From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 13501C77B7F for ; Thu, 11 May 2023 22:28:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4CD4B6B007B; Thu, 11 May 2023 18:28:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 47D006B007D; Thu, 11 May 2023 18:28:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 344A16B007E; Thu, 11 May 2023 18:28:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 24CC26B007B for ; Thu, 11 May 2023 18:28:45 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id E4C8DC05A5 for ; Thu, 11 May 2023 22:28:44 +0000 (UTC) X-FDA: 80779414968.12.28F6414 Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by imf26.hostedemail.com (Postfix) with ESMTP id 0FCFB14000C for ; Thu, 11 May 2023 22:28:42 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=fE3rVckT; spf=pass (imf26.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.180 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683844123; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=foguPMzaG5JiKYkGBK5Zqr8oTB+NWVY0GCMBbESmVbo=; b=ChCyRYwxjT+bOeZ/nxcDeQKNVNszIN2So0MJTjcek3WvPld4FBCpcfkuc87iRaSYpyRF5I iDnUlQX9Bq33MJq1cUncyqLz/VX0zSfyjw1bFzlgjwfR8Q8Kpvam+uMtsAkB2XXP7SmpmR mKTO6eDz0lVTsNud9EsKtRtqM1Vn0/M= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=fE3rVckT; spf=pass (imf26.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.180 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683844123; a=rsa-sha256; cv=none; b=hVCBkScS+XvDApSY0M3sNzaw82xdx/1az/o7nGwvi9MSDmrKFtLlSSJlYPSwnW6Fdwapgm Dgulytf5VNjJMzslZkxUj+/XShfAQjyy8j73oDhvtZ02SJuusIS/LiM4MXKd8qJvy3nblr PsgRVT/ccV97mpjDL1uTYUyU2thbtp0= Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-64ab2a37812so686361b3a.1 for ; Thu, 11 May 2023 15:28:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1683844122; x=1686436122; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=foguPMzaG5JiKYkGBK5Zqr8oTB+NWVY0GCMBbESmVbo=; b=fE3rVckTldIGJ9X79t1Tocx/fvHS8/EWaaZUWVMfpCQjD6wKu7leVkN9G5nHE7F2LC p4WBsp2m0LR3mee1GBx75i7GQ1hFNp4aJ0AeK9wRgq5DxKNNm6lsnOs+r+KExblYrhxr az+pMa5mQwMDktKT2xO108h0iA2YD2f2nwjW8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683844122; x=1686436122; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=foguPMzaG5JiKYkGBK5Zqr8oTB+NWVY0GCMBbESmVbo=; b=E1Wzv4psabaFGsfoX2FXPakaK5sINch0ThYkQGvT/GB2SMu71WOuDqNhkTuMeZD3yK k0edIZTP3gwNkHO8eD6FOE7Zl0RRIEzK6puUqfZdXDoUOkfKyuySAa85U29Xi6AgKpQj xFeMO0XndIv7pDpqWhKwyH2GTQNm7SiaaiM7FhuwSc73agOqGEDeDf27dao/Ae31M9cA /a1kzhFXlnVXrDbLGR710RePnv6zs/2X1E90CJ0Kssmd+Zvp+K3AtHIpvhaQ5cWsiuV6 9cIW9HScKJ5KPSGCW7eAyFdTkfmGl5LUajvzLrBHIlsdNjCNUbkQUmqcdS0u2Io6PrV6 RjDA== X-Gm-Message-State: AC+VfDxO3kfG4vxCsRe8K5D3I6jVBViJ1E3HbL/GwtNx6iOJjTxl+WjZ chSHj3ESnHxR0J7H6iYC5AzTXg== X-Google-Smtp-Source: ACHHUZ6mEsMPqSDmeIgz0bMbow4zeO58axDoPLJOCw723w8mEoGZDcn2G0FDhPsF6SBJe8srfCjV2Q== X-Received: by 2002:a05:6a20:8e14:b0:101:3c60:6794 with SMTP id y20-20020a056a208e1400b001013c606794mr12671176pzj.2.1683844121954; Thu, 11 May 2023 15:28:41 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id p38-20020a631e66000000b0052c766b2f52sm5515338pgm.4.2023.05.11.15.28.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 May 2023 15:28:41 -0700 (PDT) Date: Thu, 11 May 2023 15:28:40 -0700 From: Kees Cook To: Johannes Thumshirn Cc: Kent Overstreet , "linux-kernel@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" , "linux-bcachefs@vger.kernel.org" , Kent Overstreet , Andrew Morton , Uladzislau Rezki , "hch@infradead.org" , "linux-mm@kvack.org" , "linux-hardening@vger.kernel.org" Subject: Re: [PATCH 07/32] mm: Bring back vmalloc_exec Message-ID: <202305111525.67001E5C4@keescook> References: <20230509165657.1735798-1-kent.overstreet@linux.dev> <20230509165657.1735798-8-kent.overstreet@linux.dev> <3508afc0-6f03-a971-e716-999a7373951f@wdc.