From patchwork Thu Oct 11 23:31:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 10637625 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 586EB112B for ; Thu, 11 Oct 2018 23:41:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4495A2C312 for ; Thu, 11 Oct 2018 23:41:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 37F982C31A; Thu, 11 Oct 2018 23:41:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 763062C312 for ; Thu, 11 Oct 2018 23:41:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=yC5Tzr0+Y1d601Nx9d3OyuQaD/eVnxps+YujVQXnCOk=; b=j/vjIuWifxk9WZ M396M71g1jqz2lj26u4gX5eLE5ri1ZCKxTRUY2yPY8i7MF6weOA48lcPexFdY8EVhy3MZAY9U/fZ4 vjynmXZXZkufMNjAOz6F8BlX/TCE+qvrtHgS5OtiEKvYOA16C/aJTdqdJ40gXwQjv0Oo+74fKFU6B Ds6YqB3HqrhR9xVqQNNmP6xYrm3FBTT0uZIdjGI2dJJ+/pRyrVGkFgC8TmBIyuOjTUyfAT93oyybL 5BXwjTzw4oGYUML3Gpy8RecP1MAOZWDvAVlX+dOAr+Nd87oD5dGWshYbvCUToQoee/cWVQIBhEZs4 IyoRmJ5fKwckHA/x4TKw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkZh-0002L8-MT; Thu, 11 Oct 2018 23:41:01 +0000 Received: from mga12.intel.com ([192.55.52.136]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkYv-0000qB-LE for linux-arm-kernel@lists.infradead.org; Thu, 11 Oct 2018 23:40:15 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 16:40:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,370,1534834800"; d="scan'208";a="96792919" Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.168]) by fmsmga004.fm.intel.com with ESMTP; 11 Oct 2018 16:40:02 -0700 From: Rick Edgecombe To: kernel-hardening@lists.openwall.com, daniel@iogearbox.net, keescook@chromium.org, catalin.marinas@arm.com, will.deacon@arm.com, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, x86@kernel.org, arnd@arndb.de, jeyu@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mips@linux-mips.org, linux-s390@vger.kernel.org, sparclinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org Subject: [PATCH v2 1/7] modules: Create rlimit for module space Date: Thu, 11 Oct 2018 16:31:11 -0700 Message-Id: <20181011233117.7883-2-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011233117.7883-1-rick.p.edgecombe@intel.com> References: <20181011233117.7883-1-rick.p.edgecombe@intel.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181011_164013_732819_53BF9930 X-CRM114-Status: GOOD ( 23.89 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dave.hansen@intel.com, deneen.t.dock@intel.com, Rick Edgecombe , arjan@linux.intel.com, kristen@linux.intel.com Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP This introduces a new rlimit, RLIMIT_MODSPACE, which limits the amount of module space a user can use. The intention is to be able to limit module space allocations that may come from un-privlidged users inserting e/BPF filters. There is unfortunately no cross platform place to perform this accounting during allocation in the module space, so instead two helpers are created to be inserted into the various arch’s that implement module_alloc. These helpers perform the checks and help with tracking. The intention is that they an be added to the various arch’s as easily as possible. Since filters attached to sockets can be passed to other processes via domain sockets and freed there, there is new tracking for the uid of each allocation. This way if the allocation is freed by a different user, it will not throw off the accounting. For decrementing the module space usage when an area is free, there is a cross-platform place to do this. The behavior is that if the helpers to increment and check are not added into an arch’s module_alloc, then the decrement should have no effect. This is due to the allocation being missing from the allocation-uid tracking. Signed-off-by: Rick Edgecombe --- fs/proc/base.c | 1 + include/asm-generic/resource.h | 8 ++ include/linux/moduleloader.h | 3 + include/linux/sched/user.h | 4 + include/uapi/asm-generic/resource.h | 3 +- kernel/module.c | 141 +++++++++++++++++++++++++++- 