| Message ID | 20210413001110.7209bae6@xhacker (mailing list archive) |
|---|---|
| Headers | show |
| Series | riscv: improve self-protection | expand |
On Mon, Apr 12, 2021 at 9:46 PM Jisheng Zhang <jszhang3@mail.ustc.edu.cn> wrote: > > From: Jisheng Zhang <jszhang@kernel.org> > > patch1 removes the non-necessary setup_zero_page() > patch2 is a trivial improvement patch to move some functions to .init > section > > Then following patches improve self-protection by: > > Marking some variables __ro_after_init > Constifing some variables > Enabling ARCH_HAS_STRICT_MODULE_RWX > > Hi Anup, > > I kept the __init modification to trap_init(), I will cook a trivial > series to provide a __weak but NULL trap_init() implementation in > init/main.c then remove all NULL implementation from all arch. Yes, it makes sense to do this as a separate series. Regards, Anup > > Thanks > > Since v2: > - collect Reviewed-by tag > - add one patch to remove unnecessary setup_zero_page() > > Since v1: > - no need to move bpf_jit_alloc_exec() and bpf_jit_free_exec() to core > because RV32 uses the default module_alloc() for jit code which also > meets W^X after patch8 > - fix a build error caused by local debug code clean up > > > Jisheng Zhang (10): > riscv: mm: Remove setup_zero_page() > riscv: add __init section marker to some functions > riscv: Mark some global variables __ro_after_init > riscv: Constify sys_call_table > riscv: Constify sbi_ipi_ops > riscv: kprobes: Implement alloc_insn_page() > riscv: bpf: Write protect JIT code > riscv: bpf: Avoid breaking W^X on RV64 > riscv: module: Create module allocations without exec permissions > riscv: Set ARCH_HAS_STRICT_MODULE_RWX if MMU > > arch/riscv/Kconfig | 1 + > arch/riscv/include/asm/smp.h | 4 ++-- > arch/riscv/include/asm/syscall.h | 2 +- > arch/riscv/kernel/cpufeature.c | 2 +- > arch/riscv/kernel/module.c | 10 ++++++++-- > arch/riscv/kernel/probes/kprobes.c | 8 ++++++++ > arch/riscv/kernel/sbi.c | 10 +++++----- > arch/riscv/kernel/smp.c | 6 +++--- > arch/riscv/kernel/syscall_table.c | 2 +- > arch/riscv/kernel/time.c | 2 +- > arch/riscv/kernel/traps.c | 2 +- > arch/riscv/kernel/vdso.c | 4 ++-- > arch/riscv/mm/init.c | 16 +++++----------- > arch/riscv/mm/kasan_init.c | 6 +++--- > arch/riscv/mm/ptdump.c | 2 +- > arch/riscv/net/bpf_jit_comp64.c | 2 +- > arch/riscv/net/bpf_jit_core.c | 1 + > 17 files changed, 45 insertions(+), 35 deletions(-) > > -- > 2.31.0 > >
From: Jisheng Zhang <jszhang@kernel.org> patch1 removes the non-necessary setup_zero_page() patch2 is a trivial improvement patch to move some functions to .init section Then following patches improve self-protection by: Marking some variables __ro_after_init Constifing some variables Enabling ARCH_HAS_STRICT_MODULE_RWX Hi Anup, I kept the __init modification to trap_init(), I will cook a trivial series to provide a __weak but NULL trap_init() implementation in init/main.c then remove all NULL implementation from all arch. Thanks Since v2: - collect Reviewed-by tag - add one patch to remove unnecessary setup_zero_page() Since v1: - no need to move bpf_jit_alloc_exec() and bpf_jit_free_exec() to core because RV32 uses the default module_alloc() for jit code which also meets W^X after patch8 - fix a build error caused by local debug code clean up Jisheng Zhang (10): riscv: mm: Remove setup_zero_page() riscv: add __init section marker to some functions riscv: Mark some global variables __ro_after_init riscv: Constify sys_call_table riscv: Constify sbi_ipi_ops riscv: kprobes: Implement alloc_insn_page() riscv: bpf: Write protect JIT code riscv: bpf: Avoid breaking W^X on RV64 riscv: module: Create module allocations without exec permissions riscv: Set ARCH_HAS_STRICT_MODULE_RWX if MMU arch/riscv/Kconfig | 1 + arch/riscv/include/asm/smp.h | 4 ++-- arch/riscv/include/asm/syscall.h | 2 +- arch/riscv/kernel/cpufeature.c | 2 +- arch/riscv/kernel/module.c | 10 ++++++++-- arch/riscv/kernel/probes/kprobes.c | 8 ++++++++ arch/riscv/kernel/sbi.c | 10 +++++----- arch/riscv/kernel/smp.c | 6 +++--- arch/riscv/kernel/syscall_table.c | 2 +- arch/riscv/kernel/time.c | 2 +- arch/riscv/kernel/traps.c | 2 +- arch/riscv/kernel/vdso.c | 4 ++-- arch/riscv/mm/init.c | 16 +++++----------- arch/riscv/mm/kasan_init.c | 6 +++--- arch/riscv/mm/ptdump.c | 2 +- arch/riscv/net/bpf_jit_comp64.c | 2 +- arch/riscv/net/bpf_jit_core.c | 1 + 17 files changed, 45 insertions(+), 35 deletions(-)