From patchwork Tue Dec 4 12:18:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10711661 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D75D015A6 for ; Tue, 4 Dec 2018 12:18:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C86362A0E0 for ; Tue, 4 Dec 2018 12:18:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BC0FF2A0E7; Tue, 4 Dec 2018 12:18:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3FAE72A0E0 for ; Tue, 4 Dec 2018 12:18:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CA8086B6EA3; Tue, 4 Dec 2018 07:18:44 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id C02F46B6EA4; Tue, 4 Dec 2018 07:18:44 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B1A0E6B6EA5; Tue, 4 Dec 2018 07:18:44 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lf1-f72.google.com (mail-lf1-f72.google.com [209.85.167.72]) by kanga.kvack.org (Postfix) with ESMTP id 424AB6B6EA4 for ; Tue, 4 Dec 2018 07:18:44 -0500 (EST) Received: by mail-lf1-f72.google.com with SMTP id f16so1921677lfc.3 for ; Tue, 04 Dec 2018 04:18:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=T87JHThg7UO8QeA5V6fJftPPsz9yV1R5uLnw0cNr6IE=; b=cbJp+zwboqVJ/VMV5jQOm4Dfqa2zlBO2rRj0GKmE4fpJHaCcW/rrf8BBiCaS18JwKV J7c8j9UzWSe6LBv6gIJVN9d6K6vMDRjigBPbg7+r9RtT6vyGCg3tMZZTAjNIVt+HZykh P2i0TE628pNuxJGRFNE3jvMh88oE7nDhQWcnVN1+xHJ99DHPUso5Au2VJjRplCWCxSTw o/N0gcrjOhgojPrjNVvP+qBWRCzVoKKxlisq/1sIFjD8L/8jKafJvJGTnoWPdlI/Tyht KkzookahzI32f0sP2Q7o5FSbUiQrr7ucg+wvdMSP0wXBYgqWoEQnrZFbk7/x+g25Dgne 7YsA== X-Gm-Message-State: AA+aEWZLRYj50mquD1RR5bTLdJxUe39tUF/ynb87Ync2wPDnG3UslFgf sPRf2xcnV7p6SQbrUr5BNgGmNU+YEoYwr9qeGLuro/MXI234h1xUB2Ap10U/tohCx5bhkHxGzxp rriF4v4GlxwjQ5m3agdDQ6W1QPuZFSA+mPdRpXw637qgAvy9HvpL59KXDiadWlf8iga/3VE7yto tNiRYxR6TuthDPkHvAqD67CaYI7rDS63ew2qsS47CXek/axLOxHAbuwk3JkrQuUiVWSrUCdLPxZ 82pLE2Ci92+SblCuFHNEJgFHWcxUQlKIlXRsyqP+h5dT1GVhxWQWT6Q6Mg6dIv8B7QKcFysBCE6 hMjsXa3h8gUPnj9lENUl8I4Plis2t2qVjWKnj3ohxeU5Oh9ZcF3PdPAhZnzJTPU0oAzptarudKz n X-Received: by 2002:a2e:851a:: with SMTP id j26-v6mr10924339lji.163.1543925923492; Tue, 04 Dec 2018 04:18:43 -0800 (PST) X-Received: by 2002:a2e:851a:: with SMTP id j26-v6mr10924266lji.163.1543925921854; Tue, 04 Dec 2018 04:18:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543925921; cv=none; d=google.com; s=arc-20160816; b=vhpDMI0RC23v08oRRSr1fCxqn1a+Pj6aU7EYqBm+rd8zl0rq5QE4Elff3vLfl3sB/+ nXrWBSTv05XzzEdTptDoqhIqVIQrPyUA4GDTLfP8WyHUFRrf97OQ1MjUxVw7s/9yNQT2 JNcJR++yrF84+B9QNkTQMcFWOKnctiTUZRwQfHpAdiVHj27zmRQFi4mD+m0h8otJ7O43 YGhiBmXdT1jS9u+8lnOeaPzmGzPQCiBMdUz4qSn6kKhh+dJ14H9BO2f55s2RTmBhV0YL e0xnkZMZ6je7q61UbmM1YRfRT2XcBDkzIW0BL+6jpANdsJ8pa036JxD6QFNN2Y+XCbgO vj0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=T87JHThg7UO8QeA5V6fJftPPsz9yV1R5uLnw0cNr6IE=; b=Kyj1vPc3/U+hR1faxRRrB3CrkFV/ZHjJgppwMIAKP6J1MqGemNtRFQtNsvps3zHkwx htuVqcprdw0HhPjBsLy4aJcFjLffIs5U7mxkV6yQp/hxFcbFNczt+H+SzWzzqiz039kf TXh4DLb5jv/sLLDgd3WthzVcf5wop2odbEvxFU//EnUIT+va2eB5QcUR11kIClGjR1eU ApKxnCy1SbAIa26dj9kFONMs8JTZ5iFsZBRX1qi9cOp5zJNdU3hWF3J8EB7ruw4zW+OO HtTRzJg0xtzJMI/fwpP75ZVzWSqGfqfZljMzYfmFGiW1yglHOfSlZ/zliWdiyP/O6w90 IrJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=TPvhzGMm; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id w25-v6sor9897636ljw.35.2018.12.04.04.18.41 for (Google Transport Security); Tue, 04 Dec 2018 04:18:41 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=TPvhzGMm; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=T87JHThg7UO8QeA5V6fJftPPsz9yV1R5uLnw0cNr6IE=; b=TPvhzGMmuAy/Jp0MHlJaRrPY46SLLw9OCFu9x7y/7C3iLUWX6sx/58dG6VOnI9s+ii elacBrNvCv7bx6l6EpThFnTO1lCV5SGekhd1Rar+rEZeAsjGZG1rQgPJNAlpCG71eM/v g8HlTY1izmemrME/+NCDkGwZlyvNt7t/tAL+hhlDXceESY/ixa8cMheISX7krODoVRWi ivJSQ6f77thNBnNHiBa+rk2q22S/tvNKKkKNiS7pFv0accHWmF67oZwooIUS14bReL7d ZiT4VfsSj2pWQPKZc8Iz9bV2UxNpoteV0gCwF5BTUvU65TPJ5woU9c+oJ+7s3SUHY4hq HekA== X-Google-Smtp-Source: AFSGD/XfqQYN3wQyhBnGHV3cFZdJapmpbdPk784/DsTCfqnFrfRkG3qqaeqi2sFbGQh+z65PmwJTYA== X-Received: by 2002:a2e:12d0:: with SMTP id 77-v6mr1051581ljs.132.1543925921312; Tue, 04 Dec 2018 04:18:41 -0800 (PST) Received: from localhost.localdomain (91-156-179-117.elisa-laajakaista.fi. [91.156.179.117]) by smtp.gmail.com with ESMTPSA id h3sm2899653lfj.25.2018.12.04.04.18.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Dec 2018 04:18:40 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Kees Cook , Matthew Wilcox Cc: igor.stoppa@huawei.com, Nadav Amit , Peter Zijlstra , Dave Hansen , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/6] __wr_after_init: linker section and label Date: Tue, 4 Dec 2018 14:18:00 +0200 Message-Id: <20181204121805.4621-2-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181204121805.4621-1-igor.stoppa@huawei.com> References: <20181204121805.4621-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Introduce a section and a label for statically allocated write rare data. The label is named "__wr_after_init". As the name implies, after the init phase is completed, this section will be modifiable only by invoking write rare functions. The section must take up a set of full pages. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- include/asm-generic/vmlinux.lds.h | 20 ++++++++++++++++++++ include/linux/cache.h | 17 +++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 3d7a6a9c2370..b711dbe6999f 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -311,6 +311,25 @@ KEEP(*(__jump_table)) \ __stop___jump_table = .; +/* + * Allow architectures to handle wr_after_init data on their + * own by defining an empty WR_AFTER_INIT_DATA. + * However, it's important that pages containing WR_RARE data do not + * hold anything else, to avoid both accidentally unprotecting something + * that is supposed to stay read-only all the time and also to protect + * something else that is supposed to be writeable all the time. + */ +#ifndef WR_AFTER_INIT_DATA +#define WR_AFTER_INIT_DATA(align) \ + . = ALIGN(PAGE_SIZE); \ + __start_wr_after_init = .; \ + . = ALIGN(align); \ + *(.data..wr_after_init) \ + . = ALIGN(PAGE_SIZE); \ + __end_wr_after_init = .; \ + . = ALIGN(align); +#endif + /* * Allow architectures to handle ro_after_init data on their * own by defining an empty RO_AFTER_INIT_DATA. @@ -332,6 +351,7 @@ __start_rodata = .; \ *(.rodata) *(.rodata.