Re: [PATCH net-next 09/10] arm64: unexport set_memory_ro and set_memory_rw

From: Laura Abbott
Date: Fri Feb 27 2015 - 13:52:05 EST

Next message: Stephan Mueller: "Re: [PATCH v12 1/2] crypto: AF_ALG: add AEAD support"
Previous message: kbuild test robot: "[PATCH peterz-queue] module: mod_tree_ops can be static"
In reply to: Daniel Borkmann: "[PATCH net-next 09/10] arm64: unexport set_memory_ro and set_memory_rw"
Next in thread: Will Deacon: "Re: [PATCH net-next 09/10] arm64: unexport set_memory_ro and set_memory_rw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/27/2015 6:55 AM, Daniel Borkmann wrote:

This effectively unexports set_memory_ro and set_memory_rw functions from
commit 11d91a770f1f ("arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support").

No module user of those is in mainline kernel and we explicitly do not want
modules to use these functions, as they i.e. protect eBPF (interpreted and
JIT'ed) images from malicious modifications or bugs.

Outside of eBPF scope, I believe also other set_memory_* functions should
be unexported on arm64 for modules.

Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Cc: Laura Abbott <lauraa@xxxxxxxxxxxxxx>
Cc: Will Deacon <will.deacon@xxxxxxx>
Cc: linux-kernel@xxxxxxxxxxxxxxx
Acked-by: Alexei Starovoitov <ast@xxxxxxxxxxxx>
---
arch/arm64/mm/pageattr.c | 2 --
1 file changed, 2 deletions(-)

We have some uses for modules doing set_memory_ro/rw but none that are
in mainline. That can be dealt with if the features ever get
mainlined which seems unlikely.

Acked-by: Laura Abbott <lauraa@xxxxxxxxxxxxxx>

diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
index bb0ea94..8659357 100644
--- a/arch/arm64/mm/pageattr.c
+++ b/arch/arm64/mm/pageattr.c
@@ -70,7 +70,6 @@ int set_memory_ro(unsigned long addr, int numpages)
__pgprot(PTE_RDONLY),
__pgprot(PTE_WRITE));
}
-EXPORT_SYMBOL_GPL(set_memory_ro);

int set_memory_rw(unsigned long addr, int numpages)
{
@@ -78,7 +77,6 @@ int set_memory_rw(unsigned long addr, int numpages)
__pgprot(PTE_WRITE),
__pgprot(PTE_RDONLY));
}
-EXPORT_SYMBOL_GPL(set_memory_rw);

int set_memory_nx(unsigned long addr, int numpages)
{

--
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephan Mueller: "Re: [PATCH v12 1/2] crypto: AF_ALG: add AEAD support"
Previous message: kbuild test robot: "[PATCH peterz-queue] module: mod_tree_ops can be static"
In reply to: Daniel Borkmann: "[PATCH net-next 09/10] arm64: unexport set_memory_ro and set_memory_rw"
Next in thread: Will Deacon: "Re: [PATCH net-next 09/10] arm64: unexport set_memory_ro and set_memory_rw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]