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3508afc0-6f03-a971-e716-999a7373951f@wdc.com> X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 0FCFB14000C X-Stat-Signature: d8o3d1ajp8rnmcptmwikndyoitgdway4 X-HE-Tag: 1683844122-860731 X-HE-Meta: U2FsdGVkX18TMX07eDJv4v8C+xPR/8OHblcVidGt4ubz+7PcwWtqgyBT8aOQ2NqHHkAOKtYgbBNxc0Q411sG/+Q/oj9Lmaxugc2ciGbkHpWXsEszgHCyNGmSgSbCS/k3UrPHFfLaS1u3elQChPGVtKC429Jbmp/L0ljtARDj1NknCrzB8WbIuK0OdSi3BWl1CZNANnxeNZ5wnDBryfvVEx3QZGQPuWz4bZjpho8x/R5bkYZ7WboxMbZfg0mBgcncmDSYRBkJ8ZrrevGO0mP7b5FxPXr1n9k+BL7pOAFudQjyRHozokPHqLSgFWkcb1Fczyr/R+Aup1fKc3I0o3Auy9tsDS9/fvh/1KG2UnIA3MRUfDIL4AWsULuFbk1E+ob7p86Hx4Ntpbm0OQlYR8s8kVib7JQx1DWfH6ksOPvK6LVno4pDGhqiuMw32stvuoWgY+G0MZ3vSXkcMte2MbbG4E2SdpXKeikTUBSOGYbsKtTN2u2cf+nBkBirQNTKGoVOdOWsF38zFsS2YZLO6hBUYFJr3KBDwlJM2f1sGUL6mRFUhrgbq6G5izye/6tV4Dk41+srYyE4Bvt8ot4GQXRbHYtzfgHI0o4Obsv5PTVHwrPY7i8VEc1HuWgEnaE/BzIrG8P2U+S7bcbgxbudlThx99S082Ie+XQ363zxwdpiz/s+J9R36AyYqstFsXgsed7yHrZh99AvTEGr/Fy0E6tKCZFApc7pIYTRV1UjIqqviNUZ0uyYjn9Jb1RClZXTDgvrTLF5lYbCq6CLm3EkaRxJ8N8Yr2dBAV4oT4pkpWoNGXOiZBLE6Ul4ByBI6V7jVRqfCBBczo0jS6MrOn2FhBICrngxwFgTdsFkUmqn/rC85ugMxWD8LouUrmJeSVNLUSi3P+I8nIcYHQC/nzhqVS5m+cdskILRyFzHq7oHpXce0IooD0qreyuIpOMdQUcz9CB0fB1zAxXSoeJ8qY1tsLF WgvkN+7C pqJTwDP517T2xWpgHi9EvpGKHSpsgNfcb1pGXUlagUSrv/iIHK8aj8GIQRX5XV0IaXWhjcQEZKw/IqIHArvmPm6CxBCkVaVK4cEyPAiuc5ug6AVRwBrHqbA5N1jhQKHU3grp2uF6JcGHTGu8i4g0E37DSkCJWp923c8jIrxJQj5wvIFT01bSlLEBOz2CxrGGcz4sbBNVmwmMvoYA5b4t29A5mP6CPb08Yr0iZ3uNlFw3BeOf9DC7rjTYTQjavTtKZXkZUPCfMEVQ+996dTBxO6t4oWqAcbNbiYQv1HNSTljTcevNK+mEaQG5yKUyLJrHVWeULevUA5bgqhrJmHRHPcgJnGBB6wcMc/WUFBqgObDJPfKm1R8FTx1hqV5MMuf00/dSLSqh1JeubxaMNRhtrQvM4dSJmqQt7lnCLE3eX9ItJxo6DXg/Pwn0Yh5w4LCJqquhv3jky2h9V0LSWePEd/5lZ621zRowwsaXQu73h2Ava00YCdhhrMHAR7kisv4BV+3z8 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000004, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, May 10, 2023 at 03:05:48PM +0000, Johannes Thumshirn wrote: > On 09.05.23 18:56, Kent Overstreet wrote: > > +/** > > + * vmalloc_exec - allocate virtually contiguous, executable memory > > + * @size: allocation size > > + * > > + * Kernel-internal function to allocate enough pages to cover @size > > + * the page level allocator and map them into contiguous and > > + * executable kernel virtual space. > > + * > > + * For tight control over page level allocator and protection flags > > + * use __vmalloc() instead. > > + * > > + * Return: pointer to the allocated memory or %NULL on error > > + */ > > +void *vmalloc_exec(unsigned long size, gfp_t gfp_mask) > > +{ > > + return __vmalloc_node_range(size, 1, VMALLOC_START, VMALLOC_END, > > + gfp_mask, PAGE_KERNEL_EXEC, VM_FLUSH_RESET_PERMS, > > + NUMA_NO_NODE, __builtin_return_address(0)); > > +} > > +EXPORT_SYMBOL_GPL(vmalloc_exec); > > Uh W+X memory reagions. > The 90s called, they want their shellcode back. Just to clarify: the kernel must never create W+X memory regions. So, no, do not reintroduce vmalloc_exec(). Dynamic code areas need to be constructed in a non-executable memory, then switched to read-only and verified to still be what was expected, and only then made executable. -- Kees Cook