| Message ID | 23980cd0f0e5d79e24a92169116407c75bcc650d.1587455584.git.zong.li@sifive.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Extract DEBUG_WX to shared use. | expand |
On Tue, Apr 21, 2020 at 04:17:12PM +0800, Zong Li wrote: > Some architectures support DEBUG_WX function, it's verbatim from each > others. Extract to mm/Kconfig.debug for shared use. > > Signed-off-by: Zong Li <zong.li@sifive.com> > Suggested-by: Palmer Dabbelt <palmer@dabbelt.com> > --- > mm/Kconfig.debug | 33 +++++++++++++++++++++++++++++++++ > 1 file changed, 33 insertions(+) > > diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug > index 0271b22e063f..077458ad968d 100644 > --- a/mm/Kconfig.debug > +++ b/mm/Kconfig.debug > @@ -118,6 +118,39 @@ config DEBUG_RODATA_TEST > ---help--- > This option enables a testcase for the setting rodata read-only. > > +config ARCH_HAS_DEBUG_WX > + bool > + > +config DEBUG_WX > + bool "Warn on W+X mappings at boot" > + depends on ARCH_HAS_DEBUG_WX > + select PTDUMP_CORE > + help > + Generate a warning if any W+X mappings are found at boot. > + > + This is useful for discovering cases where the kernel is leaving > + W+X mappings after applying NX, as such mappings are a security risk. > + This check also includes UXN, which should be set on all kernel > + mappings. "UXN" is the name of a bit in the arm64 page-table descriptors, so this should be reworded now that it's in generic help text. Will
On Mon, Apr 27, 2020 at 3:49 PM Will Deacon <will@kernel.org> wrote: > > On Tue, Apr 21, 2020 at 04:17:12PM +0800, Zong Li wrote: > > Some architectures support DEBUG_WX function, it's verbatim from each > > others. Extract to mm/Kconfig.debug for shared use. > > > > Signed-off-by: Zong Li <zong.li@sifive.com> > > Suggested-by: Palmer Dabbelt <palmer@dabbelt.com> > > --- > > mm/Kconfig.debug | 33 +++++++++++++++++++++++++++++++++ > > 1 file changed, 33 insertions(+) > > > > diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug > > index 0271b22e063f..077458ad968d 100644 > > --- a/mm/Kconfig.debug > > +++ b/mm/Kconfig.debug > > @@ -118,6 +118,39 @@ config DEBUG_RODATA_TEST > > ---help--- > > This option enables a testcase for the setting rodata read-only. > > > > +config ARCH_HAS_DEBUG_WX > > + bool > > + > > +config DEBUG_WX > > + bool "Warn on W+X mappings at boot" > > + depends on ARCH_HAS_DEBUG_WX > > + select PTDUMP_CORE > > + help > > + Generate a warning if any W+X mappings are found at boot. > > + > > + This is useful for discovering cases where the kernel is leaving > > + W+X mappings after applying NX, as such mappings are a security risk. > > + This check also includes UXN, which should be set on all kernel > > + mappings. > > "UXN" is the name of a bit in the arm64 page-table descriptors, so this > should be reworded now that it's in generic help text. > It's exactly. Sorry for missing the statement. Hi Andrew, Shall I send a next version patch to fix it? It should be "This is useful for discovering cases where the kernel is leaving W+X mappings after applying NX, as such mappings are a security risk." here. > Will
On Mon, 27 Apr 2020 16:47:47 +0800 Zong Li <zong.li@sifive.com> wrote: > > > + This is useful for discovering cases where the kernel is leaving > > > + W+X mappings after applying NX, as such mappings are a security risk. > > > + This check also includes UXN, which should be set on all kernel > > > + mappings. > > > > "UXN" is the name of a bit in the arm64 page-table descriptors, so this > > should be reworded now that it's in generic help text. > > > > It's exactly. Sorry for missing the statement. > > Hi Andrew, > Shall I send a next version patch to fix it? It should be "This is > useful for discovering cases where the kernel is leaving W+X mappings > after applying NX, as such mappings are a security risk." here. I'll add this: --- a/mm/Kconfig.debug~mm-add-debug_wx-support-fix +++ a/mm/Kconfig.debug @@ -128,8 +128,8 @@ config DEBUG_WX help Generate a warning if any W+X mappings are found at boot. - This is useful for discovering cases where the kernel is leaving - W+X mappings after applying NX, as such mappings are a security risk. + This is useful for discovering cases where the kernel is leaving W+X + mappings after applying NX, as such mappings are a security risk. This check also includes UXN, which should be set on all kernel mappings.
diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug index 0271b22e063f..077458ad968d 100644 --- a/mm/Kconfig.debug +++ b/mm/Kconfig.debug @@ -118,6 +118,39 @@ config DEBUG_RODATA_TEST ---help--- This option enables a testcase for the setting rodata read-only. +config ARCH_HAS_DEBUG_WX + bool + +config DEBUG_WX + bool "Warn on W+X mappings at boot" + depends on ARCH_HAS_DEBUG_WX + select PTDUMP_CORE + help + Generate a warning if any W+X mappings are found at boot. + + This is useful for discovering cases where the kernel is leaving + W+X mappings after applying NX, as such mappings are a security risk. + This check also includes UXN, which should be set on all kernel + mappings. + + Look for a message in dmesg output like this: + + <arch>/mm: Checked W+X mappings: passed, no W+X pages found. + + or like this, if the check failed: + + <arch>/mm: Checked W+X mappings: failed, <N> W+X pages found. + + Note that even if the check fails, your kernel is possibly + still fine, as W+X mappings are not a security hole in + themselves, what they do is that they make the exploitation + of other unfixed kernel bugs easier. + + There is no runtime or memory usage effect of this option + once the kernel has booted up - it's a one time check. + + If in doubt, say "Y". + config GENERIC_PTDUMP bool
Some architectures support DEBUG_WX function, it's verbatim from each others. Extract to mm/Kconfig.debug for shared use. Signed-off-by: Zong Li <zong.li@sifive.com> Suggested-by: Palmer Dabbelt <palmer@dabbelt.com> --- mm/Kconfig.debug | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+)