Commit 5c3a7db0 authored by Peter Zijlstra's avatar Peter Zijlstra Committed by Jessica Yu

module: Harden STRICT_MODULE_RWX

We're very close to enforcing W^X memory, refuse to load modules that
violate this principle per construction.

[jeyu: move module_enforce_rwx_sections under STRICT_MODULE_RWX as per discussion]
Link: http://lore.kernel.org/r/20200403171303.GK20760@hirez.programming.kicks-ass.netAcked-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: default avatarJessica Yu <jeyu@kernel.org>
parent db991af0
...@@ -2052,9 +2052,28 @@ static void module_enable_nx(const struct module *mod) ...@@ -2052,9 +2052,28 @@ static void module_enable_nx(const struct module *mod)
frob_writable_data(&mod->init_layout, set_memory_nx); frob_writable_data(&mod->init_layout, set_memory_nx);
} }
static int module_enforce_rwx_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
char *secstrings, struct module *mod)
{
const unsigned long shf_wx = SHF_WRITE|SHF_EXECINSTR;
int i;
for (i = 0; i < hdr->e_shnum; i++) {
if ((sechdrs[i].sh_flags & shf_wx) == shf_wx)
return -ENOEXEC;
}
return 0;
}
#else /* !CONFIG_STRICT_MODULE_RWX */ #else /* !CONFIG_STRICT_MODULE_RWX */
/* module_{enable,disable}_ro() stubs are in module.h */ /* module_{enable,disable}_ro() stubs are in module.h */
static void module_enable_nx(const struct module *mod) { } static void module_enable_nx(const struct module *mod) { }
static int module_enforce_rwx_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
char *secstrings, struct module *mod)
{
return 0;
}
#endif /* CONFIG_STRICT_MODULE_RWX */ #endif /* CONFIG_STRICT_MODULE_RWX */
#ifdef CONFIG_LIVEPATCH #ifdef CONFIG_LIVEPATCH
...@@ -3385,6 +3404,11 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) ...@@ -3385,6 +3404,11 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)
if (err < 0) if (err < 0)
return ERR_PTR(err); return ERR_PTR(err);
err = module_enforce_rwx_sections(info->hdr, info->sechdrs,
info->secstrings, info->mod);
if (err < 0)
return ERR_PTR(err);
/* We will do a special allocation for per-cpu sections later. */ /* We will do a special allocation for per-cpu sections later. */
info->sechdrs[info->index.pcpu].sh_flags &= ~(unsigned long)SHF_ALLOC; info->sechdrs[info->index.pcpu].sh_flags &= ~(unsigned long)SHF_ALLOC;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment