Re: rwx mapping between ex_table and rodata

2015-10-02 Thread Ingo Molnar
* Kees Cook wrote: > On Thu, Oct 1, 2015 at 2:12 AM, Ingo Molnar wrote: > > > > * Thomas Gleixner wrote: > > > >> On Mon, 28 Sep 2015, Kees Cook wrote: > >> > > --- a/arch/x86/mm/init_64.c > >> > > +++ b/arch/x86/mm/init_64.c > >> > > @@ -1132,7 +1132,7 @@ void mark_rodata_ro(void) > >> > >

Re: rwx mapping between ex_table and rodata

2015-10-02 Thread Ingo Molnar
* Kees Cook wrote: > On Thu, Oct 1, 2015 at 2:12 AM, Ingo Molnar wrote: > > > > * Thomas Gleixner wrote: > > > >> On Mon, 28 Sep 2015, Kees Cook wrote: > >> > > --- a/arch/x86/mm/init_64.c > >> > > +++ b/arch/x86/mm/init_64.c > >> >

Re: rwx mapping between ex_table and rodata

2015-10-01 Thread Kees Cook
On Thu, Oct 1, 2015 at 2:12 AM, Ingo Molnar wrote: > > * Thomas Gleixner wrote: > >> On Mon, 28 Sep 2015, Kees Cook wrote: >> > > --- a/arch/x86/mm/init_64.c >> > > +++ b/arch/x86/mm/init_64.c >> > > @@ -1132,7 +1132,7 @@ void mark_rodata_ro(void) >> > > * has been zapped already via

Re: rwx mapping between ex_table and rodata

2015-10-01 Thread Ingo Molnar
* Thomas Gleixner wrote: > On Mon, 28 Sep 2015, Kees Cook wrote: > > > --- a/arch/x86/mm/init_64.c > > > +++ b/arch/x86/mm/init_64.c > > > @@ -1132,7 +1132,7 @@ void mark_rodata_ro(void) > > > * has been zapped already via cleanup_highmem(). > > > */ > > > all_end =

Re: rwx mapping between ex_table and rodata

2015-10-01 Thread Thomas Gleixner
On Mon, 28 Sep 2015, Kees Cook wrote: > > --- a/arch/x86/mm/init_64.c > > +++ b/arch/x86/mm/init_64.c > > @@ -1132,7 +1132,7 @@ void mark_rodata_ro(void) > > * has been zapped already via cleanup_highmem(). > > */ > > all_end = roundup((unsigned long)_brk_end, PMD_SIZE);

Re: rwx mapping between ex_table and rodata

2015-10-01 Thread Ingo Molnar
* Kees Cook wrote: > On Mon, Sep 28, 2015 at 7:11 AM, Stephen Smalley wrote: > > On 09/24/2015 06:25 PM, Kees Cook wrote: > >> On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley > >> wrote: > >>> Hi, > >>> > >>> With the attached config and 4.3-rc2 on x86_64, I see the following in > >>>

Re: rwx mapping between ex_table and rodata

2015-10-01 Thread Kees Cook
On Thu, Oct 1, 2015 at 2:12 AM, Ingo Molnar wrote: > > * Thomas Gleixner wrote: > >> On Mon, 28 Sep 2015, Kees Cook wrote: >> > > --- a/arch/x86/mm/init_64.c >> > > +++ b/arch/x86/mm/init_64.c >> > > @@ -1132,7 +1132,7 @@ void mark_rodata_ro(void) >> > >

Re: rwx mapping between ex_table and rodata

2015-10-01 Thread Ingo Molnar
* Kees Cook wrote: > On Mon, Sep 28, 2015 at 7:11 AM, Stephen Smalley wrote: > > On 09/24/2015 06:25 PM, Kees Cook wrote: > >> On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley > >> wrote: > >>> Hi, > >>> > >>> With the attached

