Date: Wed, 17 Apr 2019 17:16:18 +0200 From: Jessica Yu <jeyu@...nel.org> To: Steven Rostedt <rostedt@...dmis.org> Cc: Joel Fernandes <joel@...lfernandes.org>, linux-kernel@...r.kernel.org, paulmck@...ux.vnet.ibm.com, keescook@...omium.org, mathieu.desnoyers@...icios.com, kernel-hardening@...ts.openwall.com, kernel-team@...roid.com, rcu@...r.kernel.org Subject: Re: [PATCH v3 3/3] module: Make __tracepoints_ptrs as read-only +++ Steven Rostedt [10/04/19 20:44 -0400]: >On Wed, 10 Apr 2019 16:29:02 -0400 >Joel Fernandes <joel@...lfernandes.org> wrote: > >> The srcu structure pointer array is modified at module load time because the >> array is fixed up by the module loader at load-time with the final locations >> of the tracepoints right? Basically relocation fixups. At compile time, I >> believe it is not know what the values in the ptr array are. I believe same >> is true for the tracepoint ptrs array. >> >> Also it needs to be in a separate __tracepoint_ptrs so that this code works: >> >> >> #ifdef CONFIG_TRACEPOINTS >> mod->tracepoints_ptrs = section_objs(info, "__tracepoints_ptrs", >> sizeof(*mod->tracepoints_ptrs), >> &mod->num_tracepoints); >> #endif >> >> Did I miss some point? Thanks, > >But there's a lot of others too. Hmm, does this mean that the RO data >sections that are in modules are not set to RO? > >There's a bunch of separate sections that are RO. Just look in >include/asm-generic/vmlinux.lds.h under the RO_DATA_SECTION() macro. > >A lot of the sections saved in module.c:find_module_sections() are in >that RO_DATA when compiled as a builtin. Are they not RO when loaded via >a module? Unlike the kernel, the module loader does not rely on a linker script to determine which sections get what protections. On module load, all sections in a module are looped through and those sections without the SHF_WRITE flag will be set to RO. For example, when there is a section filled with structs declared as const or if the section was explicitly given only the SHF_ALLOC attribute, those will be read-only. As long as the sections were given the correct section attributes for read-only, it'll have read-only protection. I see this is already the case for __param and __ksymtab*/__kcrctab* sections, but I agree that a full audit would be useful to be consistent with builtin RO protections. Hope that helps, Jessica
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.