From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Fri, 5 Jun 2020 19:31:16 +0000 (-0700)
Subject: Merge tag 'modules-for-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu... 
X-Git-Tag: v5.8-rc1~133
X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=084623e468d535d98f883cc2ccf2c4fdf2108556;p=linux-2.6-block.git

Merge tag 'modules-for-v5.8' of git://git./linux/kernel/git/jeyu/linux

Pull module updates from Jessica Yu:

 - Harden CONFIG_STRICT_MODULE_RWX by rejecting any module that has
   SHF_WRITE|SHF_EXECINSTR sections

 - Remove and clean up nested #ifdefs, as it makes code hard to read

* tag 'modules-for-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux:
  module: Harden STRICT_MODULE_RWX
  module: break nested ARCH_HAS_STRICT_MODULE_RWX and STRICT_MODULE_RWX #ifdefs
---

084623e468d535d98f883cc2ccf2c4fdf2108556
diff --cc kernel/module.c
index bca993c5f1bc,70fc20583e66..ef400c389f49
--- a/kernel/module.c
+++ b/kernel/module.c
@@@ -2026,20 -2052,29 +2042,29 @@@ static void module_enable_nx(const stru
  	frob_writable_data(&mod->init_layout, set_memory_nx);
  }
  
+ static int module_enforce_rwx_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
+ 				       char *secstrings, struct module *mod)
+ {
+ 	const unsigned long shf_wx = SHF_WRITE|SHF_EXECINSTR;
+ 	int i;
+ 
+ 	for (i = 0; i < hdr->e_shnum; i++) {
+ 		if ((sechdrs[i].sh_flags & shf_wx) == shf_wx)
+ 			return -ENOEXEC;
+ 	}
+ 
+ 	return 0;
+ }
+ 
  #else /* !CONFIG_STRICT_MODULE_RWX */
 -/* module_{enable,disable}_ro() stubs are in module.h */
  static void module_enable_nx(const struct module *mod) { }
 +static void module_enable_ro(const struct module *mod, bool after_init) {}
- #endif /*  CONFIG_STRICT_MODULE_RWX */
- static void module_enable_x(const struct module *mod)
+ static int module_enforce_rwx_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
+ 				       char *secstrings, struct module *mod)
  {
- 	frob_text(&mod->core_layout, set_memory_x);
- 	frob_text(&mod->init_layout, set_memory_x);
+ 	return 0;
  }
- #else /* !CONFIG_ARCH_HAS_STRICT_MODULE_RWX */
- static void module_enable_nx(const struct module *mod) { }
- static void module_enable_x(const struct module *mod) { }
- #endif /* CONFIG_ARCH_HAS_STRICT_MODULE_RWX */
- 
+ #endif /*  CONFIG_STRICT_MODULE_RWX */
  
  #ifdef CONFIG_LIVEPATCH
  /*