From patchwork Thu Jan 17 00:32:50 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
X-Patchwork-Id: 10767319
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E28426C2
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 17 Jan 2019 00:35:08 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 523B62E297
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 17 Jan 2019 00:35:07 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 424A32DDDC; Thu, 17 Jan 2019 00:35:07 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C80E72DDDC
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 17 Jan 2019 00:35:06 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id B42018E0003; Wed, 16 Jan 2019 19:35:05 -0500 (EST)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id B18808E0002; Wed, 16 Jan 2019 19:35:05 -0500 (EST)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id A30F38E0003; Wed, 16 Jan 2019 19:35:05 -0500 (EST)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-pg1-f198.google.com (mail-pg1-f198.google.com
 [209.85.215.198])
	by kanga.kvack.org (Postfix) with ESMTP id 649098E0002
	for <linux-mm@kvack.org>; Wed, 16 Jan 2019 19:35:05 -0500 (EST)
Received: by mail-pg1-f198.google.com with SMTP id r16so5013956pgr.15
        for <linux-mm@kvack.org>; Wed, 16 Jan 2019 16:35:05 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=/2dO2C+UYfBQiXTmhGySAi6PBFtX+ameLwxuka7ZeCk=;
        b=lgBjG0aFI6opQekB8jrM15xzJFm2yTkMc9MQM8Ykc2ncJQKdVP23OMmxIxYoAZaz/i
         nSRQm3O5tyhKT9nLfhN3TY9NFdtJzJ59wmw1acgffvpjvKLKIVdkLX2buZCYZvU06icJ
         rFhFH6VfOb04Nt9Zoy1Fe8gkY7T2IGa0E1MCuMof92YjZpHK/JiBtUIpDBZnawsFpb5K
         I+uykLBX+Ug4AqIqR0YXt3vafcmCpHTwr1iXiuMqVMVplzWH2wMpchEAi+NnQD4f+pxZ
         NeHUdqJMM63j7rC4AYd7X1zE5bx4B9EIoVNdhdJX4WHSyIo4j5t9iwy5P4UI2duJw5ux
         ZTAg==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates
 192.55.52.120 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Gm-Message-State: AJcUukdOqXR4oy0UfI+s75ta8uHQh1InYUfsA9J8OEevixyQjldJ/N6I
	XkMJLpJQl6Nkv06cQEQtpZOylhukKaAWVRg+UtX5/B7ANmQ97TlYtdVrRGya2LQL775CY2mYBPa
	b1q6UFjewEG9OtklTwFNfc+0OuFRFVYeK1lHE0cuU/1cTzQyeaMnfrUhpe0H5C47dTQ==
X-Received: by 2002:a17:902:442:: with SMTP id
 60mr12227521ple.73.1547685305078;
        Wed, 16 Jan 2019 16:35:05 -0800 (PST)
X-Google-Smtp-Source: 
 ALg8bN6EZx2l/Jws836j7q4BB625fzzM3tH+dbw7dR1DPbmMrdp6NGme/zI/aom2uuZgoyxyemtq
X-Received: by 2002:a17:902:442:: with SMTP id
 60mr12221005ple.73.1547685219028;
        Wed, 16 Jan 2019 16:33:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547685219; cv=none;
        d=google.com; s=arc-20160816;
        b=zzmQOhH/MsnvQOEdrwjLRADQ4LF+Rs00dwTlZWi0dxvR9XxCg//1Or91QZyDcffd4z
         GlKi+W7qBf3gMbUC3sXsqa0OCHhp3RvqHa13SWO+uZeTAf3T+utLdBI+D35556fzmuhf
         ASVtqQ5Fr+osg+/9X/tQlJ6o0/4IrGCn/2n5CiYXUAqCgFGa3wrR2VfuDms5fq6s7HLH
         kAJhUlM89ZlD5l7F+epljHSIgICUpRdMN3rVvjvGlOQ0+BVuYW+NWbHaIlxffcT/1RRZ
         F7rMPdh+IS95NJmXcZs40UWWmbFTzv9lQ9CW5l5vMysdvvW2Da3vEEZqPNfkvsj+FjH3
         E2cw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=/2dO2C+UYfBQiXTmhGySAi6PBFtX+ameLwxuka7ZeCk=;
        b=hFl+pFVDPYEqvwITszzGzznffxLfuUv+CkTgz4cgKlwuoKty1QeErUTCIdg8aPRmzm
         U2ZvGZoyttCn3DkCCT43NHXjVCIOU4bkHt/8UuJ2WoNXVw8q7LWVAflQLTHQAF7tIZLT
         klqYxIaWU/GoKozaiYLcEHtkIDxp2IpEHEsmEc81RlWR7WEKUue2f5bPEto0bd0ZXyYr
         0yqSmThLNttmSVOa9Z6LB9gVgRE8uRuye53KDP+WIGsp+YuMLmSebCrpCiV2wjbQd516
         hah+DIF8wwJeQmSoDyIdDpqy1xWhxHrXyDGYvmy9uVu9HrM9UL+M+GCwaUJ6uiuECwIk
         TO3g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates
 192.55.52.120 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from mga04.intel.com (mga04.intel.com. [192.55.52.120])
        by mx.google.com with ESMTPS id 1si7848435plo.195.2019.01.16.16.33.38
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 16 Jan 2019 16:33:39 -0800 (PST)
Received-SPF: pass (google.com: domain of rick.p.edgecombe@intel.com
 designates 192.55.52.120 as permitted sender) client-ip=192.55.52.120;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates
 192.55.52.120 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 16 Jan 2019 16:33:36 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,488,1539673200";
   d="scan'208";a="292166034"
Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.79])
  by orsmga005.jf.intel.com with ESMTP; 16 Jan 2019 16:33:36 -0800
From: Rick Edgecombe <rick.p.edgecombe@intel.com>
To: Andy Lutomirski <luto@kernel.org>,
	Ingo Molnar <mingo@redhat.com>
Cc: linux-kernel@vger.kernel.org,
	x86@kernel.org,
	hpa@zytor.com,
	Thomas Gleixner <tglx@linutronix.de>,
	Borislav Petkov <bp@alien8.de>,
	Nadav Amit <nadav.amit@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Peter Zijlstra <peterz@infradead.org>,
	linux_dti@icloud.com,
	linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	akpm@linux-foundation.org,
	kernel-hardening@lists.openwall.com,
	linux-mm@kvack.org,
	will.deacon@arm.com,
	ard.biesheuvel@linaro.org,
	kristen@linux.intel.com,
	deneen.t.dock@intel.com,
	Nadav Amit <namit@vmware.com>,
	Steven Rostedt <rostedt@goodmis.org>,
	Rick Edgecombe <rick.p.edgecombe@intel.com>
Subject: [PATCH 08/17] x86/ftrace: set trampoline pages as executable
Date: Wed, 16 Jan 2019 16:32:50 -0800
Message-Id: <20190117003259.23141-9-rick.p.edgecombe@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190117003259.23141-1-rick.p.edgecombe@intel.com>
References: <20190117003259.23141-1-rick.p.edgecombe@intel.com>
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

