From patchwork Fri Dec 21 18:14:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10740809 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 44EFD13AD for ; Fri, 21 Dec 2018 18:14:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 37D892835B for ; Fri, 21 Dec 2018 18:14:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 292F328618; Fri, 21 Dec 2018 18:14:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0F9702835B for ; Fri, 21 Dec 2018 18:14:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D6BB88E0003; Fri, 21 Dec 2018 13:14:49 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id CF2C88E0001; Fri, 21 Dec 2018 13:14:49 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BE19B8E0003; Fri, 21 Dec 2018 13:14:49 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) by kanga.kvack.org (Postfix) with ESMTP id 50DF28E0001 for ; Fri, 21 Dec 2018 13:14:49 -0500 (EST) Received: by mail-lj1-f199.google.com with SMTP id g12-v6so1905065lji.3 for ; Fri, 21 Dec 2018 10:14:49 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=9pkoDpWnQ0hyqDvaxlvdmZrME9c2qqzlc2zOv6te5xY=; b=nyIa6Oha7bR0uNnzEEnGN1n9hjNuqerd+czl57WHgdzXinMwSF0Z9dlPu5ZGcX9o4V s9PKIRm4uXYbxN9BLnKKiw7urP/wjmU9+0gh4xI1susgWoNyJM7s2guA0EDSRv8KWNMj pLBfGVar7SSxgZbVypf+pXFX+lO69tH6wPCKYQsBnRvWNu/G/aNEPpKLcjqfI4zNWae8 ZrqbZtJL5LnpQj8hC7MkeWFkk4BcchDWNhR04PHf3wXgQnP48GZHOQ2lKtEVZGhKdZ85 +ccJDMVuXJW0dIYbU/uEUjchocbovASbm0OkLAmCIp9chERUElDw4lkrozw0X2QCAlvv qpZQ== X-Gm-Message-State: AJcUuke9XmMd0c5dLLd+y0AbBkgCaV7wtJ2zAerSAPG8zpEGz7fLSswI +lTtY5ha9CO3b7DIQSVFBEHcTcUFF3vR7deBhm+u7X1tuGMBibZSskaaQJN1imzonyJC3WhOGJn 3hI3bRJ2+rKE0XKgI+bHXyWUBTIBbhrNR5TRSNqP6hAibEs0SPEj1EmEQWTS6Ifj44BB3CKa75H WsuWBvBsuN0iYkuSxYao9UYQ+QLyagcUA9lOSmeuihYVmogykmjrlvjgJO+pTQLl6bFo4sPpCpk NbQDxnqqgHAz/gtjEApwsdNIYXq0Dy7X9WI79bgZMu8Fg6J4/ITOBZATers2Dy0T8Ehe2ywADj8 y1s5eSHSjdGM75Ftu9ODDjiRCtkJOdeDDnHQTssS4eF38NCbHcYBcSBQJDdZIFfyoeLRgcvdkBA H X-Received: by 2002:a2e:2b85:: with SMTP id r5-v6mr2216835ljr.91.1545416088450; Fri, 21 Dec 2018 10:14:48 -0800 (PST) X-Received: by 2002:a2e:2b85:: with SMTP id r5-v6mr2216792ljr.91.1545416087015; Fri, 21 Dec 2018 10:14:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545416086; cv=none; d=google.com; s=arc-20160816; b=V4f8Pml0nFBTudqUGxR9ZXzZOiNoZlf9c6AuO0RCzy/KuorFlLupCdRQFEAtShbkCC Qfo6Rr8GXvZGCwTyQ0GS9JoZVmDeapgR20TBoE/T+Eo+dSe7slBJBfGhuA/KKIOLfdiI yFqeIieYhlyB7hqLDTHKSqqjVMldJrRW0Cc0wcg9f9VVV0Q+aCxdKlJYz65WJYoLgYTH QEAjJ1+4DMaS42VYgYFTPiggOlbjeM2CUya6J8fVlm2hPFSADdFGbXquHITKOaL7wZJZ TNiZHr2ryI3EiZKFk/m3pjAjdGsKc0s1TmhlRNt5shzPrhNjZwAAEbLTPgeFAwWOt5rT FIog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=9pkoDpWnQ0hyqDvaxlvdmZrME9c2qqzlc2zOv6te5xY=; b=MGdXG/WEyWWnsFMH3yg8u7P2m9hXDcAGRT0wa8gVJeOzi3NQOjbmWjTZoKW9ujlQu6 WR2iQqVE2uYBh3lAaswc3uORn/MFRfTfQQlykCAusVeMqHFCPF/fV1AVAMb/acXKLaOK SMpRZurwdHaRvvScDI4VvSkoS/RJDhgfCbdUFxYtv0Xlau3FijcUIA7rs9Lot4OEhzLa iMzQeHpfvdUi4jVFzhJeK9VUXhEizEZkqROA9A0SByZe3dK2n2NtHj3DgPZPhjFZF7rt cGIsP4rbgXiMQRtwnbll8rpnLM0ZFrLV9UeCyxau/Y2AAfFA//KuI+xzaNEEfMJrBUkC TzBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=N2niqEom; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id a66-v6sor16166926ljf.31.2018.12.21.10.14.46 for (Google Transport Security); Fri, 21 Dec 2018 10:14:46 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=N2niqEom; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=9pkoDpWnQ0hyqDvaxlvdmZrME9c2qqzlc2zOv6te5xY=; b=N2niqEomFo+rals4bkw3xGbTBjGwxa/HjF9TepnB4pLUjTMQIoZ7v9NVFAHvYtA9gY /0oYQRkwRCEM/u8qr8aLfkPZbFq08vKAZrJbeRw+uPsmd1krMueHpwqVSWjWPyHJzZaw PZNRYzHlOXJQisYA87u0/ENAQ4P71tLBmcdqbPDndtRNBd4/Iko2g/ZGDVNsdjKMAj6O HEe4/wIgfiQh4kQzYdNojImGEYlQXTiGQwU/CvMINRzDx+6hF2dWBiUbCqC8PVrSR4RO zs+3oyb3DLgLu8gImsLRxllVJm3T8bTtcMSk7ZqGUzsimoakWJXB9iCFE24/c/a4ekVm 7ZRQ== X-Google-Smtp-Source: AFSGD/XIkFyHzT2h0WZYCzCstedNVsVpCOdIZJXFreII8gK7lJaMNaWsCWFp0aHljWPuf+HZlBsPEQ== X-Received: by 2002:a2e:908b:: with SMTP id l11-v6mr2285752ljg.150.1545416086374; Fri, 21 Dec 2018 10:14:46 -0800 (PST) Received: from localhost.localdomain (dmhwpt3bffxn8z3-j6k-4.rev.dnainternet.fi. [2001:14bb:51:a4c8:5c24:24d7:ca5f:e7d2]) by smtp.gmail.com with ESMTPSA id m63-v6sm5444564lje.81.2018.12.21.10.14.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Dec 2018 10:14:45 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Matthew Wilcox , Peter Zijlstra , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann Cc: igor.stoppa@huawei.com, Nadav Amit , Kees Cook , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 01/12] x86_64: memset_user() Date: Fri, 21 Dec 2018 20:14:12 +0200 Message-Id: <20181221181423.20455-2-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181221181423.20455-1-igor.stoppa@huawei.com> References: <20181221181423.20455-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Create x86_64 specific version of memset for user space, based on clear_user(). This will be used for implementing wr_memset() in the __wr_after_init scenario, where write-rare variables have an alternate mapping for writing. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/x86/include/asm/uaccess_64.h | 6 ++++ arch/x86/lib/usercopy_64.c | 54 +++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h index a9d637bc301d..f194bfce4866 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -213,4 +213,10 @@ copy_user_handle_tail(char *to, char *from, unsigned len); unsigned long mcsafe_handle_tail(char *to, char *from, unsigned len); +unsigned long __must_check +memset_user(void __user *mem, int c, unsigned long len); + +unsigned long __must_check +__memset_user(void __user *mem, int c, unsigned long len); + #endif /* _ASM_X86_UACCESS_64_H */ diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c index 1bd837cdc4b1..84f8f8a20b30 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c @@ -9,6 +9,60 @@ #include #include +/* + * Memset Userspace + */ + +unsigned long __memset_user(void __user *addr, int c, unsigned long size) +{ + long __d0; + unsigned long pattern = 0; + int i; + + for (i = 0; i < 8; i++) + pattern = (pattern << 8) | (0xFF & c); + might_fault(); + /* no memory constraint: gcc doesn't know about this memory */ + stac(); + asm volatile( + " movq %[val], %%rdx\n" + " testq %[size8],%[size8]\n" + " jz 4f\n" + "0: mov %%rdx,(%[dst])\n" + " addq $8,%[dst]\n" + " decl %%ecx ; jnz 0b\n" + "4: movq %[size1],%%rcx\n" + " testl %%ecx,%%ecx\n" + " jz 2f\n" + "1: movb %%dl,(%[dst])\n" + " incq %[dst]\n" + " decl %%ecx ; jnz 1b\n" + "2:\n" + ".section .fixup,\"ax\"\n" + "3: lea 0(%[size1],%[size8],8),%[size8]\n" + " jmp 2b\n" + ".previous\n" + _ASM_EXTABLE_UA(0b, 3b) + _ASM_EXTABLE_UA(1b, 2b) + : [size8] "=&c"(size), [dst] "=&D" (__d0) + : [size1] "r"(size & 7), "[size8]" (size / 8), "[dst]"(addr), + [val] "ri"(pattern) + : "rdx"); + + clac(); + return size; +} +EXPORT_SYMBOL(__memset_user); + +unsigned long memset_user(void __user *to, int c, unsigned long n) +{ + if (access_ok(VERIFY_WRITE, to, n)) + return __memset_user(to, c, n); + return n; +} +EXPORT_SYMBOL(memset_user); + + /* * Zero Userspace */ From patchwork Fri Dec 21 18:14:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10740811 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3C54D13AD for ; Fri, 21 Dec 2018 18:14:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2DACC2835B for ; Fri, 21 Dec 2018 18:14:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2138728618; Fri, 21 Dec 2018 18:14:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 95CF92835B for ; Fri, 21 Dec 2018 18:14:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0EB638E0005; Fri, 21 Dec 2018 13:14:51 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 071258E0001; Fri, 21 Dec 2018 13:14:51 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E83678E0005; Fri, 21 Dec 2018 13:14:50 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lj1-f197.google.com (mail-lj1-f197.google.com [209.85.208.197]) by kanga.kvack.org (Postfix) with ESMTP id 6C4438E0001 for ; Fri, 21 Dec 2018 13:14:50 -0500 (EST) Received: by mail-lj1-f197.google.com with SMTP id v74-v6so1901138lje.6 for ; Fri, 21 Dec 2018 10:14:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=02CsOTWqtwZzPMlweM9pS6XE1OnLE/PPqdTJz4OZtoU=; b=ubmHfMBSJbzazw0dYZUuB0WQH+PUgQoXQqWerFfCJrjuEgar+iOdKJ2d2n6PPT2FhM RudjSey9DqZkc5gguIdJwzojaM46IoSbkFymMXrk/ZPi/FH/rmpdRDfYrfR94QsuiWIt OQi6cTFrvzi4AmCOt+4pMwtN+VJfGj9c1PcwNzAga6MN5b3IUBJ6qDXopqFgHlqeFPRF KrbHG3/oqo2/aAiJw10nG6ayHIpELsl6qXCa53OJNw+mDdzRSJu6JTdXsf3h4BnTZnMK onkWFeTYYz8c8G50bYCCKWUGBBZOlQs11GybELiLO6v1/9Hbb3hxylu0er5Yb98H/o6v jJkA== X-Gm-Message-State: AJcUukfTku8rTQLpx7yOtJ/Pv6C/penuuNAjGDwrB/jbonPYkhZs2/Eo WgvLNumyP1OWD6aTAzDAEcmTfbG0GHo5/C4p3KZBL+k6bJPwqToTqXj3BknLTCBkacWugva39S0 IgrXOboNIp+iicYqBcw/wDEbjCIXbIFROLeEp6WKnn0HETgVvmjS6opdPZJJrviJd3eC6u38KXb dnrLmclxEzRv72SAOQxQsJ7rN0c4TtU4y8TiC6mBa9NklujopXMc4wPmSt5qr2R2lpOl3fUxMbH e/UZOqCCALIpVwYrdzp7x10LZsohFt9eXaLN9leObyJZQka2mx0wX5mR6MiEm6bsaBMTzMkGOV8 KVECh9IdUrEEOj2ZELgDWxDB2EO+j7sWK3Ni1M/fbfhQzdsO8eXqjCRFYxxUO7jm9Kq7krFdPTp P X-Received: by 2002:a2e:484:: with SMTP id a4-v6mr2258124ljf.27.1545416089775; Fri, 21 Dec 2018 10:14:49 -0800 (PST) X-Received: by 2002:a2e:484:: with SMTP id a4-v6mr2258093ljf.27.1545416088592; Fri, 21 Dec 2018 10:14:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545416088; cv=none; d=google.com; s=arc-20160816; b=gv8CKIhmNZxaTwinnDZ31ttgbV0h2/w6kLuqqY3zuuWg49ZrkHJCPfPwY7OQJiS72z R61Iqtb7tsvoOEJwNgHJd8THsfcXPUt6RMnZO6WFhlvbFZdFLtX6AFTmV5QS8BxBYL0H aDHAtj9fqEQJ8IVM1OxkUI/nutjO4BP8gyiWE8CJi7wAm5t3TgcOE/GiC0XCyJJ1H86X 1AN0jYVqjr7ovjG6FwWc9LVYX3HYeVAsMN+3Tn7Jz5DEKWSIgC7tubB5Pr1wb6mgMKAm K3D2LfTNif5TnvBPzIHOdpVzFDCyMcaGY2y0ddzQz0SsJDN1TyO945SJ46IcHBqFkgh/ wTCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=02CsOTWqtwZzPMlweM9pS6XE1OnLE/PPqdTJz4OZtoU=; b=nUt+vNUNFqWCGfrVco8sk/WtI1HlNjKslh9knAzqB/Bwx6cf2IY3aGCrODPb2dMzVT gGF+8W6L1gcDMv6iCAOOrN/S22kR41UYpKYjVQHm59PyVnRqldGs11PeDUeaoYI/clkW A7/MTZQOc76rkfmYOQRRVIBh3vQKq+GroqnczQSjacznrFLgSWbrldx22SboOyyfzMkP FDQPrkfytg7nLs80pzAn6du/ra53d/QgfmOA6ri8Yd/WxAJ/FKD960u7AB+VsSY36Y/O 5O9qgBfomW+CsZNsSWPDntBwvBUs9pIu8+EdYoeavUXGYqHsRW7/whdPUikO289c67eY OP7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="C/bllgwW"; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id l20-v6sor16160614lji.21.2018.12.21.10.14.48 for (Google Transport Security); Fri, 21 Dec 2018 10:14:48 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="C/bllgwW"; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=02CsOTWqtwZzPMlweM9pS6XE1OnLE/PPqdTJz4OZtoU=; b=C/bllgwWcelpTykNWYi39BnaATo8lpq89ch1ugnwfkYPRnVxve0wGvexjuxUPMzDoo 5Jpl5b0JUZ4ZL/39R1AR2j4X3k6ukiq9RlxTBcEzcGXXAV++v3Za4nKsdMqOIzA9BnLM FYYV6EhXu7gS7jQm20h6QR7xCxqPqLFD8gIyXunzOdhwh2+LhS6sZVyX0ahZHFfkn3Xw sGSbMTE95/rO31tGYeJBOFMCsqpicf6WF5vlojY4Bfno1gSEaX5smNWCKjXFGXXiAutn S0s+m5efoXLUf0pB106ZUBJIrPyvf1cnpu48uQJzohHGLMXY7JXthKhEMa1N9dvbpmSr FT6Q== X-Google-Smtp-Source: ALg8bN6ADTRPD4oTDrtkd5En5+bsIvKrP+5XCjbqDTL4+Lh9yRDACXYcUUsznsEdhYFvH6hg+L2VRA== X-Received: by 2002:a2e:5b1d:: with SMTP id p29-v6mr2252747ljb.176.1545416088161; Fri, 21 Dec 2018 10:14:48 -0800 (PST) Received: from localhost.localdomain (dmhwpt3bffxn8z3-j6k-4.rev.dnainternet.fi. [2001:14bb:51:a4c8:5c24:24d7:ca5f:e7d2]) by smtp.gmail.com with ESMTPSA id m63-v6sm5444564lje.81.2018.12.21.10.14.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Dec 2018 10:14:47 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Matthew Wilcox , Peter Zijlstra , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann Cc: igor.stoppa@huawei.com, Nadav Amit , Kees Cook , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 02/12] __wr_after_init: linker section and label Date: Fri, 21 Dec 2018 20:14:13 +0200 Message-Id: <20181221181423.20455-3-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181221181423.20455-1-igor.stoppa@huawei.com> References: <20181221181423.20455-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Introduce a section and a label for statically allocated write rare data. The label is named "__wr_after_init". As the name implies, after the init phase is completed, this section will be modifiable only by invoking write rare functions. The section must take up a set of full pages. To activate both section and label, the arch must set CONFIG_ARCH_HAS_PRMEM Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/Kconfig | 15 +++++++++++++++ include/asm-generic/vmlinux.lds.h | 25 +++++++++++++++++++++++++ include/linux/cache.h | 21 +++++++++++++++++++++ init/main.c | 2 ++ 4 files changed, 63 insertions(+) diff --git a/arch/Kconfig b/arch/Kconfig index e1e540ffa979..8668ffec8098 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -802,6 +802,21 @@ config VMAP_STACK the stack to map directly to the