD1Fde2Ci1qwFetpMC75WH33wymFWophRSAdAhcmqOHQYQku4sZ61yHRiU 19tPJgFsFomniC31/zD3F6fkwCYyuO9VIh6IVHAXwOVo/r+cmMcIbuyd7wh89s8zKyXpOSTFlFNaj sxuUleQIQGETV2EqlwgtkZxpIfP565kk8P22oyCfGej44UHddr9wvkMTOjAMiq/VY7ngBf6tg7C4a ThW/4yDjtnn6sN3pEZGgdJvbdxWEp+QoR/WluId1/MdoSLqVAoXAlMob9cBcR7sJRbS5QOiZ/N8qU Posxz2CdQ==; Received: from mail-wm0-x242.google.com ([2a00:1450:400c:c09::242]) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fa3JH-0002To-3p for linux-arm-kernel@lists.infradead.org; Mon, 02 Jul 2018 18:12:24 +0000 Received: by mail-wm0-x242.google.com with SMTP id l15-v6so8434971wmc.1 for ; Mon, 02 Jul 2018 11:12:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=7N9XKGd0sxRVNc0we3lJWgc+AZzZcg0kB6rVsSIgvFo=; b=YU/k/INDi7ij+ctOedglsRe1RQX9OZkobjcjBTQZxe0TrWVakVSSHk/gzOjSe48e8y VBuXRqlAK8daj7ebbxM1MvemtyICuuPWJNG4ZL6wx6Tc13wGbhRJOAY/cmCBEVVBm7Si L4a5xr2wOAY9UkUzCayl09/NATos5WTWpEJ5w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=7N9XKGd0sxRVNc0we3lJWgc+AZzZcg0kB6rVsSIgvFo=; b=NUPDwlDbnNyesQPcuhzt5AHA2UdcP6TyOw6QMzMLiJZp3fsAaw3IyZT25aoFTTUbfY SSDfSOyF8qCZPpNAddXuggeb1MHXPVAIVetO79i//JL827j28/1ZoL8b0uJd2KiWmYWJ MEtFDzJkBIbPW2oTQ8V7ppWe7NYBlUsARDp7w2Vh8fKSC7K1jgsNa3g2tlUWbZC6kJzT yLHhIjNVsnADTVkBIw1zVXZ/RPYrf5uNXVcCQ2/cf93MwQYPSlEzxqze3vLwVUVR73vp 2etSfp+GmWtI0o8SkjhibzvK6pWFzDuuJ3w20Egt47B5VQo1RODCiAkjPPJgFIzTOFni 9x1w== X-Gm-Message-State: APt69E0etw66s1+ApWlkm+u84BQvoOod0/Vz/r8+o1zn9gXdkGThih78 hQKOmVw6PUErfoqjzQn8/VVWxiJSe1c= X-Google-Smtp-Source: AAOMgpdmhcIBEG4WwrqsCE7ynxd8/r0InpnAAFIlwmj3ZJ0PjKjxT94JUFdvFrypu/IE6luygYmgRg== X-Received: by 2002:a1c:b6d6:: with SMTP id g205-v6mr9662447wmf.17.1530555130943; Mon, 02 Jul 2018 11:12:10 -0700 (PDT) Received: from localhost.localdomain (151.21.90.92.rev.sfr.net. [92.90.21.151]) by smtp.gmail.com with ESMTPSA id 189-v6sm10582822wmd.17.2018.07.02.11.12.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Jul 2018 11:12:10 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, linux-arch@vger.kernel.org Subject: [PATCH v2 8/8] jump_table: move entries into ro_after_init region Date: Mon, 2 Jul 2018 20:11:45 +0200 Message-Id: <20180702181145.4799-9-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180702181145.4799-1-ard.biesheuvel@linaro.org> References: <20180702181145.4799-1-ard.biesheuvel@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180702_141223_198821_17B9CA9E X-CRM114-Status: GOOD ( 19.39 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kees Cook , Arnd Bergmann , Ard Biesheuvel , Peter Zijlstra , Heiko Carstens , Jessica Yu , Will Deacon , Steven Rostedt , Ingo Molnar , Catalin Marinas , Martin Schwidefsky , Thomas Gleixner MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP The __jump_table sections emitted into the core kernel and into each module consist of statically initialized references into other parts of the code, and with the exception of entries that point into init code, which are defused at post-init time, these data structures are never modified. So let's move them into the ro_after_init section, to prevent them from being corrupted inadvertently by buggy code, or deliberately by an attacker. Signed-off-by: Ard Biesheuvel Reviewed-by: Kees Cook Acked-by: Jessica Yu --- arch/arm/kernel/vmlinux-xip.lds.S | 1 + arch/s390/kernel/vmlinux.lds.S | 1 + include/asm-generic/vmlinux.lds.h | 11 +++++++---- kernel/module.c | 9 +++++++++ 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index 3593d5c1acd2..763c41068ecc 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -118,6 +118,7 @@ SECTIONS RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) .data.ro_after_init : AT(ADDR(.data.ro_after_init) - LOAD_OFFSET) { *(.data..ro_after_init) + JUMP_TABLE_DATA } _edata = .; diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S index f0414f52817b..a7cf61e46f88 100644 --- a/arch/s390/kernel/vmlinux.lds.S +++ b/arch/s390/kernel/vmlinux.lds.S @@ -67,6 +67,7 @@ SECTIONS __start_ro_after_init = .; .data..ro_after_init : { *(.data..ro_after_init) + JUMP_TABLE_DATA } EXCEPTION_TABLE(16) . = ALIGN(PAGE_SIZE); diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index e373e2e10f6a..ed6befa4c47b 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -256,10 +256,6 @@ STRUCT_ALIGN(); \ *(__tracepoints) \ /* implement dynamic printk debug */ \ - . = ALIGN(8); \ - __start___jump_table = .; \ - KEEP(*(__jump_table)) \ - __stop___jump_table = .; \ . = ALIGN(8); \ __start___verbose = .; \ KEEP(*(__verbose)) \ @@ -303,6 +299,12 @@ . = __start_init_task + THREAD_SIZE; \ __end_init_task = .; +#define JUMP_TABLE_DATA \ + . = ALIGN(8); \ + __start___jump_table = .; \ + KEEP(*(__jump_table)) \ + __stop___jump_table = .; + /* * Allow architectures to handle ro_after_init data on their * own by defining an empty RO_AFTER_INIT_DATA. @@ -311,6 +313,7 @@ #define RO_AFTER_INIT_DATA \ __start_ro_after_init = .; \ *(.data..ro_after_init) \ + JUMP_TABLE_DATA \ __end_ro_after_init = .; #endif diff --git a/kernel/module.c b/kernel/module.c index 7cb82e0fcac0..0d4e320e41cd 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -3349,6 +3349,15 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) * Note: ro_after_init sections also have SHF_{WRITE,ALLOC} set. */ ndx = find_sec(info, ".data..ro_after_init"); + if (ndx) + info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; + /* + * Mark the __jump_table section as ro_after_init as well: these data + * structures are never modified, with the exception of entries that + * refer to code in the __init section, which are annotated as such + * at module load time. + */ + ndx = find_sec(info, "__jump_table"); if (ndx) info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT;