[PATCH v3 0/4] Implement STRICT_MODULE_RWX for powerpc
ruscur at russell.cc
Fri Oct 4 17:50:46 AEST 2019
It's been quite a while since the last iteration, there were a few
things to hunt down and fix.
The first was the way that I was updating PTEs was using set_pte_at()
unsafely - now, each page is updated by clearing -> flushing -> setting.
This should be generic across all MMUs, I know that there are some
potential inefficiencies - for example, Hash flushes the entire PID
regardless of the given page range - but I don't think it's a very big
The next was that there is an errant page that was tricky to hunt down,
it turned out to be that kprobes never get marked RO after creation,
leading to (at least) one W+X page present in the kernel, even with both
STRICT_KERNEL_RWX and STRICT_MODULE_RWX on.
I added a debugfs handler to call ptdump_check_wx() to facilitate making
sure module RWX continues to work after boot.
There's more detail in the final patch about exactly how "on by default"
module RWX is, but it doesn't really matter until STRICT_KERNEL_RWX is
on by default too.
Thanks to Nick Piggin, Michael Ellerman, Daniel Axtens, and others for
Christophe, I did test this in qemu mac99 so hopefully it works for all
32bit, I'm sure you'll let me know if it doesn't.
Would appreciate an ack from Joel to enable this in skiroot_defconfig.
Russell Currey (4):
powerpc/mm: Implement set_memory() routines
powerpc/kprobes: Mark newly allocated probes as RO
powerpc/mm/ptdump: debugfs handler for W+X checks at runtime
powerpc: Enable STRICT_MODULE_RWX
arch/powerpc/Kconfig | 2 +
arch/powerpc/configs/skiroot_defconfig | 1 +
arch/powerpc/include/asm/set_memory.h | 32 ++++++++++++++
arch/powerpc/kernel/kprobes.c | 3 ++
arch/powerpc/mm/Makefile | 1 +
arch/powerpc/mm/pageattr.c | 60 ++++++++++++++++++++++++++
arch/powerpc/mm/ptdump/ptdump.c | 31 ++++++++++---
7 files changed, 124 insertions(+), 6 deletions(-)
create mode 100644 arch/powerpc/include/asm/set_memory.h
create mode 100644 arch/powerpc/mm/pageattr.c
More information about the Linuxppc-dev