From patchwork Mon Apr 6 14:20:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lev R. Oshvang ." X-Patchwork-Id: 11475655 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 671CC174A for ; Mon, 6 Apr 2020 14:57:09 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id C46FD2486D for ; Mon, 6 Apr 2020 14:57:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="tt8IJLqY" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C46FD2486D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-18425-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 7864 invoked by uid 550); 6 Apr 2020 14:57:04 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Delivered-To: moderator for kernel-hardening@lists.openwall.com Received: (qmail 30184 invoked from network); 6 Apr 2020 14:21:32 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Kts4XrENlqq0ihvP+vA42+Cejujha1YSf0CBRIdHH08=; b=tt8IJLqY9reW16SwD+ljWi+YLEG/VnpZCu5gWfZ8T4ZjKheEB6HPvN276ET4a95IjW PPeVgh978RSX1Lvkt5yBOgLvnKS9kHbCybpnH6AZ03gb2YZANwtNnTYve5CUwd2VmpmF RomUFG1l7k1ya+Zfu55opCCihaoN/azIuDyQ2ctqnBM2EgCi0yPuuP2QWsXkXyxP9BAJ 2aFVmpo5StdxnTFX1JwMHE+yOSsena4vbkHCoguHM9VKUFxelCHsz35OAVE/klHWA95N BqpC87R2VrvOTnmXQ1OZvf8l2F6/FTzFTGRY4Vf9uzzwT1qTUoG6cC0O4XAztizMzQ93 SBNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Kts4XrENlqq0ihvP+vA42+Cejujha1YSf0CBRIdHH08=; b=G4q8KWok6UKaGhyoLm1w0SfiylrKzyztHI757jqQcOpybvD5VQmla+HVSsAKaXNIHZ 3juAqOHGwB+HqPB1Gz0zUzKtXof3zGmwgzdiI0MePQv+Hxj+vgOD4S+7tkQ7fr/r5Vxu nlyBqOP9SJ8kxT/nkHdKPGTM8xUlN4Y3wCMyqbbDs/xtAZwZ+uYyU5c9pxybsG1qKQ1X wIxaxulfqBW1rzyP35IdHtbeNeYbu7TvHvcXOq9jAIkwe9H0IKNjxN3NrWVJZ/SX3zzc yf1j4P9NZlFnTGypJ1XxTRxnEnt8s7uQhkM7ozTwqJFplyoFTwU0vpXJsJAUH/uXcdzv to3A== X-Gm-Message-State: AGi0PuYbadJnsiCVNkzm9N3+OpWOePf01PNYmHlk/gIcal4Gyrs73RuK qM+vY3OgF5tqcDGhI8fCKbk13VWeRrgQGw== X-Google-Smtp-Source: APiQypIWFhOG8MsYx6+Ue8jEFgmgrs1ssYSNm0Rpmeake36kaSpSTTzCwpwaZ4qqp7AwZrpkVivoug== X-Received: by 2002:adf:b6ab:: with SMTP id j43mr20047168wre.109.1586182881041; Mon, 06 Apr 2020 07:21:21 -0700 (PDT) From: Lev Olshvang To: arnd@arndb.de Cc: kernel-hardening@lists.openwall.com, Lev Olshvang Subject: [RFC PATCH 1/5] security : hardening : prevent write to proces's read-only pages from another process Date: Mon, 6 Apr 2020 17:20:41 +0300 Message-Id: <20200406142045.32522-2-levonshe@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200406142045.32522-1-levonshe@gmail.com> References: <20200406142045.32522-1-levonshe@gmail.com> The purpose of this patch is produce hardened kernel for Embedded or Production systems. Typically debuggers, such as gdb, write to read-only code [text] sections of target process.(ptrace) This kind of page protectiion violation raises minor page fault, but kernel's fault handler allows it by default. This is clearly attack surface for adversary. The proposed kernel hardening configuration option checks the type of protection of the foreign vma and blocks writes to read only vma. When enabled, it will stop attacks modifying code or jump tables, etc. Code of arch_vma_access_permitted() function was extended to check foreign vma flags. Tested on x86_64 and ARM(QEMU) with dd command which writes to /proc/PID/mem in r--p or r--xp of vma area addresses range dd reports IO