From patchwork Sun Feb 12 23:31:39 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eddie Kovsky <ewk@edkovsky.org>
X-Patchwork-Id: 9568649
Return-Path: 
 <kernel-hardening-return-6569-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	420AA60572 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Sun, 12 Feb 2017 23:32:27 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 353E027BE5
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Sun, 12 Feb 2017 23:32:27 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 28AB427EED; Sun, 12 Feb 2017 23:32:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 5B7BF27BE5
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Sun, 12 Feb 2017 23:32:25 +0000 (UTC)
Received: (qmail 28128 invoked by uid 550); 12 Feb 2017 23:32:24 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 28108 invoked from network); 12 Feb 2017 23:32:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=edkovsky.org; s=mail;
	t=1486942332; bh=eVbnQuC1roKv8LBPxs5q4ql28btTaCplKOz7sr129K4=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=xTHvxqzqqImccfSEetKKDj9XqvZNNEd0RZdhNmi0qasnNq3WXYLQP2k1baLoP2pAk
	0svx3Iyr4RyLF9j0fpBZJ7IQy58MnYD0E0HSINPCf61WikXcWnPNWBCJgMDFIZfQjh
	eJvVjM/f70XxlVPrg8cDd91+fPFBGn4DgBl1HmAg=
From: Eddie Kovsky <ewk@edkovsky.org>
To: jeyu@redhat.com,
	rusty@rustcorp.com.au,
	keescook@chromium.org
Cc: kernel-hardening@lists.openwall.com,
	Eddie Kovsky <ewk@edkovsky.org>
Date: Sun, 12 Feb 2017 16:31:39 -0700
Message-Id: <20170212233140.10606-2-ewk@edkovsky.org>
X-Mailer: git-send-email 2.11.1
In-Reply-To: <20170212233140.10606-1-ewk@edkovsky.org>
References: <20170212233140.10606-1-ewk@edkovsky.org>
X-Virus-Scanned: clamav-milter 0.99.2 at olympus
X-Virus-Status: Clean
Subject: [kernel-hardening] [RFC] [PATCH 1/2] module: verify address is
	read-only
X-Virus-Scanned: ClamAV using ClamSMTP

Implement a mechanism to check if a module's address is in
the rodata or ro_after_init sections. It mimics the exsiting functions
that test if an address is inside a module's text section.

Signed-off-by: Eddie Kovsky <ewk@edkovsky.org>
---
 include/linux/module.h |  2 ++
 kernel/module.c        | 44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+)

--
2.11.1

diff --git a/include/linux/module.h b/include/linux/module.h
index 0297c5cd7cdf..2848416f7715 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -492,7 +492,9 @@ static inline int module_is_live(struct module *mod)

 struct module *__module_text_address(unsigned long addr);
 struct module *__module_address(unsigned long addr);
+struct module *__module_ro_address(unsigned long addr);
 bool is_module_address(unsigned long addr);
+bool is_module_ro_address(unsigned long addr);
 bool is_module_percpu_address(unsigned long addr);
 bool is_module_text_address(unsigned long addr);

diff --git a/kernel/module.c b/kernel/module.c
index 8168eb738f4d..e7eb329c585d 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4270,6 +4270,50 @@ struct module *__module_text_address(unsigned long addr)
 }
 EXPORT_SYMBOL_GPL(__module_text_address);

+/**
+ * is_module_text_ro_address - is this address inside read-only module code?
+ * @addr: the address to check.
+ *
+ */
+bool is_module_ro_address(unsigned long addr)
+{
+	bool ret;
+
+	preempt_disable();
+	ret = __module_ro_address(addr) != NULL;
+	preempt_enable();
+
+	return ret;
+}
+
+/*
+ * __module_ro_address - get the module whose code contains a read-only address.
+ * @addr: the address.
+ *
+ * Must be called with preempt disabled or module mutex held so that
+ * module doesn't get freed during this.
+ */
+struct module *__module_ro_address(unsigned long addr)
+{
+	struct module *mod = __module_address(addr);
+
+	if (mod) {
+		/* Make sure it's within the read-only section. */
+		if (!within(addr, mod->init_layout.base,
+			    mod->init_layout.ro_size)
+		    && !within(addr, mod->core_layout.base,
+			       mod->core_layout.ro_size))
+			mod = NULL;
+		if (!within(addr, mod->init_layout.base,
+			    mod->init_layout.ro_after_init_size)
+		    && !within(addr, mod->core_layout.base,
+			       mod->core_layout.ro_after_init_size))
+			mod = NULL;
+	}
+	return mod;
+}
+EXPORT_SYMBOL_GPL(__module_ro_address);
+
 /* Don't grab lock, we're oopsing. */
 void print_modules(void)
 {