[PATCH v3 4/4] powerpc: Enable STRICT_MODULE_RWX

Daniel Axtens dja at axtens.net
Fri Oct 11 00:13:46 AEDT 2019 

Hi Russell,

Tested-by: Daniel Axtens <dja at axtens.net> # e6500

Because ptdump isn't quite working on book3e 64bit atm, I hacked it up
to print the raw PTE and the extracted flags. After loading a module, I
see the supervisor write bit set without module RWX, and it cleared with
module RWX. Modules still seem to work, which is good.

There is one small quirk which I mention only for completeness, and it
comes from arch/Kconfig:

config STRICT_MODULE_RWX
	bool "Set loadable kernel module data as NX and text as RO" if ARCH_OPTIONAL_KERNEL_RWX
                                                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^
	depends on ARCH_HAS_STRICT_MODULE_RWX && MODULES
	default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT

64bit Book3E doesn't have ARCH_OPTIONAL_KERNEL_RWX, so the option
doesn't show up in the config menus. Instead, we always get the default,
which is for it to be enabled. That's probably not a problem (so long as
I haven't missed some edge case), but it is a bit weird.

I don't think you can fix this without either hacking up arch/Kconfig
or actually implementing Strict RWX for book3e. I think both of those
are cures worse than the disease, so I think just let it be for now.

Regards,
Daniel

> Whether STRICT_MODULE_RWX is enabled by default depends on powerpc
> platform - in arch/Kconfig, STRICT_MODULE_RWX depends on
> ARCH_OPTIONAL_KERNEL_RWX, which in arch/powerpc/Kconfig is selected if
> ARCH_HAS_STRICT_KERNEL_RWX is selected, which is only true with
> CONFIG_RELOCATABLE *disabled*.
>
> defconfigs like skiroot_defconfig which turn STRICT_KERNEL_RWX on when
> it is not already on by default also do NOT enable STRICT_MODULE_RWX
> automatically, so it is explicitly enabled there in this patch.
>
> Thus, on by default for ppc32 only.  Module RWX doesn't provide a whole
> lot of value with Kernel RWX off, but it doesn't hurt, either.  The next
> step is to make STRICT_KERNEL_RWX compatible with RELOCATABLE so it can
> be on by default.
>
> Signed-off-by: Russell Currey <ruscur at russell.cc>
> ---
>  arch/powerpc/Kconfig                   | 1 +
>  arch/powerpc/configs/skiroot_defconfig | 1 +
>  2 files changed, 2 insertions(+)
>
> diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
> index 8f7005f0d097..212c4d02be40 100644
> --- a/arch/powerpc/Kconfig
> +++ b/arch/powerpc/Kconfig
> @@ -135,6 +135,7 @@ config PPC
>  	select ARCH_HAS_SCALED_CPUTIME		if VIRT_CPU_ACCOUNTING_NATIVE && PPC_BOOK3S_64
>  	select ARCH_HAS_SET_MEMORY
>  	select ARCH_HAS_STRICT_KERNEL_RWX	if ((PPC_BOOK3S_64 || PPC32) && !RELOCATABLE && !HIBERNATION)
> +	select ARCH_HAS_STRICT_MODULE_RWX
>  	select ARCH_HAS_TICK_BROADCAST		if GENERIC_CLOCKEVENTS_BROADCAST
>  	select ARCH_HAS_UACCESS_FLUSHCACHE
>  	select ARCH_HAS_UACCESS_MCSAFE		if PPC64
> diff --git a/arch/powerpc/configs/skiroot_defconfig b/arch/powerpc/configs/skiroot_defconfig
> index 1253482a67c0..719d899081b3 100644
> --- a/arch/powerpc/configs/skiroot_defconfig
> +++ b/arch/powerpc/configs/skiroot_defconfig
> @@ -31,6 +31,7 @@ CONFIG_PERF_EVENTS=y
>  CONFIG_SLAB_FREELIST_HARDENED=y
>  CONFIG_JUMP_LABEL=y
>  CONFIG_STRICT_KERNEL_RWX=y
> +CONFIG_STRICT_MODULE_RWX=y
>  CONFIG_MODULES=y
>  CONFIG_MODULE_UNLOAD=y
>  CONFIG_MODULE_SIG=y
> -- 
> 2.23.0

More information about the Linuxppc-dev mailing list