failure when tries to write to adress taken from from /proc/PID/maps (PLT or code section) Signed-off-by: Lev Olshvang --- include/asm-generic/mm_hooks.h | 5 +++++ security/Kconfig | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/include/asm-generic/mm_hooks.h b/include/asm-generic/mm_hooks.h index 4dbb177d1150..6e1fcce44cc2 100644 --- a/include/asm-generic/mm_hooks.h +++ b/include/asm-generic/mm_hooks.h @@ -25,6 +25,11 @@ static inline void arch_unmap(struct mm_struct *mm, static inline bool arch_vma_access_permitted(struct vm_area_struct *vma, bool write, bool execute, bool foreign) { +#ifdef CONFIG_PROTECT_READONLY_USER_MEMORY + /* Forbid write to PROT_READ pages of foreign process */ + if (write && foreign && (!(vma->vm_flags & VM_WRITE))) + return false; +#endif /* by default, allow everything */ return true; } diff --git a/security/Kconfig b/security/Kconfig index cd3cc7da3a55..d92e79c90d67 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -143,6 +143,16 @@ config LSM_MMAP_MIN_ADDR this low address space will need the permission specific to the systems running LSM. +config PROTECT_READONLY_USER_MEMORY + bool "Protect read only process memory" + help + Protects read only memory of process code and PLT table + from possible attack through /proc/PID/mem or through /dev/mem. + Refuses to insert and stop at debuggers breakpoints (prtace,gdb) + Mostly advised for embedded and production system. + Stops attempts of the malicious process to modify read only memory of another process + + config HAVE_HARDENED_USERCOPY_ALLOCATOR bool help From patchwork Mon Apr 6 14:20:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lev R. Oshvang ." X-Patchwork-Id: 11475657 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B9926174A for ; Mon, 6 Apr 2020 14:57:17 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 22EF82486F for ; Mon, 6 Apr 2020 14:57:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="rfBxAaqG" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 22EF82486F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-18426-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 8155 invoked by uid 550); 6 Apr 2020 14:57:08 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Delivered-To: moderator for kernel-hardening@lists.openwall.com Received: (qmail 30223 invoked from network); 6 Apr 2020 14:21:33 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Qhp3m1b9IbBxAsOO+Ozx0Szif5yojoV/Z059SssFS3g=; b=rfBxAaqGOqHoXIIyuHAfhNM12KzsX9lDvqAUWpv7ogQHVglpIb4E7usPER1Cyo2674 wC7ZxSE97W7nyAmdxPR9+fzwgTGZzril1WYd5lN/AeEsH5fMVnDz8y9tOInyctMqnMZY vty/GJHpsvcHFo1TXouL3M3z3ogWSlsq8NQyFYxASsGNiGRk4oei03Jk1GdFHhzhr3zS wOYiPCQAbbixtFAa3Ff/xZVXyYWpQxlGUEpDAPt0jAkvn8JbG9jbu/GUFI6FGFA49Pg7 HzR4GRS7OMjGvIupYgcjoRMMFFGHp5BDLJRWyQlEBNqn0fpORBysYiVxdf7ZMSqnyK0g 8aeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Qhp3m1b9IbBxAsOO+Ozx0Szif5yojoV/Z059SssFS3g=; b=JR7twwkPJIqrxrAS1my8RIPj1FcgbeSC8Z0hEGxfs4NDMzRD/c5djqBF16u7HDhYcz 1rwaiCHnKVT895mTXcNXxY+cEM+pvnvZCm72PrK7yuOqtdUszALG0oN+UA/oWKysmkzJ 5yeXV58cWbBSgdQIt0QrUYFGzvhC21oDjGywC2z0qXTBwFeJ0raPB/ubryLBjBIwCb09 KfkIEvUuybVRw+rJTkx5p2kpjxK6TTkqnk3AtYrCz7Nl1OqeBpBf5LezgNe6ZV2cxiiO HrDjuk5l1tD1LVZsPBlkjJByyVQk+veozS4wSx9smRfHlP2WpvqBLkZ58X2YQWb/jxVD