From patchwork Wed May 10 17:44:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Micay X-Patchwork-Id: 9720281 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 757216035D for ; Wed, 10 May 2017 17:45:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9420E28623 for ; Wed, 10 May 2017 17:45:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8580328627; Wed, 10 May 2017 17:45:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id CC20728623 for ; Wed, 10 May 2017 17:45:10 +0000 (UTC) Received: (qmail 17454 invoked by uid 550); 10 May 2017 17:45:09 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 17428 invoked from network); 10 May 2017 17:45:07 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=GO124xhSU4hNijEZH5Q981U/v2LFnRFVX3XHlS5c/jY=; b=P8EI5CznYJAQ9MoXGN5udY5E4XTLx/5dDzyoxj7T40CZrH4gV9rc1REoUmu8V8ezFB 1PmOMvUBqCTJbK3M7eohZMdlfzQ1u2SLKK0rYey/DNIs5oeQCcEw4UAgWCHMOCTIWswt ZWbPblpM7AuYnEkCsvn7SsVubD1M6QIzgDX/MECvqodguTyo3My2whSWoYu942Pxhsbh FiCLeKLZyodOoEmHpgB0O70dSl7I3sr5IQqLDfynx5w1zm+mhFJoXNqPZIxBm32hGx+A QqzJ0xihX1LhQPZL/A2/QGy6RXuuIHv2tYlCtWhdLrq5ZwPUhpHivGgRivWV1gFczvaz wxdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=GO124xhSU4hNijEZH5Q981U/v2LFnRFVX3XHlS5c/jY=; b=CfBoNzmMVW4fBVaAUB0/NJDkF078WESBQCup9TPdcGRl7TtIc0A767toPHDSvd7xKs YfIrLUTeUv7kkHcOWxlNza9fuuQSpbF39U7zQyGGMOc/AbO53qGJWGgZvJT9/pqNuns0 WzuQGF7G8JuRWWS7hiUukIGf6XfwF+7jj2FbfQiVwXgPYmzLwipoRQboPhMFqTjcWRGW Hq7wfo1pkhDmShteNnVcvVMzJzTTb0E6LLlR9wsfbyvVBJ3IJNXYqqmmnYJpX0m8Yqpe rIArRS476xP2v6j2egKnqJH4+QqZUoDK9Hs9MnVHbEl8ZFj918ol8Y3CrJJ/hCaWD3eV lORQ== X-Gm-Message-State: AODbwcBba/qahWINhmGh31dh4k9ylOKHqfOEMs5KluCzpNRg+/TpZuHJ JcrJGccNpnINkg== X-Received: by 10.107.20.216 with SMTP id 207mr4444824iou.48.1494438296036; Wed, 10 May 2017 10:44:56 -0700 (PDT) From: Daniel Micay To: Andrew Morton , linux-mm@kvack.org Cc: Kees Cook , kernel-hardening@lists.openwall.com, Daniel Micay Date: Wed, 10 May 2017 13:44:41 -0400 Message-Id: <20170510174441.26163-1-danielmicay@gmail.com> X-Mailer: git-send-email 2.12.2 Subject: [kernel-hardening] [PATCH] mark protection_map as __ro_after_init X-Virus-Scanned: ClamAV using ClamSMTP The protection map is only modified by per-arch init code so it can be protected from writes after the init code runs. This change was extracted from PaX where it's part of KERNEXEC. Signed-off-by: Daniel Micay Acked-by: Kees Cook --- mm/mmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/mmap.c b/mm/mmap.c index f82741e199c0..3bd5ecd20d4d 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -94,7 +94,7 @@ static void unmap_region(struct mm_struct *mm, * w: (no) no * x: (yes) yes */ -pgprot_t protection_map[16] = { +pgprot_t protection_map[16] __ro_after_init = { __P000, __P001, __P010, __P011, __P100, __P101, __P110, __P111, __S000, __S001, __S010, __S011, __S100, __S101, __S110, __S111 };