Re: rwx mapping between ex_table and rodata

2015-10-01 Thread Thomas Gleixner
On Mon, 28 Sep 2015, Kees Cook wrote: > > --- a/arch/x86/mm/init_64.c > > +++ b/arch/x86/mm/init_64.c > > @@ -1132,7 +1132,7 @@ void mark_rodata_ro(void) > > * has been zapped already via cleanup_highmem(). > > */ > > all_end = roundup((unsigned long)_brk_end, PMD_SIZE);

Re: rwx mapping between ex_table and rodata

2015-10-01 Thread Ingo Molnar
* Thomas Gleixner wrote: > On Mon, 28 Sep 2015, Kees Cook wrote: > > > --- a/arch/x86/mm/init_64.c > > > +++ b/arch/x86/mm/init_64.c > > > @@ -1132,7 +1132,7 @@ void mark_rodata_ro(void) > > > * has been zapped already via cleanup_highmem(). > > > */ > > >

Re: rwx mapping between ex_table and rodata

2015-09-28 Thread H. Peter Anvin
Need to fix. Not sure where the rwx mapping comes from. On September 28, 2015 3:05:33 PM PDT, Kees Cook wrote: >On Mon, Sep 28, 2015 at 2:16 PM, H. Peter Anvin wrote: >> On 09/25/2015 12:22 AM, Ingo Molnar wrote: To me it looks like another alignment/padding issue like got fixed

Re: rwx mapping between ex_table and rodata

2015-09-28 Thread Kees Cook
On Mon, Sep 28, 2015 at 2:16 PM, H. Peter Anvin wrote: > On 09/25/2015 12:22 AM, Ingo Molnar wrote: >>> >>> To me it looks like another alignment/padding issue like got fixed >>> before. The space between __ex_table and rodata is (seems?) unused, so >>> the default page table permissions end up

Re: rwx mapping between ex_table and rodata

2015-09-28 Thread H. Peter Anvin
On 09/25/2015 12:22 AM, Ingo Molnar wrote: >> >> To me it looks like another alignment/padding issue like got fixed >> before. The space between __ex_table and rodata is (seems?) unused, so >> the default page table permissions end up being W+X. Can we fix the >> default to be NX instead? It'll

Re: rwx mapping between ex_table and rodata

2015-09-28 Thread Kees Cook
On Mon, Sep 28, 2015 at 7:11 AM, Stephen Smalley wrote: > On 09/24/2015 06:25 PM, Kees Cook wrote: >> On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote: >>> Hi, >>> >>> With the attached config and 4.3-rc2 on x86_64, I see the following in >>> /sys/kernel/debug/kernel_page_tables: >>> ...

Re: rwx mapping between ex_table and rodata

2015-09-28 Thread Stephen Smalley
On 09/24/2015 06:25 PM, Kees Cook wrote: > On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote: >> Hi, >> >> With the attached config and 4.3-rc2 on x86_64, I see the following in >> /sys/kernel/debug/kernel_page_tables: >> ... >> ---[ High Kernel Mapping ]--- >>

Re: rwx mapping between ex_table and rodata

2015-09-28 Thread Kees Cook
On Mon, Sep 28, 2015 at 7:11 AM, Stephen Smalley wrote: > On 09/24/2015 06:25 PM, Kees Cook wrote: >> On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote: >>> Hi, >>> >>> With the attached config and 4.3-rc2 on x86_64, I see the following in >>>

Re: rwx mapping between ex_table and rodata

2015-09-28 Thread H. Peter Anvin
On 09/25/2015 12:22 AM, Ingo Molnar wrote: >> >> To me it looks like another alignment/padding issue like got fixed >> before. The space between __ex_table and rodata is (seems?) unused, so >> the default page table permissions end up being W+X. Can we fix the >> default to be NX instead? It'll