KASAN shadow map using a formula that is incorrect if the stack is in vmalloc space. +config ARCH_HAS_PRMEM + def_bool n + help + architecture specific symbol stating that the architecture provides + a back-end function for the write rare operation. + +config PRMEM + bool "Write protect critical data that doesn't need high write speed." + depends on ARCH_HAS_PRMEM + default y + help + If the architecture supports it, statically allocated data which + has been selected for hardening becomes (mostly) read-only. + The selection happens by labelling the data "__wr_after_init". + config ARCH_OPTIONAL_KERNEL_RWX def_bool n diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 3d7a6a9c2370..ddb1fd608490 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -311,6 +311,30 @@ KEEP(*(__jump_table)) \ __stop___jump_table = .; +/* + * Allow architectures to handle wr_after_init data on their + * own by defining an empty WR_AFTER_INIT_DATA. + * However, it's important that pages containing WR_RARE data do not + * hold anything else, to avoid both accidentally unprotecting something + * that is supposed to stay read-only all the time and also to protect + * something else that is supposed to be writeable all the time. + */ +#ifndef WR_AFTER_INIT_DATA +#ifdef CONFIG_PRMEM +#define WR_AFTER_INIT_DATA(align) \ + . = ALIGN(PAGE_SIZE); \ + __start_wr_after_init = .; \ + . = ALIGN(align); \ + *(.data..wr_after_init) \ + . = ALIGN(PAGE_SIZE); \ + __end_wr_after_init = .; \ + . = ALIGN(align); +#else +#define WR_AFTER_INIT_DATA(align) \ + . = ALIGN(align); +#endif +#endif + /* * Allow architectures to handle ro_after_init data on their * own by defining an empty RO_AFTER_INIT_DATA. @@ -332,6 +356,7 @@ __start_rodata = .; \ *(.rodata) *(.rodata.*) \ RO_AFTER_INIT_DATA /* Read only after init */ \ + WR_AFTER_INIT_DATA(align) /* wr after init */ \ KEEP(*(__vermagic)) /* Kernel version magic */ \ . = ALIGN(8); \ __start___tracepoints_ptrs = .; \ diff --git a/include/linux/cache.h b/include/linux/cache.h index 750621e41d1c..09bd0b9284b6 100644 --- a/include/linux/cache.h +++ b/include/linux/cache.h @@ -31,6 +31,27 @@ #define __ro_after_init __attribute__((__section__(".data..ro_after_init"))) #endif +/* + * __wr_after_init is used to mark objects that cannot be modified + * directly after init (i.e. after mark_rodata_ro() has been called). + * These objects become effectively read-only, from the perspective of + * performing a direct write, like a variable assignment. + * However, they can be altered through a dedicated function. + * It is intended for those objects which are occasionally modified after + * init, however they are modified so seldomly, that the extra cost from + * the indirect modification is either negligible or worth paying, for the + * sake of the protection gained. + */ +#ifndef __wr_after_init +#ifdef CONFIG_PRMEM +#define __wr_after_init \ + __attribute__((__section__(".data..wr_after_init"))) +#else +#define __wr_after_init +#endif +#endif + + #ifndef ____cacheline_aligned #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif diff --git a/init/main.c b/init/main.c index a461150adfb1..a36f2e54f937 100644 --- a/init/main.c +++ b/init/main.c @@ -498,6 +498,7 @@ void __init __weak thread_stack_cache_init(void) void __init __weak mem_encrypt_init(void) { } void __init __weak poking_init(void) { } +void __init __weak wr_poking_init(void) { } bool initcall_debug; core_param(initcall_debug, initcall_debug, bool, 0644); @@ -734,6 +735,7 @@ asmlinkage __visible void __init start_kernel(void) delayacct_init(); poking_init(); + wr_poking_init(); check_bugs(); acpi_subsystem_init(); From patchwork Fri Dec 21 18:14:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10740813 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2327D924 for ; Fri, 21 Dec 2018 18:14:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1060D284AA for ; Fri, 21 Dec 2018 18:14:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0462F28622; Fri, 21 Dec 2018 18:14:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6CC27284AA for ; Fri, 21 Dec 2018 18:14:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A5C3A8E0007; Fri, 21 Dec 2018 13:14:52 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id A35B38E0001; Fri, 21 Dec 2018 13:14:52 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8B1578E0007; Fri, 21 Dec 2018 13:14:52 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) by kanga.kvack.org (Postfix) with ESMTP id 1E9BC8E0001 for ; Fri, 21 Dec 2018 13:14:52 -0500 (EST) Received: by mail-lj1-f199.google.com with SMTP id l12-v6so1870840ljb.11 for ; Fri, 21 Dec 2018 10:14:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=IC72E1SkxQby2tnvUgxalWUUCvjmMLY+yVrjL3hsqg8=; b=BF1L1DraIB64y4N/pao4A6qaQbQBt7cuAqr7uJLAGfwuhTfZFm75UTj7jbJHLga6KJ 6Yl6o/8+e33iWK5jDZGpju18i02Lgk5I+wtgIHAljFhgsh5fx7Chw/iXwDeIiYRA0LLR V1juS+NRMQs8RVPwXxZnUVqBT5/b2GV0o1/tbxMC4bLeXa6JIhme0q3W6zBAFNeAQzgg 4tQO5rZZNx/rGkDqWTdHljPXfgbto26tn9+ZQdnGzwq/afKcUgLJOiD8lsTK4vhGqcYG oFSElBwPz84AaF9u9Cyp9F+oHmX3EKgc8YtyK5ww5Y9kelTErf+j4w3URceyKGC21AmS uhWA== X-Gm-Message-State: AA+aEWZ+QWLvNNlsrkBEUDn7GHD63NNT5PjmL8MWeJ5LK61RlUnoultj ddi12b8udPoxQ7BkzvTtdAsiG9I7r6ellTvnvWLBNkgHYKMfczofTmzaps7ntQH+2kJ8jITlB6t lsLMxEl4LKg/yVD4z7+N7IOnkc5HLYLx8KWYtxlPkTw4iVV1bVNzvqwAfsvf5KHaMKPpksk+yW2 3CODwxdCrw9Hnoloa+beJlJ1xiBjAB7Y9f+OsFhkEswK0wlM8PI0wjjW+FwnWUbXBRmg7vpDcZy WmOUllLn8TJwR0S44p6YHvXoAyyNZUfbP/0Od0WTOtMOfLhankFkckotpsGNDiZUPe/ht56yp0W 2CordzGVBmTe3bvI+1gA0j3I3f9qf+rZdyA/jhogAIo8Y1yvYx/E25Rjs8Y1GwgbkbWZr6bhrJH r X-Received: by 2002:a19:5e5d:: with SMTP id z29mr1960434lfi.105.1545416091457; Fri, 21 Dec 2018 10:14:51 -0800 (PST) X-Received: by 2002:a19:5e5d:: with SMTP id z29mr1960406lfi.105.1545416090366; Fri, 21 Dec 2018 10:14:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545416090; cv=none; d=google.com; s=arc-20160816; b=zKvvsFY/PGV+tEQPYLXg6finnY7VE5dc73RIp4pZ9dInzpexxUU9pHv/AAEMbnDbwP vuao/vWJEkD27GagU6b/lc/iPiMtejaXj1cSRJ13AGvF1KC2IdkTvq4F5UyL+z0Abv5s SiQk0JF2oJFsJUPaq6IIX4vs5OJEseBUw3lH3KWgBWgfzrEhcw4Dqz/0ilUzAMeEJfzp XSYe8q3Io/q3xMW36WWPN/30elHCOXIiXPTzgGpJFzoET2Yx7kPgS8nfTbm4K2Lg8SAI Lu6Fjhu5aOg2A7jmXO9vhLC0ZZFLP2OePsEkHhKKMknrCw/nGNwbjGOIK2YZpHh2+LsL S8EQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=IC72E1SkxQby2tnvUgxalWUUCvjmMLY+yVrjL3hsqg8=; b=Cd/XedVn9A/DUfRXqYF6Z9OibtUbwPs2+S2lWfQIrCUSXKtpv0cMMSTRxxnLyCGloB