*) \ RO_AFTER_INIT_DATA /* Read only after init */ \ + WR_AFTER_INIT_DATA(align) /* wr after init */ \ KEEP(*(__vermagic)) /* Kernel version magic */ \ . = ALIGN(8); \ __start___tracepoints_ptrs = .; \ diff --git a/include/linux/cache.h b/include/linux/cache.h index 750621e41d1c..9a7e7134b887 100644 --- a/include/linux/cache.h +++ b/include/linux/cache.h @@ -31,6 +31,23 @@ #define __ro_after_init __attribute__((__section__(".data..ro_after_init"))) #endif +/* + * __wr_after_init is used to mark objects that cannot be modified + * directly after init (i.e. after mark_rodata_ro() has been called). + * These objects become effectively read-only, from the perspective of + * performing a direct write, like a variable assignment. + * However, they can be altered through a dedicated function. + * It is intended for those objects which are occasionally modified after + * init, however they are modified so seldomly, that the extra cost from + * the indirect modification is either negligible or worth paying, for the + * sake of the protection gained. + */ +#ifndef __wr_after_init +#define __wr_after_init \ + __attribute__((__section__(".data..wr_after_init"))) +#endif + + #ifndef ____cacheline_aligned #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif From patchwork Tue Dec 4 12:18:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10711665 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EB3F814BD for ; Tue, 4 Dec 2018 12:18:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DC5872A0E0 for ; Tue, 4 Dec 2018 12:18:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CF0A42A0E7; Tue, 4 Dec 2018 12:18:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D8EBB2A0E0 for ; Tue, 4 Dec 2018 12:18:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 552576B6EA4; Tue, 4 Dec 2018 07:18:46 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 4D8FB6B6EA5; Tue, 4 Dec 2018 07:18:46 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3A1EA6B6EA6; Tue, 4 Dec 2018 07:18:46 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lf1-f72.google.com (mail-lf1-f72.google.com [209.85.167.72]) by kanga.kvack.org (Postfix) with ESMTP id BAEBF6B6EA4 for ; Tue, 4 Dec 2018 07:18:45 -0500 (EST) Received: by mail-lf1-f72.google.com with SMTP id z25so1865813lfi.18 for ; Tue, 04 Dec 2018 04:18:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=MKhXHv/I+suoXSvWY4nOkDQg0yGt8f18bNJLOYzoxHQ=; b=Zscr3LN10CwwOPztmcHYEIOdqKEQ21tlJeb1Nvop3jUmgXmKmL30SzVz7AdQnRUbKg BYY6KTlnUl06oIRVSMlTPZFqOeleWLW/CpGHwO1NTbKJTniMS39ujOen7rEyGVXDoqK6 nXJcjxr5qnUzq1qKyeap4JttX16k6V6zjZcfmzKJQ06SSBXj6mj68n1gVUbvrAA1BQCt 3hiekRSNgTXVzoPYvZNHoHRE5z0mb2DLIC/6hi43b0PmLHvbsW945zCju2GaZ/dGO+65 9M8C7jeV0W7A0pscOs/hFQC9v90pesYSsgjM1A0txYH06hw8odIb6m4+XI17CywWnjT1 MUjA== X-Gm-Message-State: AA+aEWaKXr6aeRIYnyz4amHEayIZb7ZHVI3m93kPjq63bWDBQplnLS12 gWPenkGuD2vNxSMnaKAvnpQ2ITi6Eu+PBzjO25bKxRaxkTsV7cMgvWNdOLE6u2lOvFQYp5aMSKP KRuisya0vs1QuhKlQHTAxbQ76ZKzOW4V0fe0WMhLAVWmxgn5EleT7FOsMOJfcU8NEHXu7YNlX2k eHm80akHSH63Wn4UKhAK1GY1/ajeSVCKJ+D7YfLuSjXE6ICj1eJGBrkpaMLTSsjw0FpVUMh7JzO ncQUgUTAHpARh0U2srhVltiujVBr8R7oCAydKCII0F2Lu+pmh6N5C1b+KXRQj9Ib+e9Tr6cFhex OJQgc+RjRsHsjsRSrwcqgrXdEwCOpuue+MlixgcqIcxQF46llBFLg5w27BxhsvHkog5a+yCK/wD A X-Received: by 2002:a2e:20f:: with SMTP id 15-v6mr12859297ljc.172.1543925925014; Tue, 04 Dec 2018 04:18:45 -0800 (PST) X-Received: by 2002:a2e:20f:: with SMTP id 15-v6mr12859215ljc.172.1543925923072; Tue, 04 Dec 2018 04:18:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543925923; cv=none; d=google.com; s=arc-20160816; b=xxsOgn8oE/mjLzdW6MnOaq9Fld2yRwNnn9Amr5lVIgsIJobWJX+50lFWMmeZ26F6Mx 62EdanznkTzZs9VDUWjFdHfgzKNFrpuPsG5KTYOcUgqZtq0mFXCgkRipXVvNVkAolW5G i+Y3fMDwxvbtMvcgvw4xnFwDcvB6bi1Bf1AkRBqKZTqs74j1QE3U7LrLYnc2k2MdIe/M xehNvvzVuuyOgxq0EAZ9Q7dCK7Nb6jAarIhlric3J3lnYRdPTomFXOPqrbFSav1EZerz yhoZwnlYyGL2Qxl7vLnxsUF0pe442kq7pF/htHslinip1mF1DVK5Nc6fb4lhoWodLlNm jGuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=MKhXHv/I+suoXSvWY4nOkDQg0yGt8f18bNJLOYzoxHQ=; b=biDqRB6FHxFvL59gafiOn1mCJywi0lq6VgdXyEALTrJKx/PaF7d4zUzHjfJ5EtR787 aIrC/PWJg6HS72Niicq8OO+f8en8ljPqtAllEanWFPhXjnXWJNm6QMGxC2UVvgnLqXMi jCLdYPqCOkzMYlOacefzdDOQPbkSrVeoy+H8Frko0wcalXQ51GLkwT+60Feb64Wgp8Z+ 0lfiCeM3coNUKTxahR2JhI9NcdMbXZXCKRC2M3//v2pjIgNYPBW1IeiG5opFNiC+zjyg XF8yXj725a+IaMKheyXIK+v7kJ6p7g42+DAlswdjixKTa4IMPdUNht026OHgkm0/aYWa 45nA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=gfnQgWeQ; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id s74-v6sor9793333lje.7.2018.12.04.04.18.42 for (Google Transport Security); Tue, 04 Dec 2018 04:18:43 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=gfnQgWeQ; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=MKhXHv/I+suoXSvWY4nOkDQg0yGt8f18bNJLOYzoxHQ=; b=gfnQgWeQffX3wVdRPVcjmboL00JGC8t7TbC+RAMpKpuzEMI+2s/f8LK1imQ05mYwT/ xcZLvzDYnNbaxT+JydGhBz58/N/6lbErp5QaiSfpLPs72sqz3Yv9UaHeyz2OlijZsumy dm1JMso9OG00MasdYPVwBFor6ktklkuQlSzYutp2DuNYA8+DIrvg4WC7etgHnXvUAa4f HopTED6G7o74rDwIPEvyW9qPC3D7wRyd9dNfxyDU2+8GU61BQNgpvnSDb+LfKXm0t1fJ kYS+RDYeDQW48BCz2BseM+MmIUDB52S/kihoje7fOf4VxfTtqJQbN0PsbeGLxD4JKGWK NFGw== X-Google-Smtp-Source: AFSGD/X5Ld4X34L6vNoHWDuvQhMxb5FqI8KA/+UtlMLx0Bgb9exvu91YMLJ7FP/CibfWnxue3VJ6fA== X-Received: by 2002:a2e:2c02:: with SMTP id s2-v6mr12920743ljs.118.1543925922527; Tue, 04 Dec 2018 04:18:42 -0800 (PST) Received: from localhost.localdomain (91-156-179-117.elisa-laajakaista.fi. [91.156.179.117]) by smtp.gmail.com with ESMTPSA id h3sm2899653lfj.25.2018.12.04.04.18.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Dec 2018 04:18:41 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Kees Cook , Matthew Wilcox Cc: igor.stoppa@huawei.com, Nadav Amit , Peter Zijlstra , Dave Hansen , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/6] __wr_after_init: write rare for static allocation Date: Tue, 4 Dec 2018 14:18:01 +0200 Message-Id: <20181204121805.4621-3-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181204121805.4621-1-igor.stoppa@huawei.com> References: <20181204121805.4621-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Implementation of write rare for statically allocated data, located in a specific memory section through the use of the __write_rare label. The basic functions are: - wr_memset(): write rare counterpart of memset() - wr_memcpy(): write rare counterpart of memcpy() - wr_assign(): write rare counterpart of the assignment ('=') operator - wr_rcu_assign_pointer(): write rare counterpart of rcu_assign_pointer() The implementation is based on code from Andy Lutomirski and Nadav Amit for patching the text on x86 [here goes reference to commits, once merged] The modification of write protected data is done through an alternate mapping of the same pages, as writable. This mapping is local to each core and is active only for the duration of each write operation. Local interrupts are disabled, while the alternate mapping is active. In theory, it could introduce a non-predictable delay, in a preemptible system, however the amount of data to be altered is likely to be far smaller than a page. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- include/linux/prmem.h | 133 ++++++++++++++++++++++++++++++++++++++++++ init/main.c | 2 + mm/Kconfig | 4 ++ mm/Makefile | 1 + mm/prmem.c | 124 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 264 insertions(+) create mode 100644 include/linux/prmem.h create mode 100644 mm/prmem.c diff --git a/include/linux/prmem.h b/include/linux/prmem.h new file mode 100644 index 000000000000..b0131c1f5dc0 --- /dev/null +++ b/include/linux/prmem.h @@ -0,0 +1,133 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * prmem.h: Header for memory protection library + * + * (C) Copyright 2018 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + * + * Support for: + * - statically allocated write rare data + */ + +#ifndef _LINUX_PRMEM_H +#define _LINUX_PRMEM_H + +#include +#include +#include +#include +#include +#include +#include +#include + +/** + * memtst() - test n bytes of the source to match the c value + * @p: beginning of the memory to test + * @c: byte to compare against + * @len: amount of bytes to test + * + * Returns 0 on success, non-zero otherwise. + */ +static inline int memtst(void *p, int c, __kernel_size_t len) +{ + __kernel_size_t i; + + for (i = 0; i < len; i++) { + u8 d = *(i + (u8 *)p) - (u8)c; + + if (unlikely(d)) + return d; + } + return 0; +} + + +#ifndef CONFIG_PRMEM + +static inline void *wr_memset(void *p, int c, __kernel_size_t len) +{ + return memset(p, c, len); +} + +static inline void *wr_memcpy(void *p, const void *q, __kernel_size_t size) +{ + return memcpy(p, q, size); +} + +#define wr_assign(var, val) ((var) = (val)) + +#define wr_rcu_assign_pointer(p, v) \ + rcu_assign_pointer(p, v) + +#else + +enum wr_op_type { + WR_MEMCPY, + WR_MEMSET, + WR_RCU_ASSIGN_PTR, + WR_OPS_NUMBER, +}; + +void *__wr_op(unsigned long dst, unsigned long src, __kernel_size_t len, + enum wr_op_type op); + +/** + * wr_memset() - sets n bytes of the destination to the c value + * @p: beginning of the memory to write to + * @c: byte to replicate + * @len: amount of bytes to copy + * + * Returns true on success, false otherwise. + */ +static inline void *wr_memset(void *p, int c, __kernel_size_t len) +{ + return __wr_op((unsigned long)p, (unsigned long)c, len, WR_MEMSET); +} + +/** + * wr_memcpy() - copyes n bytes from source to destination + * @dst: beginning of the memory to write to + * @src: beginning of the memory to read from + * @n_bytes: amount of bytes to copy + * + * Returns pointer to the destination + */ +static inline void *wr_memcpy(void *p, const void *q, __kernel_size_t size) +{ + return __wr_op((unsigned long)p, (unsigned long)q, size, WR_MEMCPY); +} + +/** + * wr_assign() - sets a write-rare variable to a specified value + * @var: the variable to set + * @val: the new value + * + * Returns: the variable + * + * Note: it might be possible to optimize this, to use wr_memset in some + * cases (maybe with NULL?). + */ + +#define wr_assign(var, val) ({ \ + typeof(var) tmp = (typeof(var))val; \ + \ + wr_memcpy(&var, &tmp, sizeof(var)); \ + var; \ +}) + +/** + * wr_rcu_assign_pointer() - initialize a pointer in rcu mode + * @p: the rcu pointer + * @v: the new value + * + * Returns the value assigned to the rcu pointer. + * + * It is provided as macro, to match rcu_assign_pointer() + */ +#define wr_rcu_assign_pointer(p, v) ({ \ + __wr_op((unsigned long)&p, v, sizeof(p), WR_RCU_ASSIGN_PTR); \ + p; \ +}) +#endif +#endif diff --git a/init/main.c b/init/main.c index a461150adfb1..a36f2e54f937 100644 --- a/init/main.c +++ b/init/main.c @@ -498,6 +498,7 @@ void __init __weak thread_stack_cache_init(void) void __init __weak mem_encrypt_init(void) { } void __init __weak poking_init(void) { } +void __init __weak wr_poking_init(void) { } bool initcall_debug; core_param(initcall_debug, initcall_debug, bool, 0644); @@ -734,6 +735,7 @@ asmlinkage __visible void __init start_kernel(void) delayacct_init(); poking_init(); + wr_poking_init(); check_bugs(); acpi_subsystem_init(); diff --git a/mm/Kconfig b/mm/Kconfig index d85e39da47ae..9b09339c027f 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -142,6 +142,10 @@ config ARCH_DISCARD_MEMBLOCK config MEMORY_ISOLATION bool +config PRMEM + def_bool n + depends on STRICT_KERNEL_RWX && X86_64 + # # Only be set on architectures that have completely implemented memory hotplug # feature. If you are not sure, don't touch it. diff --git a/mm/Makefile b/mm/Makefile index d210cc9d6f80..ef3867c16ce0 100644 --- a/mm/Makefile +++ b/mm/Makefile @@ -58,6 +58,7 @@ obj-$(CONFIG_SPARSEMEM) += sparse.o obj-$(CONFIG_SPARSEMEM_VMEMMAP) += sparse-vmemmap.o obj-$(CONFIG_SLOB) += slob.o obj-$(CONFIG_MMU_NOTIFIER) += mmu_notifier.o +obj-$(CONFIG_PRMEM) += prmem.o obj-$(CONFIG_KSM) += ksm.o obj-$(CONFIG_PAGE_POISONING) += page_poison.o obj-$(CONFIG_SLAB) += slab.o diff --git a/mm/prmem.c b/mm/prmem.c new file mode 100644 index 000000000000..e8ab76701831 --- /dev/null +++ b/mm/prmem.c @@ -0,0 +1,124 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * prmem.c: Memory Protection Library + * + * (C) Copyright 2017-2018 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + */ + +#include +#include +#include +#include +#include +#include +#include + +static __ro_after_init bool wr_ready; +static __ro_after_init struct mm_struct *wr_poking_mm; +static __ro_after_init unsigned long wr_poking_base; + +/* + * The following two variables are statically allocated by the linker + * script at the the boundaries of the memory region (rounded up to + * multiples of PAGE_SIZE) reserved for __wr_after_init. + */ +extern long __start_wr_after_init; +extern long __end_wr_after_init; + +static inline bool is_wr_after_init(unsigned long ptr, __kernel_size_t size) +{ + unsigned long start = (unsigned long)&__start_wr_after_init; + unsigned long end = (unsigned long)&__end_wr_after_init; + unsigned long low = ptr; + unsigned long high = ptr + size; + + return likely(start <= low && low <= high && high <= end); +} + + +void *__wr_op(unsigned long dst, unsigned long src, __kernel_size_t len, + enum wr_op_type op) +{ + temporary_mm_state_t prev; + unsigned long flags; + unsigned long offset; + unsigned long wr_poking_addr; + + /* Confirm that the writable mapping exists. */ + BUG_ON(!wr_ready); + + if (WARN_ONCE(op >= WR_OPS_NUMBER, "Invalid WR operation.") || + WARN_ONCE(!is_wr_after_init(dst, len), "Invalid WR range.")) + return (void *)dst; + + offset = dst - (unsigned long)&__start_wr_after_init; + wr_poking_addr = wr_poking_base + offset; + local_irq_save(flags); + prev = use_temporary_mm(wr_poking_mm); + + kasan_disable_current(); + if (op == WR_MEMCPY) + memcpy((void *)wr_poking_addr, (void *)src, len); + else if (op == WR_MEMSET) + memset((u8 *)wr_poking_addr, (u8)src, len); + else if (op == WR_RCU_ASSIGN_PTR) + /* generic version of rcu_assign_pointer */ + smp_store_release((void **)wr_poking_addr, + RCU_INITIALIZER((void **)src)); + kasan_enable_current(); + + barrier(); /* XXX redundant? */ + + unuse_temporary_mm(prev); + /* XXX make the verification optional? */ + if (op == WR_MEMCPY) + BUG_ON(memcmp((void *)dst, (void *)src, len)); + else if (op == WR_MEMSET) + BUG_ON(memtst((void *)dst, (u8)src, len)); + else if (op == WR_RCU_ASSIGN_PTR) + BUG_ON(*(unsigned long *)dst != src); + local_irq_restore(flags); + return (void *)dst; +} + +struct mm_struct *copy_init_mm(void); +void __init wr_poking_init(void) +{ + unsigned long start = (unsigned long)&__start_wr_after_init; + unsigned long end = (unsigned long)&__end_wr_after_init; + unsigned long i; + unsigned long wr_range; + + wr_poking_mm = copy_init_mm(); + BUG_ON(!wr_poking_mm); + + /* XXX What if it's too large to fit in the task unmapped mem? */ + wr_range = round_up(end - start, PAGE_SIZE); + + /* Randomize the poking address base*/ + wr_poking_base = TASK_UNMAPPED_BASE + + (kaslr_get_random_long("Write Rare Poking") & PAGE_MASK) % + (TASK_SIZE - (TASK_UNMAPPED_BASE + wr_range)); + + /* Create alternate mapping for the entire wr_after_init range. */ + for (i = start; i < end; i += PAGE_SIZE) { + struct page *page; + spinlock_t *ptl; + pte_t pte; + pte_t *ptep; + unsigned long wr_poking_addr; + + BUG_ON(!(page = virt_to_page(i))); + wr_poking_addr = i - start + wr_poking_base; + + /* The lock is not needed, but avoids open-coding. */ + ptep = get_locked_pte(wr_poking_mm, wr_poking_addr, &ptl); + VM_BUG_ON(!ptep); + + pte = mk_pte(page, PAGE_KERNEL); + set_pte_at(wr_poking_mm, wr_poking_addr, ptep, pte); + spin_unlock(ptl); + } + wr_ready = true; +} From patchwork Tue Dec 4 12:18:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10711667 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E2F3014BD for ; Tue, 4 Dec 2018 12:18:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D56002A0E3 for ; Tue, 4 Dec 2018 12:18:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C8FE42A0EE; Tue, 4 Dec 2018 12:18:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9A02B2A0E3 for ; Tue, 4 Dec 2018 12:18:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 68B286B6EA5; Tue, 4 Dec 2018 07:18:47 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 63A176B6EA6; Tue, 4 Dec 2018 07:18:47 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 48E7F6B6EA7; Tue, 4 Dec 2018 07:18:47 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lj1-f197.google.com (mail-lj1-f197.google.com [209.85.208.197]) by kanga.kvack.org (Postfix) with ESMTP id CB5746B6EA5 for ; Tue, 4 Dec 2018 07:18:46 -0500 (EST) Received: by mail-lj1-f197.google.com with SMTP id k22-v6so4492764ljk.12 for ; Tue, 04 Dec 2018 04:18:46 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=mJMksY6rKhfNGrlxoC/9f5P6S8jnAMH+e8y1ppLmkig=; b=tMMIp2DRjIOTx5XbHQPQGoWoDMg0xrz4DbDm3pnFlZZwV9iYQ4zWrpzpECsOgO1lmK CutYd+vCdE/OeiNgckcCrdIwBSZsvVTG7EPt0smaxFp6iKshn8wpRx2BRX2z6oC8j5gy 005RAgSGkWHuxvMW2mUyRLxkXWlRdnM01Qiq/Shy4UU8JjTwX4WPpDEoy39uYGhhsedt cezeIBuMftNz+2s4W21ymufqQDcz1keM42NavAFuFzN8Tk9cj8tTmB17TAPVhDzUuMl+ ucGR779R/v8wvCswJPCG2bbBQIfthUCu519v1sgStTU9TF3MnZCgIYlPwoEVXdVh8P1v icqA== X-Gm-Message-State: AA+aEWZvifKlr8FWTJb7LQWij+7RDvQlsyycQ9uNus7FjOd5sLON5fAo fb+Vm7qyJuoDPSdlMr1qQ9IF3kPuUBFyZaWW/vYAY1TvC9QxKZuTf5DbVtLDH9BS1ORn1OGDfEf Vo5nQbM5KAingdLBD0xsbjEwqwqNrI7sAF+2j/5IOnrl4knXEwbdBWKq2ACVj2mgT+EEwCreJvu w2RkJRxDE8ES1EWPR/SsDWKCvZEQJVC2fJKFCa7eeSq29Bz4apzPy+SrXMM12b7nuyOp7eYSIWV RKZ/7iMOZpPNYoBGiIpRM8jzEUGfKdwIDq1hR0Cjk5T38RpkeaqoI9JEyl/RNP/Ad1WQoXftHj4 aDTpzRHYBsfOpyKytphFiVZVzfktQeyZfmVvFxyxplMUZVIY9xvuxgaaz4lb+xPBt0qwSeqgaO9 L X-Received: by 2002:ac2:4116:: with SMTP id b22mr12166672lfi.19.1543925926077; Tue, 04 Dec 2018 04:18:46 -0800 (PST) X-Received: by 2002:ac2:4116:: with SMTP id b22mr12166614lfi.19.1543925924546; Tue, 04 Dec 2018 04:18:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543925924; cv=none; d=google.com; s=arc-20160816; b=nyvjHcrW9YS1PaaatIfcPt7yOxikHz0/BgSF0Ln+VWh+LSEZ9qLm8YVTAbptHQdBMD qWJwedwm9060s++wL3e2nArbuBy1XHHDRDsVo+aD9xHsDCgICTIAWY1b64Xsp2j2zU+C VtYvRi5sAglxic29u9kl9WQXMuvLlOA9nIvhkRC47R4dg6vACBAZViVYkUv2lsNp1LA1 OVifRMwsRKJkWmxUq1vu20bwuwzD2R/GOJ0rZhedQUJLBGMoMiID4z2p++tR+bTdz8dH EIt+uUY3Be5CNlP0B8M34hAzbv7DW1ouxIdztSwpb7L2vqpjUTzUO5GDOJhcpcs8keBQ JZ9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=mJMksY6rKhfNGrlxoC/9f5P6S8jnAMH+e8y1ppLmkig=; b=ETLYuJfZYRssRabdRq8AJE5P9HKK7cof2jy1QU5nCs4hsLXTF1N29GuhYEiDsWlDau F5nFnYxVIVAa9hIeTZQztUd2Nqyht2LgtO9166aXAf+qojj8ijSDhT+osWAvS21phII2 BtmEWSVBJX/krORov3FIpdolIVTodupFu5UdTq8ZzQ4tEiTOR6dk8XWIh7MBRKBGiAOS vLdUyBabJlrJ4kF9MJY85PY571ikqJ9QPJwKI1IZEh77trSEXeXUewG/fKNOwre5Tr5z CfFNrP4dy7G2W01MYVoCQDNqbcWCHj+2iCkvLC3uaaCer5K15i+BvCRjOx6nB/FEnzsL Igvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=nfKfgur+; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id a22-v6sor9876491ljd.6.2018.12.04.04.18.44 for (Google Transport Security); Tue, 04 Dec 2018 04:18:44 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=nfKfgur+; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=mJMksY6rKhfNGrlxoC/9f5P6S8jnAMH+e8y1ppLmkig=; b=nfKfgur+7NfxEvS1bNr5TrPQffifXufN2M74WYOVBCnHg6RWnRAHN6d1ot1S7MtTFS eY6DtAA8gW2IZoeav6Xcc5AP95lgP/FMR2427gUjvvUKkZBBR3G5NhF+CkCWXT9Gsk4m x9k9BzMQN2TNCkuYtBDF/xYteWxZNp/86VmbYls2v/jcsPvK2fqd5xzHOV5FAOWYnIGz 0WKvrgqSEpNV3438xLguGp0GrrkH6H+tCLK+45XnYElomR2jxOX8lvd5JR14KFSZLfYU YE6/+wD2ec0YztQZ/xtRLG428m5WKqopIB+uMESIKB9u99CVaVDuMQM6y3xclCIqVPpn PVQA== X-Google-Smtp-Source: AFSGD/WWQI8QGsQXXSTC5ZysrJ5U8vMjuWZFjwJ8suURld6RLcFQmBCHttm98abwWPkEAZpczf/7pA== X-Received: by 2002:a2e:63cd:: with SMTP id s74-v6mr12265480lje.117.1543925923947; Tue, 04 Dec 2018 04:18:43 -0800 (PST) Received: from localhost.localdomain (91-156-179-117.elisa-laajakaista.fi. [91.156.179.117]) by smtp.gmail.com with ESMTPSA id h3sm2899653lfj.25.2018.12.04.04.18.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Dec 2018 04:18:43 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Kees Cook , Matthew Wilcox Cc: igor.stoppa@huawei.com, Nadav Amit , Peter Zijlstra , Dave Hansen , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 3/6] rodata_test: refactor tests Date: Tue, 4 Dec 2018 14:18:02 +0200 Message-Id: <20181204121805.4621-4-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181204121805.4621-1-igor.stoppa@huawei.com> References: <20181204121805.4621-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Refactor the test cases, in preparation for using them also for testing __wr_after_init memory. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- mm/rodata_test.c | 48 ++++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/mm/rodata_test.c b/mm/rodata_test.c index d908c8769b48..3c1e515ca9b1 100644 --- a/mm/rodata_test.c +++ b/mm/rodata_test.c @@ -14,44 +14,52 @@ #include #include -static const int rodata_test_data = 0xC3; +#define INIT_TEST_VAL 0xC3 -void rodata_test(void) +static const int rodata_test_data = INIT_TEST_VAL; + +static bool test_data(char *data_type, const int *data, + unsigned long start, unsigned long end) { - unsigned long start, end; int zero = 0; /* test 1: read the value */ /* If this test fails, some previous testrun has clobbered the state */ - if (!rodata_test_data) { - pr_err("test 1 fails (start data)\n"); - return; + if (*data != INIT_TEST_VAL) { + pr_err("%s: test 1 fails (init data value)\n", data_type); + return false; } /* test 2: write to the variable; this should fault */ - if (!probe_kernel_write((void *)&rodata_test_data, - (void *)&zero, sizeof(zero))) { - pr_err("test data was not read only\n"); - return; + if (!probe_kernel_write((void *)data, (void *)&zero, sizeof(zero))) { + pr_err("%s: test data was not read only\n", data_type); + return false; } /* test 3: check the value hasn't changed */ - if (rodata_test_data == zero) { - pr_err("test data was changed\n"); - return; + if (*data != INIT_TEST_VAL) { + pr_err("%s: test data was changed\n", data_type); + return false; } /* test 4: check if the rodata section is PAGE_SIZE aligned */ - start = (unsigned long)__start_rodata; - end = (unsigned long)__end_rodata; if (start & (PAGE_SIZE - 1)) { - pr_err("start of .rodata is not page size aligned\n"); - return; + pr_err("%s: start of data is not page size aligned\n", + data_type); + return false; } if (end & (PAGE_SIZE - 1)) { - pr_err("end of .rodata is not page size aligned\n"); - return; + pr_err("%s: end of data is not page size aligned\n", + data_type); + return false; } + return true; +} - pr_info("all tests were successful\n"); +void rodata_test(void) +{ + if (test_data("rodata", &rodata_test_data, + (unsigned long)&__start_rodata, + (unsigned long)&__end_rodata)) + pr_info("all tests were successful\n"); } From patchwork Tue Dec 4 12:18:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10711671 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 44E6D15A6 for ; Tue, 4 Dec 2018 12:18:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 35BBB2A0E0 for ; Tue, 4 Dec 2018 12:18:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 29E1F2A0E7; Tue, 4 Dec 2018 12:18:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A583B2A0E0 for ; Tue, 4 Dec 2018 12:18:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 770B16B6EA6; Tue, 4 Dec 2018 07:18:48 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 723C26B6EA7; Tue, 4 Dec 2018 07:18:48 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 59CD16B6EA8; Tue, 4 Dec 2018 07:18:48 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) by kanga.kvack.org (Postfix) with ESMTP id DDEA26B6EA6 for ; Tue, 4 Dec 2018 07:18:47 -0500 (EST) Received: by mail-lf1-f70.google.com with SMTP id y6so1878341lfy.11 for ; Tue, 04 Dec 2018 04:18:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=WBnbM87FYiZB144WHH+WIErpqzF5ZNVsWJfotUGC/To=; b=oJlbVRjrMRM76cjKgli4cxVmFA6rxoXeJN4iKPAGARHhkb2wI2U+w1Nu79xw0Jp+/0 NF03ZpNozzlClFTCtSHLeRm1uR577cQj8kG+0ABWcx+whXcdA2wHeOnpH3k6AbPTOPNU VBpYC14sRGBDossGbFjRsVbabn+DCQHMHNcPnz7LCxJZSfpMGd1Yha3/meylXaVkQ0gm Fz2PuUNgdZ2KCTYY548NVREHVL3+fvluw9axEoGzhteVHQ8yzPjNYEE6p9IVPjdwxfS/ tARLqrnoHRe0TNGEm3cTunlF50pmefzaJ9HAJ9JjZ4Fnamwp2yQ9nAqLNXc7n6j26hPb 9xCA== X-Gm-Message-State: AA+aEWawiuByFFGnBp5oDlYxu0BpLGup9fLvBdIrlV1BMl/dbO7SMdEq 2QjmxzbPNTTquzVqitKm/uwKGcYq/tnrB2AD1KeYEmOJN8SywMPd47YVzHy8TbOgf6G0MernKQT 1wdP6pLrKljzyHewTNX1Z6Y+5Y9MOUNVb5tgV92Nthjdj5t9RUhRZyhMCzicjAtsML6rCRSoPib EEiM48URmiiNE7wyzeDt7DYtcr9VMul8DB238Pw7O7xReLur17sjC3UH48WlviaRm7Uw9ZO77iY pmn36ZOkhO4zRNqWG4LBgrhc61uFIXivMLdV8OyYEArPwEmLbzud3Bg/M+qiGpbjLsQi9mhIkGH WQWGLjimgOcNkGT6z19R+Et0h+QNC/xmm1vsqTh5357+UEGbiIl8HjqvNdSmiJsN+TRbkpu7fed F X-Received: by 2002:a2e:9017:: with SMTP id h23-v6mr10982861ljg.71.1543925927230; Tue, 04 Dec 2018 04:18:47 -0800 (PST) X-Received: by 2002:a2e:9017:: with SMTP id h23-v6mr10982805ljg.71.1543925925831; Tue, 04 Dec 2018 04:18:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543925925; cv=none; d=google.com; s=arc-20160816; b=UDZVD4EEIPxZQjo89Jeol/kvd0soUAQdHuJx4dFbzgz2S8IrfkGtC9uHqGxF9tPIhg klDLdCpIiEX8EuQQ/DuQ/uIbPtjqHS4gAeKjTk3JfEsfVvnu8kjZlLPragH7QejyEQa2 1mwzWpmQT+EVXK7qlW9HJx8QSPZr8a1EmAAf/39f1izUkE6Ryo5jZL1JuOXDR6lSRktj 9N6l8udafqgohEfXyQI5urFcQ+9n/G11s5WscotAxSDHrRSkSgOzdkX3gfBnVYlygWD6 m2927vmFV/fmohI/1zLiXtleEErGt9h3bZdN6mOxPA1hQYBS2vPunnlKsxL9gANUn+V8 BfUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=WBnbM87FYiZB144WHH+WIErpqzF5ZNVsWJfotUGC/To=; b=Cw+QCpsawOiz0vJ5KD9LkD5/hQSvtNveKs9xaxNjagFoll0vdynX1G1t+cSrylVB+g FYuBRIVlMbmsiWBKKsEgXD4V4BvOCFnmoiywS63fkYUktE9LW17hz2sAeK9IiNF/7d/p cWQQYzAf0GceKtKT7w7w5GEaOseZHC/A3BSxh+pyX9Ek6BkiSSQ32Zj7M7X0r3V9KJSk nuMOpA74pL5uokR2+EH/9pts0pnax/qxOB1r9XHuRvBk4BFS6zKyLgmLAlU2x4Sjz4SY 7o9dO0NqHiBGpmkOPIXAZ8JrSUMNYzjR+QK7PDDup12FZsN5NcF8no2t5gg4fDbWHUvN Mz3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=E3RY5vky; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id m10-v6sor9470107lje.8.2018.12.04.04.18.45 for (Google Transport Security); Tue, 04 Dec 2018 04:18:45 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=E3RY5vky; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=WBnbM87FYiZB144WHH+WIErpqzF5ZNVsWJfotUGC/To=; b=E3RY5vkybSvPTIG8UuGMwEVOwkUplL0AFDj1MN9T0ROLaaMBhx3o6sL9qiBqK8cDpF lHokL4Goz61X1sMwWX2rqe8g+i/xkU80XCiz6Keo5mY+N2QwkuztsW8I1TLYVZ36cJL0 cH3fN77tAZGhRIwFjGT/udN/UU2XaH/2piLYSuFcG9+mF0rVBDyJkSqRWN10wU0RGVLp g/U3CKeZCh+PdGUKf8B7AMY64oqIvcBkpDi5JA5HxCI6tSjMn8oOG8MbP/CCJI23fOqP OzTixarbLeKA4neW+891Bwfc31u1LhGzMb0feY22cbNyFQTUMEWbsqO2Kl8cBZC+/vvy QAYw== X-Google-Smtp-Source: AFSGD/Uz5k3knHQnWYcPn5vvfo8l7N0tmCpAv9nXtZVRKiyo8X/OPZgpu0935A98/eCYHI1LGa7rXQ== X-Received: by 2002:a2e:9957:: with SMTP id r23-v6mr12190962ljj.98.1543925925285; Tue, 04 Dec 2018 04:18:45 -0800 (PST) Received: from localhost.localdomain (91-156-179-117.elisa-laajakaista.fi. [91.156.179.117]) by smtp.gmail.com with ESMTPSA id h3sm2899653lfj.25.2018.12.04.04.18.