6 files changed, 158 insertions(+), 2 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 7e9f07bf260d..84824f50e9f8 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -562,6 +562,7 @@ static const struct limit_names lnames[RLIM_NLIMITS] = { [RLIMIT_NICE] = {"Max nice priority", NULL}, [RLIMIT_RTPRIO] = {"Max realtime priority", NULL}, [RLIMIT_RTTIME] = {"Max realtime timeout", "us"}, + [RLIMIT_MODSPACE] = {"Max module space", "bytes"}, }; /* Display limits for a process */ diff --git a/include/asm-generic/resource.h b/include/asm-generic/resource.h index 8874f681b056..94c150e3dd12 100644 --- a/include/asm-generic/resource.h +++ b/include/asm-generic/resource.h @@ -4,6 +4,13 @@ #include +/* + * If the module space rlimit is not defined in an arch specific way, leave + * room for 10000 large eBPF filters. + */ +#ifndef MODSPACE_LIMIT +#define MODSPACE_LIMIT (5*PAGE_SIZE*10000) +#endif /* * boot-time rlimit defaults for the init task: @@ -26,6 +33,7 @@ [RLIMIT_NICE] = { 0, 0 }, \ [RLIMIT_RTPRIO] = { 0, 0 }, \ [RLIMIT_RTTIME] = { RLIM_INFINITY, RLIM_INFINITY }, \ + [RLIMIT_MODSPACE] = { MODSPACE_LIMIT, MODSPACE_LIMIT }, \ } #endif diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h index 31013c2effd3..206539e97579 100644 --- a/include/linux/moduleloader.h +++ b/include/linux/moduleloader.h @@ -86,6 +86,9 @@ void module_arch_cleanup(struct module *mod); /* Any cleanup before freeing mod->module_init */ void module_arch_freeing_init(struct module *mod); +int check_inc_mod_rlimit(unsigned long size); +void update_mod_rlimit(void *addr, unsigned long size); + #ifdef CONFIG_KASAN #include #define MODULE_ALIGN (PAGE_SIZE << KASAN_SHADOW_SCALE_SHIFT) diff --git a/include/linux/sched/user.h b/include/linux/sched/user.h index 39ad98c09c58..4c6d99d066fe 100644 --- a/include/linux/sched/user.h +++ b/include/linux/sched/user.h @@ -44,6 +44,10 @@ struct user_struct { atomic_long_t locked_vm; #endif +#ifdef CONFIG_MODULES + atomic_long_t module_vm; +#endif + /* Miscellaneous per-user rate limit */ struct ratelimit_state ratelimit; }; diff --git a/include/uapi/asm-generic/resource.h b/include/uapi/asm-generic/resource.h index f12db7a0da64..3f998340ed30 100644 --- a/include/uapi/asm-generic/resource.h +++ b/include/uapi/asm-generic/resource.h @@ -46,7 +46,8 @@ 0-39 for nice level 19 .. -20 */ #define RLIMIT_RTPRIO 14 /* maximum realtime priority */ #define RLIMIT_RTTIME 15 /* timeout for RT tasks in us */ -#define RLIM_NLIMITS 16 +#define RLIMIT_MODSPACE 16 /* max module space address usage */ +#define RLIM_NLIMITS 17 /* * SuS says limits have to be unsigned. diff --git a/kernel/module.c b/kernel/module.c index 6746c85511fe..2ef9ed95bf60 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2110,9 +2110,139 @@ static void free_module_elf(struct module *mod) } #endif /* CONFIG_LIVEPATCH */ +struct mod_alloc_user { + struct rb_node node; + unsigned long addr; + unsigned long pages; + kuid_t uid; +}; + +static struct rb_root alloc_users = RB_ROOT; +static DEFINE_SPINLOCK(alloc_users_lock); + +static unsigned int get_mod_page_cnt(unsigned long size) +{ + /* Add one for guard page */ + return (PAGE_ALIGN(size) >> PAGE_SHIFT) + 1; +} + +void update_mod_rlimit(void *addr, unsigned long size) +{ + unsigned long addrl = (unsigned long) addr; + struct rb_node **new = &(alloc_users.rb_node), *parent = NULL; + struct mod_alloc_user *track = kmalloc(sizeof(struct mod_alloc_user), + GFP_KERNEL); + unsigned int pages = get_mod_page_cnt(size); + + /* + * If addr is NULL, then we need to reverse the earlier increment that + * would have happened in an check_inc_mod_rlimit call. + */ + if (!addr) { + struct user_struct *user = get_current_user(); + + atomic_long_sub(pages, &user->module_vm); + free_uid(user); + return; + } + + /* Now, add tracking for the uid that allocated this */ + track->uid = current_uid(); + track->addr = addrl; + track->pages = pages; + + spin_lock(&alloc_users_lock); + + while (*new) { + struct mod_alloc_user *cur = + rb_entry(*new, struct mod_alloc_user, node); + parent = *new; + if (cur->addr > addrl) + new = &(*new)->rb_left; + else + new = &(*new)->rb_right; + } + + rb_link_node(&(track->node), parent, new); + rb_insert_color(&(track->node), &alloc_users); + + spin_unlock(&alloc_users_lock); +} + +/* Remove user allocation tracking, return NULL if allocation untracked */ +static struct user_struct *remove_user_alloc(void *addr, unsigned long *pages) +{ + struct rb_node *cur_node = alloc_users.rb_node; + unsigned long addrl = (unsigned long) addr; + struct mod_alloc_user *cur_alloc_user = NULL; + struct user_struct *user; + + spin_lock(&alloc_users_lock); + while (cur_node) { + cur_alloc_user = + rb_entry(cur_node, struct mod_alloc_user, node); + if (cur_alloc_user->addr > addrl) + cur_node = cur_node->rb_left; + else if (cur_alloc_user->addr < addrl) + cur_node = cur_node->rb_right; + else + goto found; + } + spin_unlock(&alloc_users_lock); + + return NULL; +found: + rb_erase(&cur_alloc_user->node, &alloc_users); + spin_unlock(&alloc_users_lock); + + user = find_user(cur_alloc_user->uid); + *pages = cur_alloc_user->pages; + kfree(cur_alloc_user); + + return user; +} + +int check_inc_mod_rlimit(unsigned long size) +{ + struct user_struct *user = get_current_user(); + unsigned long modspace_pages = rlimit(RLIMIT_MODSPACE) >> PAGE_SHIFT; + unsigned long cur_pages = atomic_long_read(&user->module_vm); + unsigned long new_pages = get_mod_page_cnt(size); + + if (rlimit(RLIMIT_MODSPACE) != RLIM_INFINITY + && cur_pages + new_pages > modspace_pages) { + free_uid(user); + return 1; + } + + atomic_long_add(new_pages, &user->module_vm); + + if (atomic_long_read(&user->module_vm) > modspace_pages) { + atomic_long_sub(new_pages, &user->module_vm); + free_uid(user); + return 1; + } + + free_uid(user); + return 0; +} + +void dec_mod_rlimit(void *addr) +{ + unsigned long pages; + struct user_struct *user = remove_user_alloc(addr, &pages); + + if (!user) + return; + + atomic_long_sub(pages, &user->module_vm); + free_uid(user); +} + void __weak module_memfree(void *module_region) { vfree(module_region); + dec_mod_rlimit(module_region); } void __weak module_arch_cleanup(struct module *mod) @@ -2730,7 +2860,16 @@ static void dynamic_debug_remove(struct module *mod, struct _ddebug *debug) void * __weak module_alloc(unsigned long size) { - return vmalloc_exec(size); + void *p; + + if (check_inc_mod_rlimit(size)) + return NULL; + + p = vmalloc_exec(size); + + update_mod_rlimit(p, size); + + return p; } #ifdef CONFIG_DEBUG_KMEMLEAK From patchwork Thu Oct 11 23:31:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 10637629 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id ED3C4112B for ; Thu, 11 Oct 2018 23:42:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D788B2C312 for ; Thu, 11 Oct 2018 23:42:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C6B8D2C31A; Thu, 11 Oct 2018 23:42:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 749AB2C312 for ; Thu, 11 Oct 2018 23:42:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=a4dBcYVeCn2k0BjMsiMKskJzFt5MyzvTuFkvRu7LocE=; b=Yo6ds1uel8tA+afId9ZqVBQbdU 1mSY48RYnMGNxStoPOMoIIDnZ5Bzl3KhxYdExuqbZrPOzVs0Z/9zXrbRM4oVfT1HSRa+bwBxwiJrP NkT251+/abSs2r8shCWPFUq0sPdY8kq+f1dHpAG2WrJMb0ZwETWSUzdISFiC/TiOBmDnZpeLU6E2d /Fy2C8FJsKJrXPsrbGyAE5Wy3h6GuZLs6G5+Llk3rWdL0JiKtSoK8yLps5PoGkgykVDo+1oa473Eh /KSeaNFMme06VKCfbsonFJLM7orZAranwWGe5weMtImvh9fTcPggN+dNf+G75Zue/KjvQ8xdDm4dR WrYcygeg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkaT-0002hY-7R; Thu, 11 Oct 2018 23:41:49 +0000 Received: from mga12.intel.com ([192.55.52.136]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkYv-0000vI-Lb for linux-arm-kernel@lists.infradead.org; Thu, 11 Oct 2018 23:40:18 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 16:40:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,370,1534834800"; d="scan'208";a="96792928" Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.168]) by fmsmga004.fm.intel.com with ESMTP; 11 Oct 2018 16:40:03 -0700 From: Rick Edgecombe To: kernel-hardening@lists.openwall.com, daniel@iogearbox.net, keescook@chromium.org, catalin.marinas@arm.com, will.deacon@arm.com, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, x86@kernel.org, arnd@arndb.de, jeyu@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mips@linux-mips.org, linux-s390@vger.kernel.org, sparclinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org Subject: [PATCH v2 2/7] x86/modules: Add rlimit checking for x86 modules Date: Thu, 11 Oct 2018 16:31:12 -0700 Message-Id: <20181011233117.7883-3-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011233117.7883-1-rick.p.edgecombe@intel.com> References: <20181011233117.7883-1-rick.p.edgecombe@intel.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181011_164013_756168_12A5C5D3 X-CRM114-Status: GOOD ( 13.28 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dave.hansen@intel.com, deneen.t.dock@intel.com, Rick Edgecombe , arjan@linux.intel.com, kristen@linux.intel.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP This adds in the rlimit checking for the x86 module allocator. Signed-off-by: Rick Edgecombe --- arch/x86/include/asm/pgtable_32_types.h | 3 +++ arch/x86/include/asm/pgtable_64_types.h | 2 ++ arch/x86/kernel/module.c | 7 ++++++- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/pgtable_32_types.h b/arch/x86/include/asm/pgtable_32_types.h index b0bc0fff5f1f..185e382fa8c3 100644 --- a/arch/x86/include/asm/pgtable_32_types.h +++ b/arch/x86/include/asm/pgtable_32_types.h @@ -68,6 +68,9 @@ extern bool __vmalloc_start_set; /* set once high_memory is set */ #define MODULES_END VMALLOC_END #define MODULES_LEN (MODULES_VADDR - MODULES_END) +/* Half of 128MB vmalloc space */ +#define MODSPACE_LIMIT (1 << 25) + #define MAXMEM (VMALLOC_END - PAGE_OFFSET - __VMALLOC_RESERVE) #endif /* _ASM_X86_PGTABLE_32_DEFS_H */ diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h index 04edd2d58211..c256931f4667 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h @@ -143,6 +143,8 @@ extern unsigned int ptrs_per_p4d; #define MODULES_END _AC(0xffffffffff000000, UL) #define MODULES_LEN (MODULES_END - MODULES_VADDR) +#define MODSPACE_LIMIT (MODULES_LEN / 2) + #define ESPFIX_PGD_ENTRY _AC(-2, UL) #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << P4D_SHIFT) diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c index f58336af095c..5eb3f9c5a976 100644 --- a/arch/x86/kernel/module.c +++ b/arch/x86/kernel/module.c @@ -84,16 +84,21 @@ void *module_alloc(unsigned long size) if (PAGE_ALIGN(size) > MODULES_LEN) return NULL; + if (check_inc_mod_rlimit(size)) + return NULL; + p = __vmalloc_node_range(size, MODULE_ALIGN, MODULES_VADDR + get_module_load_offset(), MODULES_END, GFP_KERNEL, PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE, __builtin_return_address(0)); if (p && (kasan_module_alloc(p, size) < 0)) { - vfree(p); + module_memfree(p); return NULL; } + update_mod_rlimit(p, size); + return p; } From patchwork Thu Oct 11 23:31:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 10637633 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BEAE5112B for ; Thu, 11 Oct 2018 23:43:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A8F2727D0E for ; Thu, 11 Oct 2018 23:43:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9B1D5280B0; Thu, 11 Oct 2018 23:43:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 197F227D0E for ; Thu, 11 Oct 2018 23:43:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=2iRnlCqhZ4HZh0Y12yOK9ZDLuIJ38KqnOSksjZhASWo=; b=IeSUaJ4vAU//YClNUJnPO41nHO KZOADejMuk2r6K3aYn9YHw2sIUOMoZHQ3tBNPpcz5D+jPxfaUhHny3IDm5Mz9yTsJJN0VAAumySWE zIq/rMQqFQkZ6BlvCEhsvgnVsz3QdLb35W+IuStOe2RzzJHGNApkVuzk0BXMQiI4PGQNsEEmOZu01 r18qCY0+zX9Cc9/aJtblEQQr9Svhztz8jxMCP/K2Lu9W7qdn61aalZ/Il9w8auu5+1fBzQk5yKfEk