C3yadExQwlDgS2JNMa+QoAYTLPDwRmDNniNPNwd8skQp89b/ZOWpo/Wkjgd072FWyb6i iSn9I75dQ8nCWvCHWsHwp6LHigA8cjF60+2VdHpHw2gLa316iJtD9h2pxtmvESikbDn3 QfKBu/FdkSas9B9/3Jp2psYQPanG1R+0jvcMZijaln1qDTrt//wa2KYqGAhRgK9kg2N1 wYqFc657yFq3NZIq/Hk8hh07zHvKN39g2Xw1Q9OwQAsktbWj6M1YmJqmOj9UlvgOk8T6 ovcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=DqfsEH5L; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id a12-v6sor15952723lji.34.2018.12.21.10.14.50 for (Google Transport Security); Fri, 21 Dec 2018 10:14:50 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=DqfsEH5L; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=IC72E1SkxQby2tnvUgxalWUUCvjmMLY+yVrjL3hsqg8=; b=DqfsEH5L9YLdOJEXEYum6nwamDbHwKJwJCpeilO+Exni09zMXlLazjQWwG6UxGeyFW cthZ8/pTG4OViX9K/JQWfmJtS9F33LP1hb71YBXNsYDRjNxCpqV8NAzPvx7VOuAH5Tsc LPXPMnueI2EidByLqVwQ22AzvLQ144Ldw2HPEGliQyeXceXtPW1uaP/Sg86LlkmwCPHw /WOXCOYsw5cASKVRpV1s+hAEGzNAktCNUUXk5jWzgAJ/4jfpfwYuqnCr8CnsDS11dTI1 Ntel2Ew+lNIzH4pDzhUWw44FbLcUVoKFuI4LeX7oBViWiQnjx4Wqptqvm437EweXZB72 NKwQ== X-Google-Smtp-Source: AFSGD/UxlqHZez0NWd/HSVJmkToecB7S72thDSg2Cw/dydhEx7i1lDETl2T5I7D9XKZozHyTtVweIQ== X-Received: by 2002:a2e:4746:: with SMTP id u67-v6mr2238745lja.142.1545416089950; Fri, 21 Dec 2018 10:14:49 -0800 (PST) Received: from localhost.localdomain (dmhwpt3bffxn8z3-j6k-4.rev.dnainternet.fi. [2001:14bb:51:a4c8:5c24:24d7:ca5f:e7d2]) by smtp.gmail.com with ESMTPSA id m63-v6sm5444564lje.81.2018.12.21.10.14.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Dec 2018 10:14:49 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Matthew Wilcox , Peter Zijlstra , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann Cc: igor.stoppa@huawei.com, Nadav Amit , Kees Cook , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 03/12] __wr_after_init: generic functionality Date: Fri, 21 Dec 2018 20:14:14 +0200 Message-Id: <20181221181423.20455-4-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181221181423.20455-1-igor.stoppa@huawei.com> References: <20181221181423.20455-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The patch provides: - the generic part of the write rare functionality for static data, based on code from Matthew Wilcox - the dummy functionality, in case an arch doesn't support write rare or the functionality is disabled The basic functions are: - wr_memset(): write rare counterpart of memset() - wr_memcpy(): write rare counterpart of memcpy() - wr_assign(): write rare counterpart of the assignment ('=') operator - wr_rcu_assign_pointer(): write rare counterpart of rcu_assign_pointer() Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- include/linux/prmem.h | 106 ++++++++++++++++++++++++++++++++++++++++++ mm/Makefile | 1 + mm/prmem.c | 97 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 204 insertions(+) create mode 100644 include/linux/prmem.h create mode 100644 mm/prmem.c diff --git a/include/linux/prmem.h b/include/linux/prmem.h new file mode 100644 index 000000000000..12c1d0d1cb78 --- /dev/null +++ b/include/linux/prmem.h @@ -0,0 +1,106 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * prmem.h: Header for memory protection library + * + * (C) Copyright 2018 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + * + * Support for: + * - statically allocated write rare data + */ + +#ifndef _LINUX_PRMEM_H +#define _LINUX_PRMEM_H + +#include +#include +#include + + +/** + * memtst() - test len bytes starting at p to match the c value + * @p: beginning of the memory to test + * @c: byte to compare against + * @len: amount of bytes to test + * + * Returns 0 on success, non-zero otherwise. + */ +static inline int memtst(void *p, int c, __kernel_size_t len) +{ + __kernel_size_t i; + + for (i = 0; i < len; i++) { + u8 d = *(i + (u8 *)p) - (u8)c; + + if (unlikely(d)) + return d; + } + return 0; +} + + +#ifndef CONFIG_PRMEM + +static inline void *wr_memset(void *p, int c, __kernel_size_t len) +{ + return memset(p, c, len); +} + +static inline void *wr_memcpy(void *p, const void *q, __kernel_size_t size) +{ + return memcpy(p, q, size); +} + +#define wr_assign(var, val) ((var) = (val)) +#define wr_rcu_assign_pointer(p, v) rcu_assign_pointer(p, v) + +#else + +#include +#include +#include +#include + +#include + +void *wr_memset(void *p, int c, __kernel_size_t len); +void *wr_memcpy(void *p, const void *q, __kernel_size_t size); + +/** + * wr_assign() - sets a write-rare variable to a specified value + * @var: the variable to set + * @val: the new value + * + * Returns: the variable + * + * Note: it might be possible to optimize this, to use wr_memset in some + * cases (maybe with NULL?). + */ + +#define wr_assign(var, val) ({ \ + typeof(var) tmp = (typeof(var))val; \ + \ + wr_memcpy(&var, &tmp, sizeof(var)); \ + var; \ +}) + +/** + * wr_rcu_assign_pointer() - initialize a pointer in rcu mode + * @p: the rcu pointer - it MUST be aligned to a machine word + * @v: the new value + * + * Returns the value assigned to the rcu pointer. + * + * It is provided as macro, to match rcu_assign_pointer() + * The rcu_assign_pointer() is implemented as equivalent of: + * + * smp_mb(); + * WRITE_ONCE(); + */ +#define wr_rcu_assign_pointer(p, v) ({ \ + smp_mb(); \ + wr_assign(p, v); \ + p; \ +}) +#endif +#endif diff --git a/mm/Makefile b/mm/Makefile index d210cc9d6f80..ef3867c16ce0 100644 --- a/mm/Makefile +++ b/mm/Makefile @@ -58,6 +58,7 @@ obj-$(CONFIG_SPARSEMEM) += sparse.o obj-$(CONFIG_SPARSEMEM_VMEMMAP) += sparse-vmemmap.o obj-$(CONFIG_SLOB) += slob.o obj-$(CONFIG_MMU_NOTIFIER) += mmu_notifier.o +obj-$(CONFIG_PRMEM) += prmem.o obj-$(CONFIG_KSM) += ksm.o obj-$(CONFIG_PAGE_POISONING) += page_poison.o obj-$(CONFIG_SLAB) += slab.o diff --git a/mm/prmem.c b/mm/prmem.c new file mode 100644 index 000000000000..e1c1be3a1171 --- /dev/null +++ b/mm/prmem.c @@ -0,0 +1,97 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * prmem.c: Memory Protection Library + * + * (C) Copyright 2017-2018 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + */ + +#include +#include +#include +#include +#include +#include +#include + +__ro_after_init bool wr_ready; + +/* + * The following two variables are statically allocated by the linker + * script at the the boundaries of the memory region (rounded up to + * multiples of PAGE_SIZE) reserved for __wr_after_init. + */ +extern long __start_wr_after_init; +extern long __end_wr_after_init; +static unsigned long start = (unsigned long)&__start_wr_after_init; +static unsigned long end = (unsigned long)&__end_wr_after_init; + +static inline bool is_wr_after_init(void *p, __kernel_size_t size) +{ + unsigned long low = (unsigned long)p; + unsigned long high = low + size; + + return likely(start <= low && high <= end); +} + +/** + * wr_memcpy() - copyes size bytes from q to p + * @p: beginning of the memory to write to + * @q: beginning of the memory to read from + * @size: amount of bytes to copy + * + * Returns pointer to the destination + * + * The architecture code must provide: + * void __wr_enable(wr_state_t *state) + * void *__wr_addr(void *addr) + * void *__wr_memcpy(void *p, const void *q, __kernel_size_t size) + * void __wr_disable(wr_state_t *state) + */ +void *wr_memcpy(void *p, const void *q, __kernel_size_t size) +{ + wr_state_t wr_state; + void *wr_poking_addr = __wr_addr(p); + + if (WARN_ONCE(!wr_ready, "No writable mapping available") || + WARN_ONCE(!is_wr_after_init(p, size), "Invalid WR range.")) + return p; + + local_irq_disable(); + __wr_enable(&wr_state); + __wr_memcpy(wr_poking_addr, q, size); + __wr_disable(&wr_state); + local_irq_enable(); + return p; +} + +/** + * wr_memset() - sets len bytes of the destination p to the c value + * @p: beginning of the memory to write to + * @c: byte to replicate + * @len: amount of bytes to copy + * + * Returns pointer to the destination + * + * The architecture code must provide: + * void __wr_enable(wr_state_t *state) + * void *__wr_addr(void *addr) + * void *__wr_memset(void *p, int c, __kernel_size_t len) + * void __wr_disable(wr_state_t *state) + */ +void *wr_memset(void *p, int c, __kernel_size_t len) +{ + wr_state_t wr_state; + void *wr_poking_addr = __wr_addr(p); + + if (WARN_ONCE(!wr_ready, "No writable mapping available") || + WARN_ONCE(!is_wr_after_init(p, len), "Invalid WR range.")) + return p; + + local_irq_disable(); + __wr_enable(&wr_state); + __wr_memset(wr_poking_addr, c, len); + __wr_disable(&wr_state); + local_irq_enable(); + return p; +} From patchwork Fri Dec 21 18:14:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10740815 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C3B3013AD for ; Fri, 21 Dec 2018 18:15:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B564E284AA for ; Fri, 21 Dec 2018 18:15:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A98F328632; Fri, 21 Dec 2018 18:15:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 46934284AA for ; Fri, 21 Dec 2018 18:15:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8AFFF8E0008; Fri, 21 Dec 2018 13:14:54 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 85FB38E0001; Fri, 21 Dec 2018 13:14:54 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 701FA8E0008; Fri, 21 Dec 2018 13:14:54 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lj1-f200.google.com (mail-lj1-f200.google.com [209.85.208.200]) by kanga.kvack.org (Postfix) with ESMTP id 0092F8E0001 for ; Fri, 21 Dec 2018 13:14:54 -0500 (EST) Received: by mail-lj1-f200.google.com with SMTP id j24-v6so1889550lji.20 for ; Fri, 21 Dec 2018 10:14:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=Us5fQxnqAuf6nDTBJO2Qb2w31hoygG1FpkEKlSmx1Kw=; b=E/+5/MyFl/BOOAXFH+UYUz4+7YQWJ3XTl5GSqnWDed4gIooGL6URPqKIO7AXUQPXHU ULXBw08UxczF+fiof8ZzVSdp0TRa4mrVcB/VGTts2X44NToQzDn14DxIKvU3k4oWayyg RGr0J9uZIq3nKO5xEZT60P7smy8wluHkeO9HC5kqADAH09pzK88MrwyR31cGvK4bwHv6 nd1lWhjAlDmMNYb4ssfH5H/WPaXnt4V7B8EjknjNgVXR9h1oRZrcTE/Y7d5d8u84aEjo 8HtMmMN285rV7l7sDha3JIqTjoON/NlpW20xbmICi0AmVdpiEREeZSGl27w9hlHzfLDz ELkw== X-Gm-Message-State: AJcUukf1Wks8sl8+DvveGabZzDlv5GXlnXsvhDLrAqRwftGeia86fSTV SM1iMVwCtcraiEiQBNWi7EzZqfFEpCdxbAf55snVF8Cxgv0tGdFgPqQCT9urtWftqFfXkMFOfWV 3AIG/xJl6NTviqxuQcGx3F0J/ivdScfnkBbaTW4y7kUmq0ejQeX60u/Ab63Kp2r6nmBH6IyqnO5 lzruwm2M+gfyfY/LWseFCZRP4+BGZeHmjrTh5nXhr7poWm2czRc2bDO+HOhkQ13BhAbOoLCENnb lG6h8xKA2WX23vvq+0KO3ME4AK5yl7h59KN9eSzS5GDvIasHQLzqtXtZpMWgGV18g9esviFHePR w3js4+0exVefxe0PlkE1E0QHIVG/s5OV0BhnXsZHSEjYu4dEHg6/rKCgeHxu9pFQvDALwC0IPBT 9 X-Received: by 2002:a2e:4c0a:: with SMTP id z10-v6mr2224507lja.85.1545416093370; Fri, 21 Dec 2018 10:14:53 -0800 (PST) X-Received: by 2002:a2e:4c0a:: with SMTP id z10-v6mr2224475lja.85.1545416092178; Fri, 21 Dec 2018 10:14:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545416092; cv=none; d=google.com; s=arc-20160816; b=h/mP6hQtulsL8FzJHDIs/nwepsAuQlZnGnFuPygy28W3QMo54TkpDdBZFKe0k2vq0w HU/pfKEDmNzxFL1FeGof68e/155KqULbuI9sWlvni5jtWF8TZeeaEwP9BxvRybnBry1f BJ7x9RMmjhpUlMTPaHD7KhwGKpeWgWG1EZDH7OuBwLnGtRfSKElbKEH3ZAscjEqp7yeY Gf7KADCNY3G9QRV0JiojU/NPeghMwVQMpDXLbioH2qdhOW5TjZEh/GPPYYlF98ZkO2sz uU3Rzo43NyKuc8gcIV7S7lM2/wvyahCWAxOG42UmLGOL7JUX3sWxRpj+dW9xDq9uRNql Xa1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Us5fQxnqAuf6nDTBJO2Qb2w31hoygG1FpkEKlSmx1Kw=; b=L8m4j6bh6di6AcRV2e9RX8QAg9d3jT/XkGwmSYSyaev5wV3pmQHtiNP/H+EUn1NRLd +GWVsepLdRQ/azzWPE/aCSj42/e3Gnb4jW+Xclz/xGifsbg7UP1yo3ycyzxG1yaWiREI aq8wtbA6KFEyMJYF1ovoUYCI8Jizg5xhBioL44+FgARDBeFa9v3+6Jxe14OlN3E1FX4X Ld//NBKIwNxYloIeVqlkU60i57w2CotAT8KQDSQXKZOMAapo+W1TbSFcbMi/XfVyd1r4 BdJoNuA90JFBe/j07IRlEsds66aMaKc3EV45WTcgblk98i4dun11APzr57Hw7tB+CAzT dJaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=HGWfQjb5; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id w77sor6921307lff.36.2018.12.21.10.14.52 for (Google Transport Security); Fri, 21 Dec 2018 10:14:52 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=HGWfQjb5; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=Us5fQxnqAuf6nDTBJO2Qb2w31hoygG1FpkEKlSmx1Kw=; b=HGWfQjb5vbSEU703D7GDZF8gnrJ6CfP1TS1iPmRhSDLGjMliWP2OTU4t9dcTDDLFqv eDAU+7nNdwfcfoz6oYXjJL+HmL0C7ymB9ShJsMj23VqimbB2jkRvrjm8zuQ48p+Nfr75 ZoN6joq84uIn/psO+3Xg9u/0iXRyuQynvLmv/HtqwPCYoNAWC5Faa76BZyDT9FID2Vfu dqlkXt4qfXEYfLfc8I/aX6w3fTxt+HeG3t0yKQFDxfLBtruTGAPQ/XtAuVw0DefC7wLn CshGs3iZ+b8H51siPqXn+F0ztDMm4FEfvmDc8DP/V0wU19fqjPIHsEMvhcM4ZSk9hHIX btxg== X-Google-Smtp-Source: AFSGD/XRk3ffVjosi0KOa8ubOE0z0coXuuRA/SrFAZt3Qg8nlBRGeL4XEqjStoml5nY+Fgm+PFWoDQ== X-Received: by 2002:a19:1994:: with SMTP id 142mr2105273lfz.134.1545416091776; Fri, 21 Dec 2018 10:14:51 -0800 (PST) Received: from localhost.localdomain (dmhwpt3bffxn8z3-j6k-4.rev.dnainternet.fi. [2001:14bb:51:a4c8:5c24:24d7:ca5f:e7d2]) by smtp.gmail.com with ESMTPSA id m63-v6sm5444564lje.81.2018.12.21.10.14.