Jordan Niethe <jniet...@gmail.com> writes:
> On Mon, May 17, 2021 at 4:37 PM Christophe Leroy
> <christophe.le...@csgroup.eu> wrote:
>> Le 17/05/2021 à 05:28, Jordan Niethe a écrit :
>> > Make module_alloc() use PAGE_KERNEL protections instead of
>> > PAGE_KERNEL_EXEX if Strict Module RWX is enabled.
>> >
>> > Signed-off-by: Jordan Niethe <jniet...@gmail.com>
>> > ---
>> > v14: - Split out from powerpc: Set ARCH_HAS_STRICT_MODULE_RWX
>> > - Add and use strict_module_rwx_enabled() helper
>> > ---
>> > arch/powerpc/include/asm/mmu.h | 5 +++++
>> > arch/powerpc/kernel/module.c | 4 +++-
>> > 2 files changed, 8 insertions(+), 1 deletion(-)
>> >
>> > diff --git a/arch/powerpc/include/asm/mmu.h
>> > b/arch/powerpc/include/asm/mmu.h
>> > index 607168b1aef4..7710bf0cbf8a 100644
>> > --- a/arch/powerpc/include/asm/mmu.h
>> > +++ b/arch/powerpc/include/asm/mmu.h
>> > @@ -357,6 +357,11 @@ static inline bool strict_kernel_rwx_enabled(void)
>> > return false;
>> > }
>> > #endif
>> > +
>> > +static inline bool strict_module_rwx_enabled(void)
>> > +{
>> > + return IS_ENABLED(CONFIG_STRICT_MODULE_RWX) &&
>> > strict_kernel_rwx_enabled();
>> > +}
>>
>> Looking at arch/Kconfig, I have the feeling that it is possible to select
>> CONFIG_STRICT_MODULE_RWX
>> without selecting CONFIG_STRICT_KERNEL_RWX.
>>
>> In that case, strict_kernel_rwx_enabled() will return false.
> Ok, if someone did that currently it would break things, e.g. code
> patching. I think it should it be made impossible to
> CONFIG_STRICT_MODULE_RWX without CONFIG_STRICT_KERNEL_RWX?
Yeah I don't see any reason to support that combination.
We should be moving to a world where both are on by default, or in fact
are always enabled.
cheers
