From patchwork Wed Jan 18 13:53:10 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jinbum Park <jinb.park7@gmail.com>
X-Patchwork-Id: 9523941
Return-Path: 
 <kernel-hardening-return-6050-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	5BD1E601C3 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed, 18 Jan 2017 13:53:33 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4E72828477
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed, 18 Jan 2017 13:53:33 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 42F2E285EE; Wed, 18 Jan 2017 13:53:33 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 2A2EA28477
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed, 18 Jan 2017 13:53:31 +0000 (UTC)
Received: (qmail 22241 invoked by uid 550); 18 Jan 2017 13:53:29 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Reply-To: kernel-hardening@lists.openwall.com
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 22220 invoked from network); 18 Jan 2017 13:53:29 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=date:from:to:cc:subject:message-id:mime-version:content-disposition
	:user-agent; bh=pcusnLJRjocTGjjjCd4PAHfQG2F9827vy6UM5+gBUMA=;
	b=PPB5LshrAx9HQM3vTNPCvJ23ol7fNK2R95lKry8EOFM0Zpmuy3r8/dS+3p+n2XBEHi
	nAOvrKPJHS1uXxGgGZ73q4F5KH8UUa5lcJ1GjeINLSSrLj9Uf9jKA9OtMY48GHX5I5Oe
	UOWM/FekXcAR/7X3lkR7bHissH46qN4IsTDwaIVUsu8BSDUfqgRmfMyL5DKYHuzV2+nZ
	wJBuFwg7Zo01MSwTUiy2IM7akdO3YeKOYGP/gSHxvqawzRxllCIL5M8+fl6/1lArybIw
	Q0hYGpmCIa3wewqW6bBcW0lMSuOjWwgjfa/G2lYBCAHrwnqtQa5u4f1T1rGMqx3SHeYO
	YgSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
	:content-disposition:user-agent;
	bh=pcusnLJRjocTGjjjCd4PAHfQG2F9827vy6UM5+gBUMA=;
	b=BcVL+Bn3MN586PbJAy7XAqG6eHzgs+oo6yuf5nMn36+P1FWAY8Zsij/ByAcMRMXvEQ
	V7CaL4JonGXvxY5A2a1Tj5YWU5ujj9jVh+4PlV9ZQZczHt70JvRhOIf61QueAvPdkios
	YYHFXwJufmvUFX9q9If719D0CeU3NR26S+l/xrxlYaoIhvOl0MeG8CEPcjL4wVBOK/2Z
	TY+CX5XYqRuIdjWisTw0oZZBGkv+VixRSm+zp1GfE2vIrXNuuEDp9PHvVok5FLstdeUc
	3eGDaTRp9pf5JY8awL3jv5J4OeA/MrZOw8DmPWPz94DMDTmfVVbb6QysMQQClINQLfvj
	P3Kg==
X-Gm-Message-State: 
 AIkVDXLXE/8GP14LM8S8Q26aLtA7kbAEqF7+ZRZV3BR2zp4YQeUOMmPr5rkZY4H9y4QXqQ==
X-Received: by 10.84.253.2 with SMTP id z2mr5328923pll.116.1484747596648;
	Wed, 18 Jan 2017 05:53:16 -0800 (PST)
Date: Wed, 18 Jan 2017 22:53:10 +0900
From: Jinbum Park <jinb.park7@gmail.com>
To: linux@armlinux.org.uk
Cc: will.deacon@arm.com, mingo@kernel.org, andy.gross@linaro.org,
	keescook@chromium.org, vladimir.murzin@arm.com,
	f.fainelli@gmail.com, pawel.moll@arm.com, jonathan.austin@arm.com,
	mark.rutland@arm.com, ard.biesheuvel@linaro.org, labbott@redhat.com,
	arjan@linux.intel.com, paul.gortmaker@windriver.com,
	linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
	kernel-hardening@lists.openwall.com, kernel-janitors@vger.kernel.org
Message-ID: <20170118135310.GA4733@pjb1027-Latitude-E5410>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: [kernel-hardening] [PATCH] ARM: mm: add testcases for RODATA
X-Virus-Scanned: ClamAV using ClamSMTP

This patch adds testcases for the CONFIG_DEBUG_RODATA option.
It's similar to x86's testcases.
It tests read-only mapped data and page-size aligned rodata section.

Signed-off-by: Jinbum Park <jinb.park7@gmail.com>
---
 arch/arm/Kconfig.debug            |  5 +++
 arch/arm/include/asm/cacheflush.h | 10 +++++
 arch/arm/mm/Makefile              |  1 +
 arch/arm/mm/init.c                |  6 +++
 arch/arm/mm/test_rodata.c         | 80 +++++++++++++++++++++++++++++++++++++++
 5 files changed, 102 insertions(+)
 create mode 100644 arch/arm/mm/test_rodata.c

diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug
index d83f7c3..511e5e1 100644
--- a/arch/arm/Kconfig.debug
+++ b/arch/arm/Kconfig.debug
@@ -1749,6 +1749,11 @@ config DEBUG_SET_MODULE_RONX
 	  against certain classes of kernel exploits.
 	  If in doubt, say "N".
 