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Dec 2018 10:14:51 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Matthew Wilcox , Peter Zijlstra , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann Cc: igor.stoppa@huawei.com, Nadav Amit , Kees Cook , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 04/12] __wr_after_init: debug writes Date: Fri, 21 Dec 2018 20:14:15 +0200 Message-Id: <20181221181423.20455-5-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181221181423.20455-1-igor.stoppa@huawei.com> References: <20181221181423.20455-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP After each write operation, confirm that it was successful, otherwise generate a warning. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- mm/Kconfig.debug | 8 ++++++++ mm/prmem.c | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug index 9a7b8b049d04..b10305cfac3c 100644 --- a/mm/Kconfig.debug +++ b/mm/Kconfig.debug @@ -94,3 +94,11 @@ config DEBUG_RODATA_TEST depends on STRICT_KERNEL_RWX ---help--- This option enables a testcase for the setting rodata read-only. + +config DEBUG_PRMEM + bool "Verify each write rare operation." + depends on PRMEM + default n + help + After any write rare operation, compares the data written with the + value provided by the caller. diff --git a/mm/prmem.c b/mm/prmem.c index e1c1be3a1171..51f6776e2515 100644 --- a/mm/prmem.c +++ b/mm/prmem.c @@ -61,6 +61,9 @@ void *wr_memcpy(void *p, const void *q, __kernel_size_t size) __wr_enable(&wr_state); __wr_memcpy(wr_poking_addr, q, size); __wr_disable(&wr_state); +#ifdef CONFIG_DEBUG_PRMEM + VM_WARN_ONCE(memcmp(p, q, size), "Failed %s()", __func__); +#endif local_irq_enable(); return p; } @@ -92,6 +95,9 @@ void *wr_memset(void *p, int c, __kernel_size_t len) __wr_enable(&wr_state); __wr_memset(wr_poking_addr, c, len); __wr_disable(&wr_state); +#ifdef CONFIG_DEBUG_PRMEM + VM_WARN_ONCE(memtst(p, c, len), "Failed %s()", __func__); +#endif local_irq_enable(); return p; } From patchwork Fri Dec 21 18:14:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10740819 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A845B924 for ; Fri, 21 Dec 2018 18:15:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 97D812835B for ; Fri, 21 Dec 2018 18:15:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8A98728618; Fri, 21 Dec 2018 18:15:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 262FF2835B for ; Fri, 21 Dec 2018 18:15:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 160838E000B; Fri, 21 Dec 2018 13:14:59 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 10DA28E0001; Fri, 21 Dec 2018 13:14:59 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E7BC18E000B; Fri, 21 Dec 2018 13:14:58 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lj1-f200.google.com (mail-lj1-f200.google.com [209.85.208.200]) by kanga.kvack.org (Postfix) with ESMTP id 752A78E0001 for ; Fri, 21 Dec 2018 13:14:58 -0500 (EST) Received: by mail-lj1-f200.google.com with SMTP id k22-v6so1860789ljk.12 for ; Fri, 21 Dec 2018 10:14:58 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=y4zotDQYnZoXB9lfg1fC2W7czb+qE54ZRjKDYZQbGrM=; b=P5M7SqdxYjmLxQGvbS0gmKk/vDAgz7YPdTdBPDnFIqh6mosStNEzhd9mJ0iEl9jdd7 L6VN1LkjD3oW0XZ/lNZrQMtDj5Omo/CeVekcnmTQVQWPyqo0VTty78hIq8fPo+e58IPp 86bM2yMIj+DofqPEcoT5ZONzZsciTg9auTutIeMldzFvOb55AcsAmfwB23egek9B6uyt SB4v8h+4pPzwZ0Bt9SX2m1UFsxcEPqYf3OLUt/ccPMi/fItE2FIdXHr8S6LnYmDMhDBf gUCIZijrdoq/G9By9u/ma8JuIO+JErCp1CdthvEvmn6kWzGwjhICkOIowYdIMRtzbyB7 YSHg== X-Gm-Message-State: AA+aEWYnmFx2HyZYW6pn3PbYprVnPU2JbtnRkb+wLaQ7Q5I2ccVIweag 7svmIzf32UUqYlqqnEIzNaUUQTeSvA0IFnfgF4IxvM/WVpILoZGkN5cw8cyvdUSs3C3Qo5n7hjA VElC9xVxYOzd/f4gEjHvtjxf1Fg7qbWEsAJk2S+wPR90IdAVYqUsP8ew1bKjS2dyEmzQiOlBgdd wcKcH5WNT1ZLU/eVK4Yk3KaStoZyoEh1N8jpI8PAh8sdsOD4Y9uYP5zWzExS8/avTGQDHhiTFrL C15X5Kgh0qFkVeE5n77yrMjQ/XKXOClWwEMo22KCdAURi+mkvg7xhwuidunZDOgLLP3D1hBLDgT C5CMusthtbT+mWGVFNSw0tjHgFfMJDQ9oZaXKeOhzgTkt8o8pJ+DPCzb4rMnOxDlrumSC5aQNST 5 X-Received: by 2002:a2e:4784:: with SMTP id u126-v6mr2241106lja.124.1545416097846; Fri, 21 Dec 2018 10:14:57 -0800 (PST) X-Received: by 2002:a2e:4784:: with SMTP id u126-v6mr2241075lja.124.1545416096896; Fri, 21 Dec 2018 10:14:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545416096; cv=none; d=google.com; s=arc-20160816; b=AM4tbFF/m82yGkpFjj8Ud0cJWQZgaTebdtzShOPN3JUx5i5c9oS01BqON2ylgVP+kc Di78DhnqUxQgByzJqSQAP8wu1CFv7MAHykDB7iIwy9QYwz98KmSLSfxET7DMFSMIBEg4 CES9J+kRdrk/dJwVuIIVfQYBjbY2xSNwQAdlMOLpOFeeXKG2mr4jwWGWkKrPIA1xqH1n aCIfEnaFSj9YTya3Sipu4GpkdFNJDNKJgn05ArvUmiwhrbVj90g+vPnkZTZKaItFO8V6 DCkFuzwIpo7WYGmvVPg3Q+mo1mei/bBwGdIDiyIjUQziC/HG3AvclrQmu8M6rZR3pcdi i14Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=y4zotDQYnZoXB9lfg1fC2W7czb+qE54ZRjKDYZQbGrM=; b=tRjd3jRvkk7o2U6yfnjachpA8wwH7b32ZE1xcAs6SkSxPjEEJVWBSlvSjuqWZpg4LU xSqv5E8EeZOP1SEWJFX5wCz+fs8/JmLMexzToCa/yT6dNM9jSkSLmdMqQHNY3cvaxbUg elWIoKpy+QEAq439CyqdYsJLViPWcIgt4fWRote0J4JwePGlZgXVNcFduBHuUZGAm43x jDReVo93+IvjpKNGIefAMTRlwsQVnZXLUslh06jtE9gZMg/ZhW1trhMTsD165EL7o8AX CJcb2VorR2Xib4YBy/pHoEmRRWCIP0t0avIwSWL4AhaQaibFIQrNrNB1Nvxvtx1Rx2DG 9dCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=SvsaISUs; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id p12sor7472827lfk.37.2018.12.21.10.14.56 for (Google Transport Security); Fri, 21 Dec 2018 10:14:56 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=SvsaISUs; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=y4zotDQYnZoXB9lfg1fC2W7czb+qE54ZRjKDYZQbGrM=; b=SvsaISUsENLTRerxTlrw5WngUCL6xcuf+y6j/r5ybSpTEfxaevKrsab709fKKhBFHj bDwmZRFgmlGlLH6FjZIZscR0mARSzL5Yc1Hymyod01ulZ++YoZYQqgmNdt5hGgCy/c1w dOBT1TON7MOsOs6Xw7MVbfxdS7EHIQYmGSXAmKQBDdENjV/u+AOBJ2y2A59gz4QamBCP UTifq3MQpLnaFdW5Xk4MLjGbO5nBEo9pGRwBG+W6PIBX76n7iZh9k2R9oNkzAxmSHaKA Z19GApJN2rFbLKVpY9/VsZ+zfN78gSapfg+d5LN8SNYSOESPzDlqQaFJ+a0L0WMvu1B/ svYw== X-Google-Smtp-Source: AFSGD/UUw4QOTr1Fz5pqLC5tPgrFCIm78stVTJm1s66btznV4xeiArrlcZYeL5woLgX/8UrqetsuTw== X-Received: by 2002:a19:a60c:: with SMTP id p12mr2115400lfe.63.1545416096496; Fri, 21 Dec 2018 10:14:56 -0800 (PST) Received: from localhost.localdomain (dmhwpt3bffxn8z3-j6k-4.rev.dnainternet.fi. [2001:14bb:51:a4c8:5c24:24d7:ca5f:e7d2]) by smtp.gmail.com with ESMTPSA id m63-v6sm5444564lje.81.2018.12.21.10.14.