JvbZnXPqqBuwKCGQzmhwzJU/PRxsstlVSijFy5YVy5w8Bz/3NZwZ062BHq6LocRpV5JljPUtqGgKI U+BOACpQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkbh-0003Dw-EF; Thu, 11 Oct 2018 23:43:05 +0000 Received: from mga12.intel.com ([192.55.52.136]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkYx-0000kP-KV for linux-arm-kernel@lists.infradead.org; Thu, 11 Oct 2018 23:40:19 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 16:40:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,370,1534834800"; d="scan'208";a="96792934" Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.168]) by fmsmga004.fm.intel.com with ESMTP; 11 Oct 2018 16:40:03 -0700 From: Rick Edgecombe To: kernel-hardening@lists.openwall.com, daniel@iogearbox.net, keescook@chromium.org, catalin.marinas@arm.com, will.deacon@arm.com, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, x86@kernel.org, arnd@arndb.de, jeyu@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mips@linux-mips.org, linux-s390@vger.kernel.org, sparclinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org Subject: [PATCH v2 3/7] arm/modules: Add rlimit checking for arm modules Date: Thu, 11 Oct 2018 16:31:13 -0700 Message-Id: <20181011233117.7883-4-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011233117.7883-1-rick.p.edgecombe@intel.com> References: <20181011233117.7883-1-rick.p.edgecombe@intel.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181011_164015_706347_E3709D38 X-CRM114-Status: GOOD ( 13.13 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dave.hansen@intel.com, deneen.t.dock@intel.com, Rick Edgecombe , arjan@linux.intel.com, kristen@linux.intel.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP This adds in the rlimit checking for the arm module allocator. This has not been tested. Signed-off-by: Rick Edgecombe --- arch/arm/kernel/module.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c index 3ff571c2c71c..e331863553d2 100644 --- a/arch/arm/kernel/module.c +++ b/arch/arm/kernel/module.c @@ -43,6 +43,9 @@ void *module_alloc(unsigned long size) gfp_t gfp_mask = GFP_KERNEL; void *p; + if (check_inc_mod_rlimit(size)) + return NULL; + /* Silence the initial allocation */ if (IS_ENABLED(CONFIG_ARM_MODULE_PLTS)) gfp_mask |= __GFP_NOWARN; @@ -51,10 +54,15 @@ void *module_alloc(unsigned long size) gfp_mask, PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE, __builtin_return_address(0)); if (!IS_ENABLED(CONFIG_ARM_MODULE_PLTS) || p) - return p; - return __vmalloc_node_range(size, 1, VMALLOC_START, VMALLOC_END, + goto done; + p = __vmalloc_node_range(size, 1, VMALLOC_START, VMALLOC_END, GFP_KERNEL, PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE, __builtin_return_address(0)); + +done: + update_mod_rlimit(p, size); + + return p; } #endif From patchwork Thu Oct 11 23:31:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 10637631 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0B962157A for ; Thu, 11 Oct 2018 23:42:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EA9F62C312 for ; Thu, 11 Oct 2018 23:42:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DEA312C31A; Thu, 11 Oct 2018 23:42:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 65B662C312 for ; Thu, 11 Oct 2018 23:42:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=4n5uSkCSyVXgFqyXJ4sOYFGMHeZbfvSmAwJdopUZAUc=; b=E/Z473olrmBMJE6yYLsPkcrpGu gzJ8cl76LaqXlLbpxUi8v7RWn9EWmoMGrZ+fVUzf8XhuMszfmDZDDI6n5aSWvlXcLJZ3xSbqgweXq O86whzorRz6B2wgSZ9193ldAKXBAEVIiTbsm8rFykLPSbgTxOwkprUUtwbpJ+1PF907EeTgu9ZLIm EvOMxW52BrJgW8spL0rQUJBAnANMa4Cr4C3kiOemGUq1EPuWWa3ZkVSS0VyHdjfJr13dJF18BgTDK 4+pfzQJ/FgaSDUHN2LM27q5pUoVqAWFMcAUyHJ4djoWO2AzsZ19n8uhc4t2fMIncXO4gFlMO6qeVL WFLkzvVA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkb5-0002xc-5X; Thu, 11 Oct 2018 23:42:27 +0000 Received: from mga12.intel.com ([192.55.52.136]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkYx-0000qB-TW for linux-arm-kernel@lists.infradead.org; Thu, 11 Oct 