+config DEBUG_RODATA_TEST
+	bool "Testcase for the marking rodata read-only"
+	---help---
+	  This option enables a testcase for the setting rodata read-only.
+
 source "drivers/hwtracing/coresight/Kconfig"
 
 endmenu
diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h
index bdd283b..741e2e8 100644
--- a/arch/arm/include/asm/cacheflush.h
+++ b/arch/arm/include/asm/cacheflush.h
@@ -498,6 +498,16 @@ static inline void set_kernel_text_rw(void) { }
 static inline void set_kernel_text_ro(void) { }
 #endif
 
+#ifdef CONFIG_DEBUG_RODATA_TEST
+extern const int rodata_test_data;
+int rodata_test(void);
+#else
+static inline int rodata_test(void)
+{
+	return 0;
+}
+#endif
+
 void flush_uprobe_xol_access(struct page *page, unsigned long uaddr,
 			     void *kaddr, unsigned long len);
 
diff --git a/arch/arm/mm/Makefile b/arch/arm/mm/Makefile
index b3dea80..dbb76ff 100644
--- a/arch/arm/mm/Makefile
+++ b/arch/arm/mm/Makefile
@@ -15,6 +15,7 @@ endif
 obj-$(CONFIG_ARM_PTDUMP)	+= dump.o
 obj-$(CONFIG_MODULES)		+= proc-syms.o
 obj-$(CONFIG_DEBUG_VIRTUAL)	+= physaddr.o
+obj-$(CONFIG_DEBUG_RODATA_TEST)	+= test_rodata.o
 
 obj-$(CONFIG_ALIGNMENT_TRAP)	+= alignment.o
 obj-$(CONFIG_HIGHMEM)		+= highmem.o
diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
index 4127f57..3c15f3b 100644
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
@@ -716,6 +716,7 @@ void fix_kernmem_perms(void)
 int __mark_rodata_ro(void *unused)
 {
 	update_sections_early(ro_perms, ARRAY_SIZE(ro_perms));
+	rodata_test();
 	return 0;
 }
 
@@ -740,6 +741,11 @@ void set_kernel_text_ro(void)
 static inline void fix_kernmem_perms(void) { }
 #endif /* CONFIG_DEBUG_RODATA */
 
+#ifdef CONFIG_DEBUG_RODATA_TEST
+const int rodata_test_data = 0xC3;
+EXPORT_SYMBOL_GPL(rodata_test_data);
+#endif
+
 void free_tcmmem(void)
 {
 #ifdef CONFIG_HAVE_TCM
diff --git a/arch/arm/mm/test_rodata.c b/arch/arm/mm/test_rodata.c
new file mode 100644
index 0000000..133d092
--- /dev/null
+++ b/arch/arm/mm/test_rodata.c
@@ -0,0 +1,79 @@
+/*
+ * test_rodata.c: functional test for mark_rodata_ro function
+ *
+ * (C) Copyright 2017 Jinbum Park <jinb.park7@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; version 2
+ * of the License.
+ */
+#include <asm/cacheflush.h>
+#include <asm/sections.h>
+
+int rodata_test(void)
+{
+	unsigned long result;
+	unsigned long start, end;
+
+	/* test 1: read the value */
+	/* If this test fails, some previous testrun has clobbered the state */
+
+	if (!rodata_test_data) {
+		pr_err("rodata_test: test 1 fails (start data)\n");
+		return -ENODEV;
+	}
+
+	/* test 2: write to the variable; this should fault */
+	/*
+	 * If this test fails, we managed to overwrite the data
+	 *
+	 * This is written in assembly to be able to catch the
+	 * exception that is supposed to happen in the correct
+	 * case
+	*/
+
+	result = 1;
+	asm volatile(
+		"0:	str %[zero], [%[rodata_test]]\n"
+		"	mov %[rslt], %[zero]\n"
+		"1:\n"
+		".pushsection .text.fixup,\"ax\"\n"
+		".align 2\n"
+		"2:\n"
+		"b 1b\n"
+		".popsection\n"
+		".pushsection __ex_table,\"a\"\n"
+		".align 3\n"
+		".long 0b, 2b\n"
+		".popsection\n"
+		: [rslt] "=r" (result)
+		: [zero] "r" (0UL), [rodata_test] "r" (&rodata_test_data)
+	);
+
+	if (!result) {
+		pr_err("rodata_test: test data was not read only\n");
+		return -ENODEV;
+	}
+
+	/* test 3: check the value hasn't changed */
+	/* If this test fails, we managed to overwrite the data */
+	if (!rodata_test_data) {
+		pr_err("rodata_test: Test 3 fails (end data)\n");
+		return -ENODEV;
+	}
+
+	/* test 4: check if the rodata section is 4Kb aligned */
+	start = (unsigned long)__start_rodata;
+	end = (unsigned long)__end_rodata;
+	if (start & (PAGE_SIZE - 1)) {
+		pr_err("rodata_test: .rodata is not 4k aligned\n");
+		return -ENODEV;
+	}
+	if (end & (PAGE_SIZE - 1)) {
+		pr_err("rodata_test: .rodata end is not 4k aligned\n");
+		return -ENODEV;
+	}
+
+	return 0;
+}