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Dec 2018 10:14:55 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Matthew Wilcox , Peter Zijlstra , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann Cc: igor.stoppa@huawei.com, Nadav Amit , Kees Cook , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 06/12] __wr_after_init: Documentation: self-protection Date: Fri, 21 Dec 2018 20:14:17 +0200 Message-Id: <20181221181423.20455-7-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181221181423.20455-1-igor.stoppa@huawei.com> References: <20181221181423.20455-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Update the self-protection documentation, to mention also the use of the __wr_after_init attribute. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- Documentation/security/self-protection.rst | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rst index f584fb74b4ff..df2614bc25b9 100644 --- a/Documentation/security/self-protection.rst +++ b/Documentation/security/self-protection.rst @@ -84,12 +84,14 @@ For variables that are initialized once at ``__init`` time, these can be marked with the (new and under development) ``__ro_after_init`` attribute. -What remains are variables that are updated rarely (e.g. GDT). These -will need another infrastructure (similar to the temporary exceptions -made to kernel code mentioned above) that allow them to spend the rest -of their lifetime read-only. (For example, when being updated, only the -CPU thread performing the update would be given uninterruptible write -access to the memory.) +Others, which are statically allocated, but still need to be updated +rarely, can be marked with the ``__wr_after_init`` attribute. + +The update mechanism must avoid exposing the data to rogue alterations +during the update. For example, only the CPU thread performing the update +would be given uninterruptible write access to the memory. + +Currently there is no protection available for data allocated dynamically. Segregation of kernel memory from userspace memory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From patchwork Fri Dec 21 18:14:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10740823 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4DBCE924 for ; Fri, 21 Dec 2018 18:15:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4070A2835B for ; Fri, 21 Dec 2018 18:15:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3413328618; Fri, 21 Dec 2018 18:15:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B5E992835B for ; Fri, 21 Dec 2018 18:15:09 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 52EBC8E000C; Fri, 21 Dec 2018 13:15:04 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 4DBA78E0001; Fri, 21 Dec 2018 13:15:04 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3822C8E000C; Fri, 21 Dec 2018 13:15:04 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) by kanga.kvack.org (Postfix) with ESMTP id B645E8E0001 for ; Fri, 21 Dec 2018 13:15:03 -0500 (EST) Received: by mail-lj1-f199.google.com with SMTP id v27-v6so1907500ljv.1 for ; Fri, 21 Dec 2018 10:15:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=vgb7J+uzu72a1nLgAIDJQpmIZYI0IWGcwJEvrx3eHk8=; b=fCu/Dvxq5YsXEInvrZ6nOPolYPqmuAppN13/UbAzMzYJ0RyZ+I7klCa6FdhvmtoLOb A4YpB7qy/GFLlBKKUkH640mx4ZGDTYi8Sj1ub8S+DDSDsl0uswBOujpsUMvfY3ZSwNrd fX6gRag8LldbG61IS5CH5TJMb5xwRDwQ1X092IzJgW7Wnl12jQQ597pi6Tws1llQzUUI Q2C/6n//8TibpwBcaBuJ9WiELw+chnxs/KDd/GxxM7Vel2Ww+OyILXBhZn3d9mR8lAQQ 0sBnSZpwff1wpn83nJVJBbGIql3cgbBDHIKR0eMAS/Es6xLObQUt1sPNn4OP1YElUxKl 9iIQ== X-Gm-Message-State: AJcUukewQdlqCVGi0jHen1oP4A2OUGbbD0mE7X+JqbmKUoE82wOBWTMj v/xbVaoGEeDDeNhdgH5iQuPDNjuwl7P9UN6EYYp05sjJIsZCx0DOblRZWkwIU2REw3j0E1ImRUX AfTQ+Mri4mWozzM+3FJKw99+cX+aNkwLYRm4Am2dO8gFb2VA/P7kzIbFOC72U8amffSgBz10GNb SlnVPXso5HWZdi8a8rdgX5F+gybVUnng1deumMKkaPUJ0QZfx+hwrxFkbj+ANokw8WX9uVfVolL Li684AhGsAluueoATi5e6Z8cgllzD7lsRXhPFeUdx61bCPZODUgvMZqmmA/P1tIfbbdWVrZX2EB bHxWbPyYfzbytwd0rcfpKhEqQZ/A/IIQx1vE1cL/imwdx3gIbieIxOzeYPd8/KrQe+Hv9J3Thl2 H X-Received: by 2002:a2e:9256:: with SMTP id v22-v6mr2496709ljg.178.1545416103112; Fri, 21 Dec 2018 10:15:03 -0800 (PST) X-Received: by 2002:a2e:9256:: with SMTP id v22-v6mr2496663ljg.178.1545416101802; Fri, 21 Dec 2018 10:15:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545416101; cv=none; d=google.com; s=arc-20160816; b=t30uovBrhqCr6TrrZmPJJK3ZgZCB4dha7ERUT3+R4hftmEL2RPuGIcEkFmXoAsw9cz D6mQo+POMdAzOZxc8B7SKCDbXY8ACpGAQp/gAj2If5PgQ3GvjOeHM2aATwXwgptlSZl2 HIuShIxqWWmHrUWJn3BdeZfDj8csiEhqSL86fGtWYtlV2Qs80Qjwe50zOKmLxMxE7J/2 F+V0GOv8tcM03mH3ykAtkJBqyMil6mZ4AVHsXDpVqGV/dFlLSSW90kUDsgO+U9J3lJEh A9xSyWLrwJd7xDiE3i1Ur4Wngg40KDZhIa0vrnjX66QpuczXozI5hCX6WcZRx+RIcuvi xAxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=vgb7J+uzu72a1nLgAIDJQpmIZYI0IWGcwJEvrx3eHk8=; b=YbwBE+saxpCaUax6Z4IGD7rrZ5G9O1D3XVCUxs05zS8Xwl5p8YaLlONi1Y/ySfScoY VcUjuo60QHt5jQmff4f6gpAEtOZhjiGb4bKBfTuEYTq/mlbldEioyMDvCzcI0stw1cqX 76GGftpw0h1kuBr3XgnfGB+pa1qpXc8TSjqEHVtqUZzn/WXhgbZkM5Ca8hqVoASjC3JQ UwgBVV4TuwwP1Cq4uBmErAOuiX35cwfZD7QTGQ3sgW/F6EJLxo2ldXFwggLBniybd5rt FkUDPy/0Ac4ZDla3jHenz2SEEwdLvcL+E6DGPkd9B+2r6qTETiy8eaegR0H8IaTvKPOi Jt0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kUeoKzL4; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id j2-v6sor16550330ljg.42.2018.12.21.10.15.01 for (Google Transport Security); Fri, 21 Dec 2018 10:15:01 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kUeoKzL4; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=vgb7J+uzu72a1nLgAIDJQpmIZYI0IWGcwJEvrx3eHk8=; b=kUeoKzL4DU9YWPEF1gNBKSCW0fL9CgdXq6jjpoupxnO4uLElST2H3S+SZCQgWimXXO YZMohIUO3dmUaPEpq05kR5+UYbdP8y+AIjfcy75gu+74W7d1pcqGXzRoIbVh/NgpQ4Hu XlT/e25pZJJetrF/oy9iRTDdIkBHVWZRayJtOBqc9NF0MTUYxKeUsVGasOcHzSVmNawK taKuwvPiPWuqWrhRKsjrXcBQPTXp8K6wjHW5mb0ZzblTCCVZfJb5fhn+NIqfncqQu0zm 0/IE8fGk5PL2rlOOPxS0vZLGHddhfFG0tPSDSKOTrDWp6euS3mJKoxmuscDdf7TiCAgY X65w== X-Google-Smtp-Source: AFSGD/XswW5dKjiUGmh9wa+v9T60QYxp3Cs4xb9Q4fBCeW4KdXwqXRGKpf7tFOWWuwHHCYc03cVqMQ== X-Received: by 2002:a2e:21a9:: with SMTP id h41-v6mr2233605lji.103.1545416101435; Fri, 21 Dec 2018 10:15:01 -0800 (PST) Received: from localhost.localdomain (dmhwpt3bffxn8z3-j6k-4.rev.dnainternet.fi. [2001:14bb:51:a4c8:5c24:24d7:ca5f:e7d2]) by smtp.gmail.com with ESMTPSA id m63-v6sm5444564lje.81.2018.12.21.10.14.