2018 23:40:19 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 16:40:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,370,1534834800"; d="scan'208";a="96792939" Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.168]) by fmsmga004.fm.intel.com with ESMTP; 11 Oct 2018 16:40:04 -0700 From: Rick Edgecombe To: kernel-hardening@lists.openwall.com, daniel@iogearbox.net, keescook@chromium.org, catalin.marinas@arm.com, will.deacon@arm.com, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, x86@kernel.org, arnd@arndb.de, jeyu@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mips@linux-mips.org, linux-s390@vger.kernel.org, sparclinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org Subject: [PATCH v2 4/7] arm64/modules: Add rlimit checking for arm64 modules Date: Thu, 11 Oct 2018 16:31:14 -0700 Message-Id: <20181011233117.7883-5-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011233117.7883-1-rick.p.edgecombe@intel.com> References: <20181011233117.7883-1-rick.p.edgecombe@intel.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181011_164015_987465_1B630C5D X-CRM114-Status: GOOD ( 11.24 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dave.hansen@intel.com, deneen.t.dock@intel.com, Rick Edgecombe , arjan@linux.intel.com, kristen@linux.intel.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP This adds in the rlimit checking for the arm64 module allocator. This has not been tested. Signed-off-by: Rick Edgecombe --- arch/arm64/kernel/module.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c index f0f27aeefb73..ea9794f2f571 100644 --- a/arch/arm64/kernel/module.c +++ b/arch/arm64/kernel/module.c @@ -39,6 +39,9 @@ void *module_alloc(unsigned long size) if (IS_ENABLED(CONFIG_ARM64_MODULE_PLTS)) gfp_mask |= __GFP_NOWARN; + if (check_inc_mod_rlimit(size)) + return NULL; + p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base, module_alloc_base + MODULES_VSIZE, gfp_mask, PAGE_KERNEL_EXEC, 0, @@ -65,6 +68,8 @@ void *module_alloc(unsigned long size) return NULL; } + update_mod_rlimit(p, size); + return p; } From patchwork Thu Oct 11 23:31:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 10637643 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BB673112B for ; Thu, 11 Oct 2018 23:44:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A588B2C241 for ; Thu, 11 Oct 2018 23:44:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 99DB32C318; Thu, 11 Oct 2018 23:44:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 35A292C241 for ; Thu, 11 Oct 2018 23:44:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=Fme/5xRqgEbgCWKmfdFbSNWQInAmWPxHT4XrWUj8tLE=; b=JdoxacC/EHdmuW+mVIU03glDZu AMoxU8yRpkyz8blmEZw1YG636dZOiDq3/e7SGkWJcoZXPs2o7QFQYONqQbKG/3N9lNrsLS+aQe/Ar qKqkelRWqGzEPmsua+tsogryMy0hbP+CDfK9NGVAefrku5FdBqoqPjNsbKZuS1hr/CBNw5V4AQ6A/ cIdCpolecLNZjIy6LDh69tUrh5li+JxlpH251VSMMLalsPzkC1VqeZKiH89sBSIPc9yUziwv0RnO+ vW6q6d99Zu/66F5rzzHVt0opH+7vZ0oU5z3QwLtW8pSWIu6o20jwITMWcaQr1B32we3H95zJuKL8V tPMf4cQQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkcy-0003ne-Mt; Thu, 11 Oct 2018 23:44:24 +0000 Received: from mga12.intel.com ([192.55.52.136]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkZ0-0000vI-Tp for linux-arm-kernel@lists.infradead.org; Thu, 11 Oct 2018 23:40:26 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 16:40:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,370,1534834800"; d="scan'208";a="96792944" Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.168]) by fmsmga004.fm.intel.com with ESMTP; 11 Oct 2018 16:40:05 -0700 From: Rick Edgecombe To: kernel-hardening@lists.openwall.com, daniel@iogearbox.net, keescook@chromium.org, catalin.marinas@arm.com, will.deacon@arm.com, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, x86@kernel.org, arnd@arndb.de, jeyu@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mips@linux-mips.org, linux-s390@vger.kernel.org, sparclinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org Subject: [PATCH v2 5/7] mips/modules: Add rlimit checking for mips modules Date: Thu, 11 Oct 2018 16:31:15 -0700 Message-Id: <20181011233117.7883-6-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011233117.7883-1-rick.p.edgecombe@intel.com> References: <20181011233117.7883-1-rick.p.edgecombe@intel.