Page MenuHomeFreeBSD
Differential D15815

Set page permissions for kernel modules
Needs ReviewPublic
Actions

Authored by jtl on Jun 14 2018, 11:27 PM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 20 2023, 8:29 AM
Unknown Object (File)
Sep 6 2023, 5:56 PM
Unknown Object (File)
Jan 14 2023, 5:52 AM
Subscribers
dab
imp

Details

Reviewers
alc
markj
kib
jhb
Summary

Set page permissions for kernel modules based on each section's flags.

In order to separate sections with different permissions, we need to put them in different pages. This will result in some extra memory usage to segregate sections on permission boundaries.

The most complicated bit of this is dealing with previous versions of the boot loader which put pages with different permissions on the same page. They can also leave "holes" at any point in the memory.

Test Plan

I created two kernel modules: one which puts executable code in the BSS and an integer in a read-only section; and another module which tries to write to the integer and execute the code. After the changes, I correctly got page faults.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 17288
Build 17125: arc lint + arc unit

Event Timeline

jtl created this revision.Jun 14 2018, 11:27 PM
Harbormaster completed remote builds in B17288: Diff 43791.Jun 14 2018, 11:27 PM
jhb added inline comments.Jun 14 2018, 11:41 PM
stand/common/load_elf_obj.c
236

This probably breaks debuggers. Debuggers assume loadable sections (SHF_ALLOC) are loaded contiguously into memory honoring alignment, but not with any other gaps. You can tell if kgdb is able to resolve global symbol names to their correct locations (e.g. does 'p foo' where 'foo' is some global variable in a module return the right results). The so-type KLDs that link_elf.c/load_elf.c load probably don't suffer from this as there we load PT_LOAD segments which already account for this sort of thing. You should fix the permissions on those though while you are at it. The amd64 kernel uses link_elf.c/load_elf.c for example rather than the _obj variants. Kernel modules on all other archs besides amd64 and mips also use link_elf.c/load_elf.c (e.g. i386, but also arm)

jtl added inline comments.Jun 15 2018, 1:59 AM
stand/common/load_elf_obj.c
236

This probably breaks debuggers.

*sigh* You are, of course, correct.

OK, I'll need to rework this quite a bit.

The so-type KLDs that link_elf.c/load_elf.c load probably don't suffer from this as there we load PT_LOAD segments which already account for this sort of thing. You should fix the permissions on those though while you are at it.

Yes, I was planning on tackling them next. But, it sounds like I sort of already wrote the code they need. :-)

FWIW, I probably won't get to revisiting this until Monday.

Thanks for the feedback!

markj added a comment.Nov 29 2021, 4:07 PM

I believe this is superseded by commit 1d9eae9fb2e2253ca3d3764a5cc7f124b10e358b .

Herald added a subscriber: dab. · View Herald TranscriptNov 29 2021, 4:07 PM

Revision Contents
Changeset List

PathSize
stand/
common/
12 lines
sys/
kern/
407 lines
sys/
6 lines

Diff 43791

View Options

stand/common/load_elf_obj.c

Loading...
View Options

sys/kern/link_elf_obj.c

Loading...
View Options

sys/sys/link_elf.h

Loading...