From patchwork Thu Mar 30 07:44:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hoeun Ryu X-Patchwork-Id: 9653127 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 84AC3602BD for ; Thu, 30 Mar 2017 07:44:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 77036277D9 for ; Thu, 30 Mar 2017 07:44:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6BC1628579; Thu, 30 Mar 2017 07:44:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 2B44A277D9 for ; Thu, 30 Mar 2017 07:44:31 +0000 (UTC) Received: (qmail 8167 invoked by uid 550); 30 Mar 2017 07:44:29 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 8108 invoked from network); 30 Mar 2017 07:44:19 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=J9Tf6Q/2evjFdEOgvakKL8bx92Ka72yvPM/GrVJBBbk=; b=Oe6OU7h3iX1/rjKGLNxockcbUa2A0CEsDUf5gJjxxVUJyh7RGYgBe29oxWNsvGsh22 dxHjgDvK1CYmi4QKow0/GM5LDo1a3VpW+i6rt262udM0IokB1qP+QPYmAAiVDQJTFX0g KraOiZXYT/+VeI1x/UHDEm6+YJ6R2X23Hk8P7Z57cYEx0iGwVA2GkQskLF6F4COwWKiu +VPaumSv8+RiwUfjswZ6vlGYvZd86i8KGo6Q5sc9EVxauKqXkAoijF/Y4ce0+JjoInOt 6kVwshKeEj26bV8nR7b0D9LqrvoRQQ+joV/YtOSDZAE1q0NGQ0/ESgsNCUC38li6lDNW 0ZQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=J9Tf6Q/2evjFdEOgvakKL8bx92Ka72yvPM/GrVJBBbk=; b=J62fALmnNVnA4Ht9n/07bJTKkxtp/418TsPr44iZXqXi3iWqpJfHtmpCGjh6NwAl9R YnoEFfhy/1YyXz4aZ2f3mwHRxprOxcrfeXv9NpSlYCnRc3dt77/RyaG2uHODjxE50mMb bD9+GukE8zjXCiAKhrCnlSLsSS1MpVV76D8Y7qyjAGteZD5FGzFCa/2E4QXvr/e5bBaU kVrLtWcOzUHRMZhyWGvORXbuJtnAyAHcLEvFv80wfprgyGdqNHPjiuxuhARSLy8lr/ai M0M+GrieLeIxmfWD/xKZWVWBnC7r7lthe26Svp+7xwwDvExHegRTVG9qc+AIaVEmJ/8l +Nwg== X-Gm-Message-State: AFeK/H11qy0LT+0rAXeAbKGd5CmBcc9xk2c9vb5Z43YUVoS0GNbZmr8vZK9QDW7KmqemBA== X-Received: by 10.98.103.75 with SMTP id b72mr4555104pfc.105.1490859847706; Thu, 30 Mar 2017 00:44:07 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\)) From: Ho-Eun Ryu In-Reply-To: Date: Thu, 30 Mar 2017 16:44:02 +0900 Cc: "kernel-hardening@lists.openwall.com" , Mark Rutland , Andy Lutomirski , PaX Team , Emese Revfy , Russell King , "x86@kernel.org" , LKML , "linux-arm-kernel@lists.infradead.org" Message-Id: <466B31B4-0535-44EE-B0F0-F758A79A7B4F@gmail.com> References: <1490811363-93944-1-git-send-email-keescook@chromium.org> <1490811363-93944-2-git-send-email-keescook@chromium.org> To: Kees Cook X-Mailer: Apple Mail (2.3259) Subject: [kernel-hardening] Re: [RFC v2][PATCH 01/11] Introduce rare_write() infrastructure X-Virus-Scanned: ClamAV using ClamSMTP > On 30 Mar 2017, at 3:23 AM, Kees Cook wrote: > > On Wed, Mar 29, 2017 at 11:15 AM, Kees Cook wrote: >> +/* >> + * Build "write rarely" infrastructure for flipping memory r/w >> + * on a per-CPU basis. >> + */ >> +#ifndef CONFIG_HAVE_ARCH_RARE_WRITE >> +# define __wr_rare >> +# define __wr_rare_type >> +# define __rare_write(__var, __val) (__var = (__val)) >> +# define rare_write_begin() do { } while (0) >> +# define rare_write_end() do { } while (0) >> +#else >> +# define __wr_rare __ro_after_init >> +# define __wr_rare_type const >> +# ifdef CONFIG_HAVE_ARCH_RARE_WRITE_MEMCPY >> +# define __rare_write_n(dst, src, len) ({ \ >> + BUILD_BUG(!builtin_const(len)); \ >> + __arch_rare_write_memcpy((dst), (src), (len)); \ >> + }) >> +# define __rare_write(var, val) __rare_write_n(&(var), &(val), sizeof(var)) >> +# else >> +# define __rare_write(var, val) ((*(typeof((typeof(var))0) *)&(var)) = (val)) >> +# endif >> +# define rare_write_begin() __arch_rare_write_begin() >> +# define rare_write_end() __arch_rare_write_end() >> +#endif >> +#define rare_write(__var, __val) ({ \ >> + rare_write_begin(); \ >> + __rare_write(__var, __val); \ >> + rare_write_end(); \ >> + __var; \ >> +}) >> + > > Of course, only after sending this do I realize that the MEMCPY case > will need to be further adjusted, since it currently can't take > literals. I guess something like this needs to be done: > > #define __rare_write(var, val) ({ \ > typeof(var) __src = (val); \ > __rare_write_n(&(var), &(__src), sizeof(var)); \ > }) > Right, and it has a problem with BUILD_BUG, which causes compilation error when CONFIG_HABE_ARCH_RARE_WRITE_MEMCPY is true BUILD_BUG is defined in but includes Please see the following. ) # endif > -Kees > > -- > Kees Cook > Pixel Security diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 3334fa9..3fa50e1 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -350,11 +350,11 @@ static __always_inline void __write_once_size(volatile vo\ id *p, void *res, int s # define __wr_rare __ro_after_init # define __wr_rare_type const # ifdef CONFIG_HAVE_ARCH_RARE_WRITE_MEMCPY -# define __rare_write_n(dst, src, len) ({ \ - BUILD_BUG(!builtin_const(len)); \ - __arch_rare_write_memcpy((dst), (src), (len)); \ +# define __rare_write_n(var, val, len) ({ \ + typeof(val) __val = val; \ + __arch_rare_write_memcpy(&(var), &(__val), (len)); \ }) -# define __rare_write(var, val) __rare_write_n(&(var), &(val), sizeof(var)) +# define __rare_write(var, val) __rare_write_n((var), (val), sizeof(var)) # else # define __rare_write(var, val) ((*(typeof((typeof(var))0) *)&(var)) = (val)\