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181011_164019_064848_BE470053 X-CRM114-Status: GOOD ( 12.54 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dave.hansen@intel.com, deneen.t.dock@intel.com, Rick Edgecombe , arjan@linux.intel.com, kristen@linux.intel.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP This adds in the rlimit checking for the mips module allocator. This has not been tested. Signed-off-by: Rick Edgecombe --- arch/mips/kernel/module.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/mips/kernel/module.c b/arch/mips/kernel/module.c index 491605137b03..7a23392512d1 100644 --- a/arch/mips/kernel/module.c +++ b/arch/mips/kernel/module.c @@ -47,9 +47,18 @@ static DEFINE_SPINLOCK(dbe_lock); #ifdef MODULE_START void *module_alloc(unsigned long size) { - return __vmalloc_node_range(size, 1, MODULE_START, MODULE_END, + void *p; + + if (check_inc_mod_rlimit(size)) + return NULL; + + p = __vmalloc_node_range(size, 1, MODULE_START, MODULE_END, GFP_KERNEL, PAGE_KERNEL, 0, NUMA_NO_NODE, __builtin_return_address(0)); + + update_mod_rlimit(p, size); + + return p; } #endif From patchwork Thu Oct 11 23:31:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 10637637 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C2EF7157A for ; Thu, 11 Oct 2018 23:44:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AD5CC2C1A3 for ; Thu, 11 Oct 2018 23:44:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A0AC62C312; Thu, 11 Oct 2018 23:44:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3E8032C1A3 for ; Thu, 11 Oct 2018 23:44:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=8/aNrc2ebHgbLIuitf4kyLLedMhzbRXiN/p8RH6Z1e0=; b=m9rUVgDYHXNyONUzvPc36qEO7W U2aXZtc4R9c6HKirpqS5ZZ1j7Qn3TGWAEkmLlbIIrIXl9Z9zlXw3S8Qw2Mt8MFqgrnmjTtC2atIw6 ODHEV/pMdx7ng7wplpRbDhMrsu3di2Iq+WsVZPpMJi0fb+uX58RewB7fAd5bbiVSJNm+9kZEhJ/Fl 5jUrFb9r0iBpvrj7p2tH68KPMuDus7xDdmvkWEpBP9EoxHaXnkZowEsbfEqTpsJlL2kapa76CoLHa PucMV3b1FgiKZl+qCLucKHSMHAYvAF/9g7NDMi0Zn3TGim7by9390tGDjOMHLbxMwNl1ek/6466Gv JzsNkq7Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkcO-0003WR-Oh; Thu, 11 Oct 2018 23:43:48 +0000 Received: from mga12.intel.com ([192.55.52.136]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkZ1-0000qB-90 for linux-arm-kernel@lists.infradead.org; Thu, 11 Oct 2018 23:40:27 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 16:40:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,370,1534834800"; d="scan'208";a="96792951" Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.168]) by fmsmga004.fm.intel.com with ESMTP; 11 Oct 2018 16:40:06 -0700 From: Rick Edgecombe To: kernel-hardening@lists.openwall.com, daniel@iogearbox.net, keescook@chromium.org, catalin.marinas@arm.com, will.deacon@arm.com, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, x86@kernel.org, arnd@arndb.de, jeyu@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mips@linux-mips.org, linux-s390@vger.kernel.org, sparclinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org Subject: [PATCH v2 6/7] sparc/modules: Add rlimit for sparc modules Date: Thu, 11 Oct 2018 16:31:16 -0700 Message-Id: <20181011233117.7883-7-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011233117.7883-1-rick.p.edgecombe@intel.com> References: <20181011233117.7883-1-rick.p.edgecombe@intel.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181011_164019_361525_0579F400 X-CRM114-Status: GOOD ( 11.93 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dave.hansen@intel.com, deneen.t.dock@intel.com, Rick Edgecombe , arjan@linux.intel.com, kristen@linux.intel.