HEiA== X-Gm-Message-State: AGi0PubWcSo2DQKKBQv/dU+7e+xAS3503TXC6eTISvzctUOYPmi52Bvx 4lFcPt2J5YA8mcbUcx5If0d+xWSucj+PQg== X-Google-Smtp-Source: APiQypKrqY7poSkbhNh4hrT3mvpzzj9YwHWbRdgEWazIpEcKayMAbk7/wQLJMssEy24PtqobIOCNzg== X-Received: by 2002:a5d:42c1:: with SMTP id t1mr11676014wrr.215.1586182881950; Mon, 06 Apr 2020 07:21:21 -0700 (PDT) From: Lev Olshvang To: arnd@arndb.de Cc: kernel-hardening@lists.openwall.com, Lev Olshvang Subject: [RFC PATCH 2/5] Prevent write to read-only pages from another process Date: Mon, 6 Apr 2020 17:20:42 +0300 Message-Id: <20200406142045.32522-3-levonshe@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200406142045.32522-1-levonshe@gmail.com> References: <20200406142045.32522-1-levonshe@gmail.com> Signed-off-by: Lev Olshvang --- arch/unicore32/include/asm/mmu_context.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) -- 2.17.1 diff --git a/arch/unicore32/include/asm/mmu_context.h b/arch/unicore32/include/asm/mmu_context.h index 388c0c811c68..caf240b8a748 100644 --- a/arch/unicore32/include/asm/mmu_context.h +++ b/arch/unicore32/include/asm/mmu_context.h @@ -92,7 +92,12 @@ static inline void arch_unmap(struct mm_struct *mm, static inline bool arch_vma_access_permitted(struct vm_area_struct *vma, bool write, bool execute, bool foreign) { +#ifdef CONFIG_PROTECT_READONLY_USER_MEMORY + /* Forbid write to PROT_READ pages of foreign process */ + if (write && foreign && (!(vma->vm_flags & VM_WRITE))) + return false; +#endif /* by default, allow everything */ return true; } -#endif +#endif /*__UNICORE_MMU_CONTEXT_H__*/ From patchwork Mon Apr 6 14:20:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lev R. Oshvang ." X-Patchwork-Id: 11475661 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C88BB15AB for ; Mon, 6 Apr 2020 14:59:21 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 2EFB5206C3 for ; Mon, 6 Apr 2020 14:59:21 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YjAgtsne" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2EFB5206C3 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-18427-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 11733 invoked by uid 550); 6 Apr 2020 14:59:20 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Delivered-To: moderator for kernel-hardening@lists.openwall.com Received: (qmail 30273 invoked from network); 6 Apr 2020 14:21:34 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=U6TtxNoL8vsZ1orBVNXifDVjmZ/Dy8Jl5SK2A+eCKBs=; b=YjAgtsnepo6yOh2e6WMPJQH/zQNrmSe2kwaiZbasA0StRdOYqUa4mPbaEmgRreHRs9 xKBNmlaUB+ieAuuwCtrYLf/05SwkBbaK/m38iHBNm0Tvp+jxj6VG4Y1M2jTQT9CdMKVJ 5jUZ/YfTZZBzWMhotm6/iZ0OtpIe1bRYR43zv1Rx3gtX1h0tV9nlv7zOz1ZzBgvSKK1d WR7D95U4bGOqeeXWdTAWE6JyyrnkV1GbwP5uu1juXoWE1jkyMTAAOcvHrVSX8k6TMhhb T0NqrjcTm0t0ObZjGkkX2U01PkyqmZ/rFsyOWf4HmC7K2Fb8fCYfb/1Esh2Iov4IKCdH d6kA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=U6TtxNoL8vsZ1orBVNXifDVjmZ/Dy8Jl5SK2A+eCKBs=; b=Y23+pOveNYvIyKnAzkYgaE7WAbR8vRyuwu6kFR3vVwEGx85oU0hcpSH1X/pM1soDhy gGtrQjmoMeCSMvLepqah47ZVPwYSn58jmyyBF+QvbP0ed8dLEuc6vi5xFyhL7TqeilRt tFElFDBHF28HKsRN0RXIUQB0BtW2S6FkM6DsCU1J5Fn4zzpYJ7xqeoOcKh7NR/DBDqm1 J0twksikZXphiOqmIO6q9jSMBPkDFjWAI2KENcIHxN7CpFpItYpv8QvnEMJta7JMKFDc