From: Nadav Amit <namit@vmware.com>

Since alloc_module() will not set the pages as executable soon, we need
to do so for ftrace trampoline pages after they are allocated.

For the time being, we do not change ftrace to use the text_poke()
interface. As a result, ftrace breaks still breaks W^X.

Cc: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
---
 arch/x86/kernel/ftrace.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 8257a59704ae..eb4a1937e72c 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -742,6 +742,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
 	unsigned long end_offset;
 	unsigned long op_offset;
 	unsigned long offset;
+	unsigned long npages;
 	unsigned long size;
 	unsigned long retq;
 	unsigned long *ptr;
@@ -774,6 +775,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
 		return 0;
 
 	*tramp_size = size + RET_SIZE + sizeof(void *);
+	npages = DIV_ROUND_UP(*tramp_size, PAGE_SIZE);
 
 	/* Copy ftrace_caller onto the trampoline memory */
 	ret = probe_kernel_read(trampoline, (void *)start_offset, size);
@@ -818,6 +820,13 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
 	/* ALLOC_TRAMP flags lets us know we created it */
 	ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP;
 
+	/*
+	 * Module allocation needs to be completed by making the page
+	 * executable. The page is still writable, which is a security hazard,
+	 * but anyhow ftrace breaks W^X completely.
+	 */
+	set_memory_x((unsigned long)trampoline, npages);
+
 	return (unsigned long)trampoline;
 fail:
 	tramp_free(trampoline, *tramp_size);