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP This adds in the rlimit checking for the sparc module allocator. This has not been tested. Signed-off-by: Rick Edgecombe --- arch/sparc/kernel/module.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/sparc/kernel/module.c b/arch/sparc/kernel/module.c index df39580f398d..24854fdfa7c3 100644 --- a/arch/sparc/kernel/module.c +++ b/arch/sparc/kernel/module.c @@ -44,10 +44,15 @@ void *module_alloc(unsigned long size) { void *ret; + if (check_inc_mod_rlimit(size)) + return NULL; + ret = module_map(size); if (ret) memset(ret, 0, size); + update_mod_rlimit(ret, size); + return ret; } From patchwork Thu Oct 11 23:31:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 10637647 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BC860933 for ; Thu, 11 Oct 2018 23:46:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A32052C332 for ; Thu, 11 Oct 2018 23:46:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 941A42C336; Thu, 11 Oct 2018 23:46:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 393F52C332 for ; Thu, 11 Oct 2018 23:46:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=GwsB5r8ctigQinQ1shQVdGOLP9yVlnUvxPBFwrlIcM0=; b=kEaMRaaQn2aVmNhFz6AzSdt1Ov 5uuKZiB1k7EHufYsYXowbFa4G5mo+8pcLSNQ12EJKbZbGEySIqLrPrxdlVYVa64hqGec5sqLKQC5F TTlPF5jyU/FEUIYK2iGCulLgbdAak5zvgFvlOnPffFcyuUuYku+rG3UIX+12qcmNuEEbIOSWgsqMU zkQsEKoPv6eCDUNvvAwtNJ7o3PXDVqRLEnFWY43NCWIhxokerhP/mbimDmzR9T1/lMan/XMIAXSKg xrwlkTRTHenp/xKGfk1uIT/s16f9bBTTEeL2JKpgWnNXR3c48nNmRhARByl0hOkkPPX+uj14VbmFz Nkeu6lUg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkf6-0005Sn-G5; Thu, 11 Oct 2018 23:46:36 +0000 Received: from mga12.intel.com ([192.55.52.136]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAkZ1-0000kP-FD for linux-arm-kernel@lists.infradead.org; Thu, 11 Oct 2018 23:40:33 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 16:40:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,370,1534834800"; d="scan'208";a="96792954" Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.168]) by fmsmga004.fm.intel.com with ESMTP; 11 Oct 2018 16:40:06 -0700 From: Rick Edgecombe To: kernel-hardening@lists.openwall.com, daniel@iogearbox.net, keescook@chromium.org, catalin.marinas@arm.com, will.deacon@arm.com, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, x86@kernel.org, arnd@arndb.de, jeyu@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mips@linux-mips.org, linux-s390@vger.kernel.org, sparclinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org Subject: [PATCH v2 7/7] s390/modules: Add rlimit checking for s390 modules Date: Thu, 11 Oct 2018 16:31:17 -0700 Message-Id: <20181011233117.7883-8-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011233117.7883-1-rick.p.edgecombe@intel.com> References: <20181011233117.7883-1-rick.p.edgecombe@intel.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181011_164019_534230_616E2492 X-CRM114-Status: GOOD ( 12.60 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dave.hansen@intel.com, deneen.t.dock@intel.com, Rick Edgecombe , arjan@linux.intel.com, kristen@linux.intel.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP This adds in the rlimit checking for the s390 module allocator. This has not been tested. Signed-off-by: Rick Edgecombe --- arch/s390/kernel/module.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c index d298d3cb46d0..6c2356a72b63 100644 --- a/arch/s390/kernel/module.c +++ b/arch/s390/kernel/module.c @@ -32,12 +32,22 @@ void *module_alloc(unsigned long size) { + void *p; + if (PAGE_ALIGN(size) > MODULES_LEN) return NULL; - return __vmalloc_node_range(size, 1, MODULES_VADDR, MODULES_END, + + if (check_inc_mod_rlimit(size)) + return NULL; + + p = __vmalloc_node_range(size, 1, MODULES_VADDR, MODULES_END, GFP_KERNEL, PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE, __builtin_return_address(0)); + + update_mod_rlimit(p, size); + + return p; } void module_arch_freeing_init(struct module *mod)