Z9Q9uS0H+ZSFSNqw1ZrBCYyz/uv7GN2S9cX2PRKuN7FQZ3w3Y7Fjjw/VUaEiozKj59Q3 ICfA== X-Gm-Message-State: AGi0PuaRgidg0KY+nbcbiEQJ068QkRHfmAzDxSch99AXszzhZASe3bPy iJ/ednXrv8BwH8dt3J+gkRY= X-Google-Smtp-Source: APiQypJSc3VUutpLAF+C3TPDX/ncWod1QhEyFkCol1LTSAFEMXHvkWym/36lzVoKowjxUxEzf4YNOA== X-Received: by 2002:a5d:69c8:: with SMTP id s8mr24309252wrw.300.1586182882984; Mon, 06 Apr 2020 07:21:22 -0700 (PDT) From: Lev Olshvang To: arnd@arndb.de Cc: kernel-hardening@lists.openwall.com, Lev Olshvang Subject: [RFC PATCH 3/5] Prevent write to read-only pages text, PLT/GOT tables from another process Date: Mon, 6 Apr 2020 17:20:43 +0300 Message-Id: <20200406142045.32522-4-levonshe@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200406142045.32522-1-levonshe@gmail.com> References: <20200406142045.32522-1-levonshe@gmail.com> Signed-off-by: Lev Olshvang --- arch/powerpc/include/asm/mmu_context.h | 7 ++++++- arch/powerpc/mm/book3s64/pkeys.c | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) -- 2.17.1 diff --git a/arch/powerpc/include/asm/mmu_context.h b/arch/powerpc/include/asm/mmu_context.h index 360367c579de..b25e5726fa99 100644 --- a/arch/powerpc/include/asm/mmu_context.h +++ b/arch/powerpc/include/asm/mmu_context.h @@ -246,10 +246,15 @@ void arch_dup_pkeys(struct mm_struct *oldmm, struct mm_struct *mm); static inline bool arch_vma_access_permitted(struct vm_area_struct *vma, bool write, bool execute, bool foreign) { +#ifdef CONFIG_PROTECT_READONLY_USER_MEMORY + /* Forbid write to PROT_READ pages of foreign process */ + if (write && foreign && (!(vma->vm_flags & VM_WRITE))) + return false; +#endif /* by default, allow everything */ return true; } - +#endif #define pkey_mm_init(mm) #define thread_pkey_regs_save(thread) #define thread_pkey_regs_restore(new_thread, old_thread) diff --git a/arch/powerpc/mm/book3s64/pkeys.c b/arch/powerpc/mm/book3s64/pkeys.c index 07527f1ed108..230058a52009 100644 --- a/arch/powerpc/mm/book3s64/pkeys.c +++ b/arch/powerpc/mm/book3s64/pkeys.c @@ -384,6 +384,11 @@ bool arch_pte_access_permitted(u64 pte, bool write, bool execute) bool arch_vma_access_permitted(struct vm_area_struct *vma, bool write, bool execute, bool foreign) { +#ifdef CONFIG_PROTECT_READONLY_USER_MEMORY + /* Forbid write to PROT_READ pages of foreign process */ + if (write && foreign && (!(vma->vm_flags & VM_WRITE))) + return false; +#endif if (static_branch_likely(&pkey_disabled)) return true; /* From patchwork Mon Apr 6 14:20:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lev R. Oshvang ." X-Patchwork-Id: 11475663 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 375A615AB for ; Mon, 6 Apr 2020 14:59:39 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 928E0206C3 for ; Mon, 6 Apr 2020 14:59:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TKCWs0U0" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 928E0206C3 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-18428-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 13438 invoked by uid 550); 6 Apr 2020 14:59:37 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Delivered-To: moderator for kernel-hardening@lists.openwall.com Received: (qmail 30321 invoked from network); 6 Apr 2020 14:21:35 