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Dec 2018 04:18:44 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Kees Cook , Matthew Wilcox Cc: igor.stoppa@huawei.com, Nadav Amit , Peter Zijlstra , Dave Hansen , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 4/6] rodata_test: add verification for __wr_after_init Date: Tue, 4 Dec 2018 14:18:03 +0200 Message-Id: <20181204121805.4621-5-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181204121805.4621-1-igor.stoppa@huawei.com> References: <20181204121805.4621-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The write protection of the __wr_after_init data can be verified with the same methodology used for const data. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- mm/rodata_test.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/mm/rodata_test.c b/mm/rodata_test.c index 3c1e515ca9b1..a98d088ad9cc 100644 --- a/mm/rodata_test.c +++ b/mm/rodata_test.c @@ -16,7 +16,19 @@ #define INIT_TEST_VAL 0xC3 +/* + * Note: __ro_after_init data is, for every practical effect, equivalent to + * const data, since they are even write protected at the same time; there + * is no need for separate testing. + * __wr_after_init data, otoh, is altered also after the write protection + * takes place and it cannot be exploitable for altering more permanent + * data. + */ + static const int rodata_test_data = INIT_TEST_VAL; +static int wr_after_init_test_data __wr_after_init = INIT_TEST_VAL; +extern long __start_wr_after_init; +extern long __end_wr_after_init; static bool test_data(char *data_type, const int *data, unsigned long start, unsigned long end) @@ -60,6 +72,9 @@ void rodata_test(void) { if (test_data("rodata", &rodata_test_data, (unsigned long)&__start_rodata, - (unsigned long)&__end_rodata)) + (unsigned long)&__end_rodata) && + test_data("wr after init data", &wr_after_init_test_data, + (unsigned long)&__start_wr_after_init, + (unsigned long)&__end_wr_after_init)) pr_info("all tests were successful\n"); } From patchwork Tue Dec 4 12:18:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10711673 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B86FB14BD for ; Tue, 4 Dec 2018 12:19:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A9A962A0E0 for ; Tue, 4 Dec 2018 12:19:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9AE0F2A0E7; Tue, 4 Dec 2018 12:19:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DD6312A0E0 for ; Tue, 4 Dec 2018 12:18:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 41E0B6B6EA7; Tue, 4 Dec 2018 07:18:50 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 3794B6B6EA8; Tue, 4 Dec 2018 07:18:50 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1AE7A6B6EA9; Tue, 4 Dec 2018 07:18:50 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) by kanga.kvack.org (Postfix) with ESMTP id 81BDE6B6EA7 for ; Tue, 4 Dec 2018 07:18:49 -0500 (EST) Received: by mail-lj1-f199.google.com with SMTP id e8-v6so4511590ljg.22 for ; Tue, 04 Dec 2018 04:18:49 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=KelN+/epBNC6XQnXj/EwWYuqT/y6Dkv8jfVNF/vOmp0=; b=tyKI6flNFPChhQgZRFu/GE8gaCD2kB1/qXkf2QHGfWlEurOhT3OyMW9DntbHuuL2Oy SlAoIj4G6X44/QZFvATAqL3OEQKSWrUAvArrdCvZmlCALEFda57IxTPfA2Oarg995WIl U2extsomxsO0sl+o3PcWjhcN94GuUD7EQOLdKqUwhsr3x3411fMX8Z+NbC0GG7fZlqzg a2+pzQTYd4oMKjQvyJaX7tpT1OLzHnXVZ0KeHkmViiYf/TNDAmBFYlkpOAP+iwE+kXeb bPdxB5DYLQXIXvCfJ7dxa4urkJVg+Ybyb3louQU9AiEUm/eBauF3Q6F+AbcpTAYxaUUA 3cBg== X-Gm-Message-State: AA+aEWbY0ojCGtPVGFbyMNwoz8531+zh3I2Av8s/Mm0lK1T7pMCb+7dW Q/gusHb1bx+JXs1MDWuYgAMF+T4PcPacDSuwSLAGfYx3yDuv/51ykaC/uf1zGJ60oyOzQ+owc9M 37KBQBi5loqIqM/rkFfJeTthXzmO0FbgisN+9MqfV8/4LeT/EkPw+NUM0CEgBBc2ppadeuqHeHU MnOmWorL+qY0Awi0Woa0VjOE/OghMPfjsJDdZPjSA0x959oJRqm7tE5y1olxCoyx5P8lpIFuxPg yUJTZenO+OHTa+GUyZLitmDa/ypjYbfEdl8s+DkMRNBShBHdgyi3gYbvf6IptH2pkz/ksYxYEOU cMCZu1ESQODBki1Y+Ep5tH6BBEKDNAL8ickdrdXdSxgCRbeM5HcfyWxnPZ3NrKGuT1JsFfDXpD3 K X-Received: by 2002:a2e:b1ca:: with SMTP id e10-v6mr14011135lja.16.1543925928843; Tue, 04 Dec 2018 04:18:48 -0800 (PST) X-Received: by 2002:a2e:b1ca:: with SMTP id e10-v6mr14011074lja.16.1543925927236; Tue, 04 Dec 2018 04:18:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543925927; cv=none; d=google.com; s=arc-20160816; b=1KjFY+kFWA+eNeCPPiglYoskMhsIunZl/vWvrT50rkTs1ePU8y0tB70i51WPkbxmXH c2M7+aHfMLDK+GfhXTMaBTB9CpcdPDomn5DxtyiIMbrGZHHq9Wj4PE8ZhQ5UVilFJ+cb JMbMnXrvngi73Bue1dxm5ktczZUpEcnUVTmQC4ZpqMkI8RZfVt0QvqsoovH/lAiiFDNm svP45tctO3tF4FQkRMSSB59iM4JpexAbmHxcm1TH9WDYgQ2K7X/mcPijlgJMPDOrooL8 byUewwPA2l4T0lpkkpHRCoEVOsmXeSy9FV8OEeDaYs3Uhei7KITN5t5PFwI6WPo2Bww5 7Sfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=KelN+/epBNC6XQnXj/EwWYuqT/y6Dkv8jfVNF/vOmp0=; b=Pahm2joQdU+8dforQxE4drSHhS6UGghWUr2AyD1WzBoBYz4Fz0HxjskARJj2qp4TVr W80+JC88uRLxvUQF/5FczKLuRL9MngkgbjFS20aKF/vvGBt35hO7+806jsFgr+kbjR4U REx2FefhtgUr1+M6wIyRKG49ElOspB2bm1BeT8ZGUfSwrp0uUtLmBBWKiuWXloqCGOIV wja8rwS+6xAfeoyxckI7Tz53wuYG0uYVRf893Y8MDCR4yXHjQ+RNUbWA2XN4B93JrbaJ +tJMP7mTZHeTWkBVk2iSXDfb0yyLBzlSv58oQ7kVC3ZKAh0+WaDkJ/tDmKyB408xwtCa ZuUg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="Ucrw/UqR"; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id o22-v6sor9778807lji.38.2018.12.04.04.18.47 for (Google Transport Security); Tue, 04 Dec 2018 04:18:47 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="Ucrw/UqR"; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=KelN+/epBNC6XQnXj/EwWYuqT/y6Dkv8jfVNF/vOmp0=; b=Ucrw/UqR6jj/kLnoRFUkGZh+bpI5fmBzCwCETF/CLgfnVVGru5oqqJZ+7QhYx5n5Fm Shp9pV7DYoFwZs6KOZIyeT5wTjZS1uNj9k1Pg7deoq7ohIYKI71ZnH5xa+kAYKeNq9sF S6jfWP/cyuzeYLp/XNxveiW8CNlYDHQM0l/ckxNqSLKFHfTn0HNhcur/UMZRXbCJq9M9 9gAZs1sR7tX/jQ6B3WZuVDvxMqJ6T9hcsLJ4zarJBspjLmz0Z2ojq0McRWoy63duE35n rjJpzfvnYHiZd7LYQegCvO1OxGLFBA7aOH7VHMeUFs/MBPoKl8l8Afm50pcAvBUr0fHK 8i4g== X-Google-Smtp-Source: AFSGD/U2cqReuGWQC1ZRgos10lgGbtiWNxDr3WCe9FOfg/C7eVOwLMAuyb7v5shFbtygFYMfaJo1eA== X-Received: by 2002:a2e:4299:: with SMTP id h25-v6mr12224879ljf.5.1543925926664; Tue, 04 Dec 2018 04:18:46 -0800 (PST) Received: from localhost.localdomain (91-156-179-117.elisa-laajakaista.fi. [91.156.179.117]) by smtp.gmail.com with ESMTPSA id h3sm2899653lfj.25.2018.12.04.04.18.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Dec 2018 04:18:46 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Kees Cook , Matthew Wilcox Cc: igor.stoppa@huawei.com, Nadav Amit , Peter Zijlstra , Dave Hansen , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 5/6] __wr_after_init: test write rare functionality Date: Tue, 4 Dec 2018 14:18:04 +0200 Message-Id: <20181204121805.4621-6-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181204121805.4621-1-igor.stoppa@huawei.com> References: <20181204121805.4621-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Set of test cases meant to confirm that the write rare functionality works as expected. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- include/linux/prmem.h | 7 ++- mm/Kconfig.debug | 9 +++ mm/Makefile | 1 + mm/test_write_rare.c | 135 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 149 insertions(+), 3 deletions(-) create mode 100644 mm/test_write_rare.c diff --git a/include/linux/prmem.h b/include/linux/prmem.h index b0131c1f5dc0..d2492ec24c8c 100644 --- a/include/linux/prmem.h +++ b/include/linux/prmem.h @@ -125,9 +125,10 @@ static inline void *wr_memcpy(void *p, const void *q, __kernel_size_t size) * * It is provided as macro, to match rcu_assign_pointer() */ -#define wr_rcu_assign_pointer(p, v) ({ \ - __wr_op((unsigned long)&p, v, sizeof(p), WR_RCU_ASSIGN_PTR); \ - p; \ +#define wr_rcu_assign_pointer(p, v) ({ \ + __wr_op((unsigned long)&p, (unsigned long)v, sizeof(p), \ + WR_RCU_ASSIGN_PTR); \ + p; \ }) #endif #endif diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug index 9a7b8b049d04..a26ecbd27aea 100644 --- a/mm/Kconfig.debug +++ b/mm/Kconfig.debug @@ -94,3 +94,12 @@ config DEBUG_RODATA_TEST depends on STRICT_KERNEL_RWX ---help--- This option enables a testcase for the setting rodata read-only. + +config DEBUG_PRMEM_TEST + tristate "Run self test for statically allocated protected memory" + depends on STRICT_KERNEL_RWX + select PRMEM + default n + help + Tries to verify that the protection for statically allocated memory + works correctly and that the memory is effectively protected. diff --git a/mm/Makefile b/mm/Makefile index ef3867c16ce0..8de1d468f4e7 100644 --- a/mm/Makefile +++ b/mm/Makefile @@ -59,6 +59,7 @@ obj-$(CONFIG_SPARSEMEM_VMEMMAP) += sparse-vmemmap.o obj-$(CONFIG_SLOB) += slob.o obj-$(CONFIG_MMU_NOTIFIER) += mmu_notifier.o obj-$(CONFIG_PRMEM) += prmem.o +obj-$(CONFIG_DEBUG_PRMEM_TEST) += test_write_rare.o obj-$(CONFIG_KSM) += ksm.o obj-$(CONFIG_PAGE_POISONING) += page_poison.o obj-$(CONFIG_SLAB) += slab.o diff --git a/mm/test_write_rare.c b/mm/test_write_rare.c new file mode 100644 index 000000000000..240cc43793d1 --- /dev/null +++ b/mm/test_write_rare.c @@ -0,0 +1,135 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * test_write_rare.c + * + * (C) Copyright 2018 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + */ + +#include +#include +#include +#include +#include + +#ifdef pr_fmt +#undef pr_fmt +#endif + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +extern long __start_wr_after_init; +extern long __end_wr_after_init; + +static __wr_after_init int scalar = '0'; +static __wr_after_init u8 array[PAGE_SIZE * 3] __aligned(PAGE_SIZE); + +/* The section must occupy a non-zero number of whole pages */ +static bool test_alignment(void) +{ + unsigned long pstart = (unsigned long)&__start_wr_after_init; + unsigned long pend = (unsigned long)&__end_wr_after_init; + + if (WARN((pstart & ~PAGE_MASK) || (pend & ~PAGE_MASK) || + (pstart >= pend), "Boundaries test failed.")) + return false; + pr_info("Boundaries test passed."); + return true; +} + +static inline bool test_pattern(void) +{ + return (memtst(array, '0', PAGE_SIZE / 2) || + memtst(array + PAGE_SIZE / 2, '1', PAGE_SIZE * 3 / 4) || + memtst(array + PAGE_SIZE * 5 / 4, '0', PAGE_SIZE / 2) || + memtst(array + PAGE_SIZE * 7 / 4, '1', PAGE_SIZE * 3 / 4) || + memtst(array + PAGE_SIZE * 5 / 2, '0', PAGE_SIZE / 2)); +} + +static bool test_wr_memset(void) +{ + int new_val = '1'; + + wr_memset(&scalar, new_val, sizeof(scalar)); + if (WARN(memtst(&scalar, new_val, sizeof(scalar)), + "Scalar write rare memset test failed.")) + return false; + + pr_info("Scalar write rare memset test passed."); + + wr_memset(array, '0', PAGE_SIZE * 3); + if (WARN(memtst(array, '0', PAGE_SIZE * 3), + "Array write rare memset test failed.")) + return false; + + wr_memset(array + PAGE_SIZE / 2, '1', PAGE_SIZE * 2); + if (WARN(memtst(array + PAGE_SIZE / 2, '1', PAGE_SIZE * 2), + "Array write rare memset test failed.")) + return false; + + wr_memset(array + PAGE_SIZE * 5 / 4, '0', PAGE_SIZE / 2); + if (WARN(memtst(array + PAGE_SIZE * 5 / 4, '0', PAGE_SIZE / 2), + "Array write rare memset test failed.")) + return false; + + if (WARN(test_pattern(), "Array write rare memset test failed.")) + return false; + + pr_info("Array write rare memset test passed."); + return true; +} + +static u8 array_1[PAGE_SIZE * 2]; +static u8 array_2[PAGE_SIZE * 2]; + +static bool test_wr_memcpy(void) +{ + int new_val = 0x12345678; + + wr_assign(scalar, new_val); + if (WARN(memcmp(&scalar, &new_val, sizeof(scalar)), + "Scalar write rare memcpy test failed.")) + return false; + pr_info("Scalar write rare memcpy test passed."); + + wr_memset(array, '0', PAGE_SIZE * 3); + memset(array_1, '1', PAGE_SIZE * 2); + memset(array_2, '0', PAGE_SIZE * 2); + wr_memcpy(array + PAGE_SIZE / 2, array_1, PAGE_SIZE * 2); + wr_memcpy(array + PAGE_SIZE * 5 / 4, array_2, PAGE_SIZE / 2); + + if (WARN(test_pattern(), "Array write rare memcpy test failed.")) + return false; + + pr_info("Array write rare memcpy test passed."); + return true; +} + +static __wr_after_init int *dst; +static int reference = 0x54; + +static bool test_wr_rcu_assign_pointer(void) +{ + wr_rcu_assign_pointer(dst, &reference); + return dst == &reference; +} + +static int __init test_static_wr_init_module(void) +{ + pr_info("static write_rare test"); + if (WARN(!(test_alignment() && + test_wr_memset() && + test_wr_memcpy() && + test_wr_rcu_assign_pointer()), + "static rare-write test failed")) + return -EFAULT; + pr_info("static write_rare test passed"); + return 0; +} + +module_init(test_static_wr_init_module); + +MODULE_LICENSE("GPL v2"); +MODULE_AUTHOR("Igor Stoppa "); +MODULE_DESCRIPTION("Test module for static write rare."); From patchwork Tue Dec 4 12:18:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10711675 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7CA7315A6 for ; Tue, 4 Dec 2018 12:19:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6E6232A0E3 for ; Tue, 4 Dec 2018 12:19:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 62AD62A0F1; Tue, 4 Dec 2018 12:19:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AF8302A0E3 for ; Tue, 4 Dec 2018 12:19:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 774266B6EA8; Tue, 4 Dec 2018 07:18:51 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 6AC5F6B6EA9; Tue, 4 Dec 2018 07:18:51 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5C3C46B6EAA; Tue, 4 Dec 2018 07:18:51 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) by kanga.kvack.org (Postfix) with ESMTP id E3D766B6EA8 for ; Tue, 4 Dec 2018 07:18:50 -0500 (EST) Received: by mail-lj1-f199.google.com with SMTP id l4-v6so4601425lji.5 for ; Tue, 04 Dec 2018 04:18:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=NVdqMmCKQZDysvXYUM4dpuRHk0CW6y96xz6tH9NdrSw=; b=pBRXphWhQMu1RBA0n3RYl3sWbH4TFa34mazsqr14W3T7TPkl2m31G9r8R7bOYOZl/V 8cYfvmaVJpK8g2KK6nODfphB1FIZCvL9KSNjW2nnUK49he/qFgcVK00ETejKxj4PkOk+ CRVwQQerSYx1Uu2ediKOBaBXhvUWXWvj+3tLWRc88bMlBsf5OFDeYaacdl8cCVVskgdi R1pyFXFBJB4TVNfS04lVu36gbcnteHz+xui+v0s40iPEGpc7Elmy65rGBrb8TkiiHI3X SsmI4LOfEEN6hN02+BP4v/VT2vRL0HVRhtbF69XFBXz1wir7Gq3bJ75QoBUks8iCcAaL aXJg== X-Gm-Message-State: AA+aEWZ+2qaQ8vn4CdWOyugJHm0f9rSlyh/VmbZb6+E8aL6fIK/SxXyI T8wVCWaxGWb89Go6sq6GIsDQyEAz9SXxyTt3t2guzLf5Y7Ff39cKSU6zNPT5+S2eOL3QYOTVsew 3neJKSNitXwna1b8szjOxkJvrMM76xxO8o+iW1vZ5v4EiJogYRDGT8L0+RnC96FRghilkpnktf9 vfa20eqNGEaoaSJWeH0WZbQFRxQwZ+mbRsgA+JOt3znHzrDEpOdSNZSA7p2ojVz36GVFbfYfeJo MIO23DBvtJ6W5ojpv6ECCTZGwz7JMQxAAnKhvkcEQRxBEmGz4/Kz/QyL15Wv5F8Nbg7vKy3eKjz SivxjYHzKu7+/U3iEIjCmXcAzyeytdVsqTljvV6oHoDyIYX2trIsXNf9fBSGyRzbpD3Jd3p0OP6 0 X-Received: by 2002:a19:789:: with SMTP id 131mr8302187lfh.11.1543925930215; Tue, 04 Dec 2018 04:18:50 -0800 (PST) X-Received: by 2002:a19:789:: with SMTP id 131mr8302129lfh.11.1543925928774; Tue, 04 Dec 2018 04:18:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543925928; cv=none; d=google.com; s=arc-20160816; b=kxlW3tnBBIaTPwWE7B9Bew/Vm4cWEeNd6oMmDs+/MUwyuTxwA/HfqrHjCLLydb3fT2 kQCmtg40VWfLDp501xZ1g5nTFSST8dFyeZlYrbTqsXdVoGDD2cTP/KdXrudVYTVWgKUa Ka+hP2D2YsmpisBWuKS7SyZe9Q3xzKOmR6aP4UuuOaKVXssCpTtwKiTeShfyV5b24GsZ 0UiHsoVOL3iZXV3arv2r/2TKXugEX8enqN6Oy7J+/+7EE6fRkPueaIJ/b2H2XxrZBeov g4GP7VB5HQ90ooKSxiYN8AztwiF3ofFIAa1LhmYRppQztMQ1BrZkFLPluYLhP1Nw6E2o jiYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=NVdqMmCKQZDysvXYUM4dpuRHk0CW6y96xz6tH9NdrSw=; b=bPFeWNVJaxFNTiVTUaafexvfbFJyXvt20H5OHfn9jD/2HMLxVcvJuhQue1BZ2gcJ5C 5bm2jTNcJvzANZGSkoG65FUEUIly2FYDcX8uFPF+NQ9m0M3b0PS2HptAKs6OeY+tDmzr nTqrjcbBpllpaCqwMVYDv47+SQpIYh2J2v8NgfSEDjae1bE7zkDyNBO33Pb3+OXzj0Cc BQ8LKKSaDFXDHQZcZCp/YaYq+QMLd2Nyg4Pt/r6CXrlMaCRskzvRe/U7jjl/Qsl2Dsj5 r/oxFavPXxnGrbSG/8ncb721EljYxCpe4eD9ZnNCDL/qNqHtEcv9BmfkAHftznK/LLJN rP/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=HRfrXCFQ; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 96-v6sor9443421lja.27.2018.12.04.04.18.48 for (Google Transport Security); Tue, 04 Dec 2018 04:18:48 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=HRfrXCFQ; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=NVdqMmCKQZDysvXYUM4dpuRHk0CW6y96xz6tH9NdrSw=; b=HRfrXCFQvzKgQhKYWkbS/im8+XnLQmGG8ccr5n3DY3AvBzv51R79u/dWJYuhk3Y/QB 5F3PX6ti+fzfyYUTTRkeMeP2Qkk/GOPZC3dVKjWeDjWxzfaNsQWYwv8PUBhakUjEMGpC +3eyvJFkXoEIJcYl3HPC01uHhpdzkuhiE5IctH//w5KYZf8JD/Y7Gole7e9dz6kxhzmW ZC9eXZteiMUUw1lsEK1t4DghxBzJd4NJHIq3xxVBIuqzUX0poFyAOWyUxaemqKC77wOK Ydsd8ZfPrBokXf7ifOd5x8NzNp/7evrgARi/7ve5XNikMvobqmD29jlx6kR0upcm+wRp 8YMA== X-Google-Smtp-Source: AFSGD/UPXTOGRAw/49T9676bvJ9/1gFe/zO9Lwr0qxwwIUQFs7TARHUmypZrYSVjqRzSte4x5ibGcg== X-Received: by 2002:a2e:9a16:: with SMTP id o22-v6mr3119346lji.112.1543925928237; Tue, 04 Dec 2018 04:18:48 -0800 (PST) Received: from localhost.localdomain (91-156-179-117.elisa-laajakaista.fi. [91.156.179.117]) by smtp.gmail.com with ESMTPSA id h3sm2899653lfj.25.2018.12.04.04.18.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Dec 2018 04:18:47 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Kees Cook , Matthew Wilcox Cc: igor.stoppa@huawei.com, Nadav Amit , Peter Zijlstra , Dave Hansen , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 6/6] __wr_after_init: lkdtm test Date: Tue, 4 Dec 2018 14:18:05 +0200 Message-Id: <20181204121805.4621-7-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181204121805.4621-1-igor.stoppa@huawei.com> References: <20181204121805.4621-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Verify that trying to modify a variable with the __wr_after_init modifier wil lcause a crash. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- drivers/misc/lkdtm/core.c | 3 +++ drivers/misc/lkdtm/lkdtm.h | 3 +++ drivers/misc/lkdtm/perms.c | 29 +++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/drivers/misc/lkdtm/core.c b/drivers/misc/lkdtm/core.c index 2837dc77478e..73c34b17c433 100644 --- a/drivers/misc/lkdtm/core.c +++ b/drivers/misc/lkdtm/core.c @@ -155,6 +155,9 @@ static const struct crashtype crashtypes[] = { CRASHTYPE(ACCESS_USERSPACE), CRASHTYPE(WRITE_RO), CRASHTYPE(WRITE_RO_AFTER_INIT), +#ifdef CONFIG_PRMEM + CRASHTYPE(WRITE_WR_AFTER_INIT), +#endif CRASHTYPE(WRITE_KERN), CRASHTYPE(REFCOUNT_INC_OVERFLOW), CRASHTYPE(REFCOUNT_ADD_OVERFLOW), diff --git a/drivers/misc/lkdtm/lkdtm.h b/drivers/misc/lkdtm/lkdtm.h index 3c6fd327e166..abba2f52ffa6 100644 --- a/drivers/misc/lkdtm/lkdtm.h +++ b/drivers/misc/lkdtm/lkdtm.h @@ -38,6 +38,9 @@ void lkdtm_READ_BUDDY_AFTER_FREE(void); void __init lkdtm_perms_init(void); void lkdtm_WRITE_RO(void); void lkdtm_WRITE_RO_AFTER_INIT(void); +#ifdef CONFIG_PRMEM +void lkdtm_WRITE_WR_AFTER_INIT(void); +#endif void lkdtm_WRITE_KERN(void); void lkdtm_EXEC_DATA(void); void lkdtm_EXEC_STACK(void); diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c index 53b85c9d16b8..f681730aa652 100644 --- a/drivers/misc/lkdtm/perms.c +++ b/drivers/misc/lkdtm/perms.c @@ -9,6 +9,7 @@ #include #include #include +#include #include /* Whether or not to fill the target memory area with do_nothing(). */ @@ -27,6 +28,10 @@ static const unsigned long rodata = 0xAA55AA55; /* This is marked __ro_after_init, so it should ultimately be .rodata. */ static unsigned long ro_after_init __ro_after_init = 0x55AA5500; +/* This is marked __wr_after_init, so it should be in .rodata. */ +static +unsigned long wr_after_init __wr_after_init = 0x55AA5500; + /* * This just returns to the caller. It is designed to be copied into * non-executable memory regions. @@ -104,6 +109,28 @@ void lkdtm_WRITE_RO_AFTER_INIT(void) *ptr ^= 0xabcd1234; } +#ifdef CONFIG_PRMEM + +void lkdtm_WRITE_WR_AFTER_INIT(void) +{ + unsigned long *ptr = &wr_after_init; + + /* + * Verify we were written to during init. Since an Oops + * is considered a "success", a failure is to just skip the + * real test. + */ + if ((*ptr & 0xAA) != 0xAA) { + pr_info("%p was NOT written during init!?\n", ptr); + return; + } + + pr_info("attempting bad wr_after_init write at %p\n", ptr); + *ptr ^= 0xabcd1234; +} + +#endif + void lkdtm_WRITE_KERN(void) { size_t size; @@ -200,4 +227,6 @@ void __init lkdtm_perms_init(void) /* Make sure we can write to __ro_after_init values during __init */ ro_after_init |= 0xAA; + /* Make sure we can write to __wr_after_init during __init */ + wr_after_init |= 0xAA; }