Re: rwx mapping between ex_table and rodata

2015-09-28 Thread Stephen Smalley
On 09/24/2015 06:25 PM, Kees Cook wrote: > On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote: >> Hi, >> >> With the attached config and 4.3-rc2 on x86_64, I see the following in >> /sys/kernel/debug/kernel_page_tables: >> ... >> ---[ High Kernel Mapping ]--- >>

Re: rwx mapping between ex_table and rodata

2015-09-28 Thread H. Peter Anvin
Need to fix. Not sure where the rwx mapping comes from. On September 28, 2015 3:05:33 PM PDT, Kees Cook wrote: >On Mon, Sep 28, 2015 at 2:16 PM, H. Peter Anvin wrote: >> On 09/25/2015 12:22 AM, Ingo Molnar wrote: To me it looks like another

Re: rwx mapping between ex_table and rodata

2015-09-28 Thread Kees Cook
On Mon, Sep 28, 2015 at 2:16 PM, H. Peter Anvin wrote: > On 09/25/2015 12:22 AM, Ingo Molnar wrote: >>> >>> To me it looks like another alignment/padding issue like got fixed >>> before. The space between __ex_table and rodata is (seems?) unused, so >>> the default page table

Re: rwx mapping between ex_table and rodata

2015-09-26 Thread Kees Cook
On Fri, Sep 25, 2015 at 12:22 AM, Ingo Molnar wrote: > > * Kees Cook wrote: > >> On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote: >> > Hi, >> > >> > With the attached config and 4.3-rc2 on x86_64, I see the following in >> > /sys/kernel/debug/kernel_page_tables: >> > ... >> > ---[ High

Re: rwx mapping between ex_table and rodata

2015-09-26 Thread Kees Cook
On Fri, Sep 25, 2015 at 12:22 AM, Ingo Molnar wrote: > > * Kees Cook wrote: > >> On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote: >> > Hi, >> > >> > With the attached config and 4.3-rc2 on x86_64, I see the following in >> >

Re: rwx mapping between ex_table and rodata

2015-09-25 Thread Ingo Molnar
* Kees Cook wrote: > On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote: > > Hi, > > > > With the attached config and 4.3-rc2 on x86_64, I see the following in > > /sys/kernel/debug/kernel_page_tables: > > ... > > ---[ High Kernel Mapping ]--- > > 0x8000-0x8100

Re: rwx mapping between ex_table and rodata

2015-09-25 Thread Ingo Molnar
* Kees Cook wrote: > On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote: > > Hi, > > > > With the attached config and 4.3-rc2 on x86_64, I see the following in > > /sys/kernel/debug/kernel_page_tables: > > ... > > ---[ High Kernel Mapping ]--- > > 0x8000-0x8100

Re: rwx mapping between ex_table and rodata

2015-09-25 Thread Ingo Molnar
* Kees Cook wrote: > On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote: > > Hi, > > > > With the attached config and 4.3-rc2 on x86_64, I see the following in > > /sys/kernel/debug/kernel_page_tables: > > ... > > ---[ High Kernel Mapping ]--- >

Re: rwx mapping between ex_table and rodata

2015-09-25 Thread Ingo Molnar
* Kees Cook wrote: > On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote: > > Hi, > > > > With the attached config and 4.3-rc2 on x86_64, I see the following in > > /sys/kernel/debug/kernel_page_tables: > > ... > > ---[ High Kernel Mapping ]--- >

Re: rwx mapping between ex_table and rodata

2015-09-24 Thread Kees Cook
On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote: > Hi, > > With the attached config and 4.3-rc2 on x86_64, I see the following in > /sys/kernel/debug/kernel_page_tables: > ... > ---[ High Kernel Mapping ]--- > 0x8000-0x8100 16M

Re: rwx mapping between ex_table and rodata

2015-09-24 Thread Kees Cook
On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote: > Hi, > > With the attached config and 4.3-rc2 on x86_64, I see the following in > /sys/kernel/debug/kernel_page_tables: > ... > ---[ High Kernel Mapping ]--- > 0x8000-0x8100 16M