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=o8/4Ampi2v7APZtRMp9JzLDX7caJGR52iBn4UwilYK4=; b=TKCWs0U0Qxr7aIN8E0B5fdEM92OGC+xx5Jwom/PbScpAwFphX7/+cqnydx7BBQYLYN lP+4qWVR/8rGZE1TFEP9ZiePtF6Z5DXTp3dNV+glbIbbQyisu6RcHnFs6o1uIFZ+SlnK KUYZt9vHw57oDHcsdSVC0Iv0FmxWB5+NTznUZqKo2W87jAYwS3mxMQH5u62ltWTQtrr3 NT0YSGOEzHZ2Tg7qbyjKJ5/TG1i571SljJyYiHqUZspL5Y1RZhoMn1cg3EHDybqMLXxG hf2VDxulRE1aO9btrFgW+zEfm3Oe14ByODOErQEo8PRifAJOKM8qS8JpxZhvcCXXgcoN SFEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=o8/4Ampi2v7APZtRMp9JzLDX7caJGR52iBn4UwilYK4=; b=ASrjn7orixQbte0Twf0CYLQX+Q1xbEo2Lir10Va5qHsFSdTxOJYHmr4YJsg0u38gQ7 L/PQ9SXdHvZzCfa3TEtpqFpEowWlK5sA2nZS98k0S9CxkCskTQc7ye8YZgVNCsVIvfU7 bHrQW2UwheGeegstoG0AicNxWYVS3L1Y2wueZkEQPzW6U1Za+xHl+hN1U66CGVEmtF2U C2SzYwP+Xci39+HAemoaNrBgrqcosQPcDtW3ViuETto+TaK9LLLsLBaC3RLX31npibRr izfaLi8Al4wtdugk/A16N+9+Sf3N4JBUUQMgBMyNZ+cPyPLUdG5+hCOOqCWJHbryTJ6u SBAA== X-Gm-Message-State: AGi0Pua16QC9isyCWckPdtW4ZpW7pWN15RZLvCzmdO8qEcmS2kdxsiVC EvsjJ/glE+QJrtPHVxpa/64= X-Google-Smtp-Source: APiQypJY+JzmSvrJxMZc5lcePc20QV2ywBpQAu1ekVEs8wTE334dwK8BaLdqMJt0xMHcs2nSE3huyQ== X-Received: by 2002:a05:600c:2f81:: with SMTP id t1mr1796125wmn.77.1586182884458; Mon, 06 Apr 2020 07:21:24 -0700 (PDT) From: Lev Olshvang To: arnd@arndb.de Cc: kernel-hardening@lists.openwall.com, Lev Olshvang Subject: [RFC PATCH 4/5] X86:Prevent write to read-only pages :text, PLT/GOT tables from another process Date: Mon, 6 Apr 2020 17:20:44 +0300 Message-Id: <20200406142045.32522-5-levonshe@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200406142045.32522-1-levonshe@gmail.com> References: <20200406142045.32522-1-levonshe@gmail.com> Signed-off-by: Lev Olshvang --- arch/x86/include/asm/mmu_context.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) -- 2.17.1 diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h index 4e55370e48e8..708135112d95 100644 --- a/arch/x86/include/asm/mmu_context.h +++ b/arch/x86/include/asm/mmu_context.h @@ -216,12 +216,19 @@ static inline void arch_unmap(struct mm_struct *mm, unsigned long start, static inline bool arch_vma_access_permitted(struct vm_area_struct *vma, bool write, bool execute, bool foreign) { - /* pkeys never affect instruction fetches */ +#ifdef CONFIG_PROTECT_READONLY_USER_MEMORY + /* Forbid write to PROT_READ pages of foreign process */ + if (write && foreign && (!(vma->vm_flags & VM_WRITE))) + return false; +#endif + /* Don't check PKRU since pkeys never affect instruction fetches */ if (execute) return true; + /* allow access if the VMA is not one from this process */ if (foreign || vma_is_foreign(vma)) return true; + return __pkru_allows_pkey(vma_pkey(vma), write); } From patchwork Mon Apr 6 14:20:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lev R. Oshvang ." X-Patchwork-Id: 11475665 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7D68C15AB for ; Mon, 6 Apr 2020 14:59:45 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id DACE320769 for ; Mon, 6 Apr 2020 14:59:44 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lKRnunrP" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DACE320769 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-18429-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 14050 invoked by uid 550); 6 Apr 2020 14:59:43 