diff mbox series

[v2,8/9] riscv: module: Create module allocations without exec permissions

Message ID 20210401002900.470f3413@xhacker
State New
Headers show
Series riscv: improve self-protection | expand

Commit Message

Jisheng Zhang March 31, 2021, 4:29 p.m. UTC 
From: Jisheng Zhang <jszhang@kernel.org>

The core code manages the executable permissions of code regions of
modules explicitly, it is not necessary to create the module vmalloc
regions with RWX permissions. Create them with RW- permissions instead.

Signed-off-by: Jisheng Zhang <jszhang@kernel.org>
---
 arch/riscv/kernel/module.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

Comments

Anup Patel April 2, 2021, 4:18 a.m. UTC | #1 
On Wed, Mar 31, 2021 at 10:04 PM Jisheng Zhang
<jszhang3@mail.ustc.edu.cn> wrote:
>

> From: Jisheng Zhang <jszhang@kernel.org>

>

> The core code manages the executable permissions of code regions of

> modules explicitly, it is not necessary to create the module vmalloc

> regions with RWX permissions. Create them with RW- permissions instead.

>

> Signed-off-by: Jisheng Zhang <jszhang@kernel.org>


Looks good to me.

Reviewed-by: Anup Patel <anup@brainfault.org>


Regards,
Anup

> ---

>  arch/riscv/kernel/module.c | 10 ++++++++--

>  1 file changed, 8 insertions(+), 2 deletions(-)

>

> diff --git a/arch/riscv/kernel/module.c b/arch/riscv/kernel/module.c

> index 104fba889cf7..e89367bba7c9 100644

> --- a/arch/riscv/kernel/module.c

> +++ b/arch/riscv/kernel/module.c

> @@ -407,14 +407,20 @@ int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab,

>         return 0;

>  }

>

> -#if defined(CONFIG_MMU) && defined(CONFIG_64BIT)

> +#ifdef CONFIG_MMU

> +

> +#ifdef CONFIG_64BIT

>  #define VMALLOC_MODULE_START \

>          max(PFN_ALIGN((unsigned long)&_end - SZ_2G), VMALLOC_START)

> +#else

> +#define VMALLOC_MODULE_START   VMALLOC_START

> +#endif

> +

>  void *module_alloc(unsigned long size)

>  {

>         return __vmalloc_node_range(size, 1, VMALLOC_MODULE_START,

>                                     VMALLOC_END, GFP_KERNEL,

> -                                   PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,

> +                                   PAGE_KERNEL, 0, NUMA_NO_NODE,

>                                     __builtin_return_address(0));

>  }

>  #endif

> --

> 2.31.0

>

>

>

> _______________________________________________

> linux-riscv mailing list

> linux-riscv@lists.infradead.org

> http://lists.infradead.org/mailman/listinfo/linux-riscv
diff mbox series

Patch

diff --git a/arch/riscv/kernel/module.c b/arch/riscv/kernel/module.c
index 104fba889cf7..e89367bba7c9 100644
--- a/arch/riscv/kernel/module.c
+++ b/arch/riscv/kernel/module.c
@@ -407,14 +407,20 @@  int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab,
 	return 0;
 }
 
-#if defined(CONFIG_MMU) && defined(CONFIG_64BIT)
+#ifdef CONFIG_MMU
+
+#ifdef CONFIG_64BIT
 #define VMALLOC_MODULE_START \
 	 max(PFN_ALIGN((unsigned long)&_end - SZ_2G), VMALLOC_START)
+#else
+#define VMALLOC_MODULE_START	VMALLOC_START
+#endif
+
 void *module_alloc(unsigned long size)
 {
 	return __vmalloc_node_range(size, 1, VMALLOC_MODULE_START,
 				    VMALLOC_END, GFP_KERNEL,
-				    PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,
+				    PAGE_KERNEL, 0, NUMA_NO_NODE,
 				    __builtin_return_address(0));
 }
 #endif