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Delivered-To: moderator for kernel-hardening@lists.openwall.com Received: (qmail 30362 invoked from network); 6 Apr 2020 14:21:36 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0Bn24+y1kGNwe9DFY64ROYnXOJNtjKvnNKvk64odtX4=; b=lKRnunrPaE5/RhRVk/daU9Ur1312W3z/Fy1B1qwDC19qZm8X+6o7/Z3kHUnbP9RSsy U3HjQb979P9GGXfjziGF4VMmURveQCymDmX5EMv1X4VDErqiCydlZqsHnSDaNpvMW5cu x5Vu2OoYRhSLlPEq55OQKd9O+3Q58nac4yuArVGN00Guckx/gV8z0rMfwntW5EHr4zWd h8V8swKRqUEy+8b5wgc2oPF7sOTKBfT8S07zBDfcfL5Y3c3qv7Z/Hlp2R8fy64O4Gspy OlNT78aEFoCeW0yyZ3oN6utTqLAadLueONhGQ/hzsBv23NCqWgdJgAq1doBu7Y+fDKJ6 4Bxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0Bn24+y1kGNwe9DFY64ROYnXOJNtjKvnNKvk64odtX4=; b=nESKXt+vZN30IjZnU3RtNV+YGbp5HwNF8XcGZ2eUX8JtvL5LKEBkkDoNfooPCXWa4V dA/+c5mVZiwOFotsLd4hR8m/yQLK2ruxmeInz3P4Q2d6yVkjNnP9TI18HZHp2+JG2hJv ScUpNIbrvn0JEWvqOd7ihS843HXdSGTm7EHfuGv8/tBlrLhiAHhpea8ibsU2SAlA4hzV 4MM5SmAAxwg7rxG49a9/0jw+OQSuVBJRFMJDUhI0fGNTUBB5K277GzbhTllEFLraU+bg 2UdVQPyepZMOUBJwT7FOurrwTHm6rSV+u6oeOxsIOwKRvEHKuocx6asOfj0stBdQDgJk G4OA== X-Gm-Message-State: AGi0PubnhIED43MKeuBkrzYGR+z3b5zh3nqFrIOSEUFQlHcpKPE4C9GY mJWfzykbcprwXXepTqWOYGe9sZwN6L2rwQ== X-Google-Smtp-Source: APiQypLGnGly7fF8aKwhSk1dT3RIj5NoRnjBV/1o9u9Gu4b8x4r1eqM4gX1hVZZV4jL3FfBRDSGngw== X-Received: by 2002:a7b:cf02:: with SMTP id l2mr20319770wmg.4.1586182885443; Mon, 06 Apr 2020 07:21:25 -0700 (PDT) From: Lev Olshvang To: arnd@arndb.de Cc: kernel-hardening@lists.openwall.com, Lev Olshvang Subject: [RFC PATCH 5/5] UM:Prevent write to read-only pages :text, PLT/GOT tables from another process Date: Mon, 6 Apr 2020 17:20:45 +0300 Message-Id: <20200406142045.32522-6-levonshe@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200406142045.32522-1-levonshe@gmail.com> References: <20200406142045.32522-1-levonshe@gmail.com> Signed-off-by: Lev Olshvang --- arch/um/include/asm/mmu_context.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) -- 2.17.1 diff --git a/arch/um/include/asm/mmu_context.h b/arch/um/include/asm/mmu_context.h index b4deb1bfbb68..2de21d52bd60 100644 --- a/arch/um/include/asm/mmu_context.h +++ b/arch/um/include/asm/mmu_context.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0 */ -/* +/* * Copyright (C) 2002 - 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com) */ @@ -28,6 +28,11 @@ static inline void arch_unmap(struct mm_struct *mm, static inline bool arch_vma_access_permitted(struct vm_area_struct *vma, bool write, bool execute, bool foreign) { + #ifdef CONFIG_PROTECT_READONLY_USER_MEMORY + /* Forbid write to PROT_READ pages of foreign process */ + if (write && foreign && (!(vma->vm_flags & VM_WRITE))) + return false; + #endif /* by default, allow everything */ return true; } @@ -52,7 +57,7 @@ static inline void activate_mm(struct mm_struct *old, struct mm_struct *new) up_write(&new->mmap_sem); } -static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, +static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, struct task_struct *tsk) { unsigned cpu = smp_processor_id(); @@ -65,7 +70,7 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, } } -static inline void enter_lazy_tlb(struct mm_struct *mm, +static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk) { }