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Dec 2018 10:15:00 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Matthew Wilcox , Peter Zijlstra , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann Cc: igor.stoppa@huawei.com, Nadav Amit , Kees Cook , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 08/12] rodata_test: refactor tests Date: Fri, 21 Dec 2018 20:14:19 +0200 Message-Id: <20181221181423.20455-9-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181221181423.20455-1-igor.stoppa@huawei.com> References: <20181221181423.20455-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Refactor the test cases, in preparation for using them also for testing __wr_after_init memory, when available. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- mm/rodata_test.c | 48 ++++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/mm/rodata_test.c b/mm/rodata_test.c index d908c8769b48..e1349520b436 100644 --- a/mm/rodata_test.c +++ b/mm/rodata_test.c @@ -14,44 +14,52 @@ #include #include -static const int rodata_test_data = 0xC3; +#define INIT_TEST_VAL 0xC3 -void rodata_test(void) +static const int rodata_test_data = INIT_TEST_VAL; + +static bool test_data(char *data_type, const int *data, + unsigned long start, unsigned long end) { - unsigned long start, end; int zero = 0; /* test 1: read the value */ /* If this test fails, some previous testrun has clobbered the state */ - if (!rodata_test_data) { - pr_err("test 1 fails (start data)\n"); - return; + if (*data != INIT_TEST_VAL) { + pr_err("%s: test 1 fails (init data value)\n", data_type); + return false; } /* test 2: write to the variable; this should fault */ - if (!probe_kernel_write((void *)&rodata_test_data, - (void *)&zero, sizeof(zero))) { - pr_err("test data was not read only\n"); - return; + if (!probe_kernel_write((void *)data, (void *)&zero, sizeof(zero))) { + pr_err("%s: test data was not read only\n", data_type); + return false; } /* test 3: check the value hasn't changed */ - if (rodata_test_data == zero) { - pr_err("test data was changed\n"); - return; + if (*data != INIT_TEST_VAL) { + pr_err("%s: test data was changed\n", data_type); + return false; } /* test 4: check if the rodata section is PAGE_SIZE aligned */ - start = (unsigned long)__start_rodata; - end = (unsigned long)__end_rodata; if (start & (PAGE_SIZE - 1)) { - pr_err("start of .rodata is not page size aligned\n"); - return; + pr_err("%s: start of data is not page size aligned\n", + data_type); + return false; } if (end & (PAGE_SIZE - 1)) { - pr_err("end of .rodata is not page size aligned\n"); - return; + pr_err("%s: end of data is not page size aligned\n", + data_type); + return false; } + pr_info("%s tests were successful", data_type); + return true; +} - pr_info("all tests were successful\n"); +void rodata_test(void) +{ + test_data("rodata", &rodata_test_data, + (unsigned long)&__start_rodata, + (unsigned long)&__end_rodata); } From patchwork Fri Dec 21 18:14:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10740825 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A2703924 for ; Fri, 21 Dec 2018 18:15:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 94E692835B for ; Fri, 21 Dec 2018 18:15:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 88FEF28622; Fri, 21 Dec 2018 18:15:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1C20C2835B for ; Fri, 21 Dec 2018 18:15:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EF0D88E000D; Fri, 21 Dec 2018 13:15:05 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id EA3BA8E0001; Fri, 21 Dec 2018 13:15:05 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D41CC8E000D; Fri, 21 Dec 2018 13:15:05 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) by kanga.kvack.org (Postfix) with ESMTP id 63E208E0001 for ; Fri, 21 Dec 2018 13:15:05 -0500 (EST) Received: by mail-lj1-f199.google.com with SMTP id x18-v6so1903707lji.0 for ; Fri, 21 Dec 2018 10:15:05 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=hKpBmvKhY62YcE+qk2JyFeoOHJdEVTVCpq3mJ7wKHeo=; b=S6Niv8iZkr92sRy8GcTyPD/w/UVgChWZM6VTBZBNHC5DElCxEUI+XdD7DtS5d6HooW 9w4bJGiqc7i8AbheQQcmGwkFkErJ6U+MMhV4Kzh8mb85ekZlIxoX11eWjWfpjM5l9PIO lYQC5qGV/kAI3enway1ec3x5YVuFUs5YRV/bN3PfhnmVO4JD9YS01hglZK/Ob3fsWL9L KoSJmqSm0DXhA2OoOuySU1R4wja1ylWL+mUefOSt/3Ce1VoS/A0VoMd+oE9ugqvaCiCY BDFqwGuqKTO/uDC2SPhwfHNM0YQSbvqPMUOmUoucxSd5I4dlK2Ao1SlO4IkL6CYftIpt fgbQ== X-Gm-Message-State: AJcUukfcs3qRGKLNLsZSL8rX2Lf7nVJakhjMNF+/bQwsDyM8Xt8GDG7w g1V3MvK4QhuMXPD16vv8v8gPOtET1x87vDpR5qxfVvZZFyp9KiSzcJ2ao5BsB8azTUYN0WKzcAk NbRNP08c1adwwWE2xkVUFaBPU3EgY+HJzhoHceeXCXTET5wCCWTUa2AVrz3Qp7c31fXHLrfkGP9 mS/ocQNsbsz2C0jTiJbiW8AmVqakTdhGaqkNJEB6UGW1i1oMEr26vH0fL1nl9st98O1nbPbAzGz SwHVD8XwYcYqyH0LhE6bi0TBLcZaYD6oqsV6JsBMdF2VNjYCiraKCRLAH07cce+Zc825gWJDA7l osKukgWzriA7pv5tCErXEvtThr5RfFx/ZUFqzuoBWmx0Lnzp3bBOE2oZYURajBwhX0M18TzBWuq O X-Received: by 2002:a2e:3803:: with SMTP id f3-v6mr2252235lja.169.1545416104782; Fri, 21 Dec 2018 10:15:04 -0800 (PST) X-Received: by 2002:a2e:3803:: with SMTP id f3-v6mr2252202lja.169.1545416103971; Fri, 21 Dec 2018 10:15:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545416103; cv=none; d=google.com; s=arc-20160816; b=D4NbBh5NM28UFGS9usa4qm1C5CWYqg88kDaUqwyee66V7PIJI5BAClXlw9qu0jUPF+ psvOb4B0J/GodoUM3q8l3xgwH0YStogCxlXyPTHzDrDEcz7zRsU2wfF5gg9hvifmWBhx t3D72AZPu/L+6taRzIZ1B6/ZgWb7KW+I1lyDTUh3oA0jTKT0sCa7rQ5St7VcJMKur+C9 4rttLAGgR/ZgfE5BY/Q60wE4Ai5jb5Rh2vboej+N3F9SXto5zZ6q5aYzv0E2+WtuIsq/ P4rY2XkZHDWxmj3dGhX4hC85YttSJXvt79ys/b4UVkKEjk+5Jv9W2WrqO+EbbcVfYDru LqPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=hKpBmvKhY62YcE+qk2JyFeoOHJdEVTVCpq3mJ7wKHeo=; b=XZeNYTTKUDTMWyQn/oTcdvQllUHAyRXKO5AmvsGTw+YuBc0c/Sa+IYxMbp4BJcRqaN ECLcZhJbx6+rs9eNFC0zZUJbIzufBS3RhY1RbwL4wLOfANlljPFT0c3Ov6Uw8DJdNf2I cQM9fheV/cB8hcTyKliArqfMitfNNWP3zZBAfL2kahasfODE3IMYpYNP/u/FaQauqizi IhzzV1euqgbpfJ3UU11Rx5S2wH49BJB839Ns2cH2rIcy8LJ9ez0KTSOVLuXKrz2VViu2 M/JDa1OreFE5IP0Fd+ocZlsFUZl1WAGdrNRSb1mPrWrsfPHyeQOJSfzFmlBIXRcU0NsO T1dA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="P/5eitQz"; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id w77sor6921421lff.36.2018.12.21.10.15.03 for (Google Transport Security); Fri, 21 Dec 2018 10:15:03 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="P/5eitQz"; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=hKpBmvKhY62YcE+qk2JyFeoOHJdEVTVCpq3mJ7wKHeo=; b=P/5eitQzqF4I/oTbSibobHwdzXYLEAMNbcNPfzS3a+ykbj4p7coiugUW2F9rjhhWMm lsNPk+KqhR4DNi7n4YQ0kjs7Hs/SgxhRaox/StG8MhP71NOi8+e3TtzbjmB19jA/2erO D1y8WK3jRyhpp8TdwUQv12RC02VyzLYGSD3rsfMZvW7goTHwYSCO6SmBy4GXZ0BuOa11 RbKHrcsnPGoXvCQgHf47Vp8mmIlUEp5jwiXap9+Z0uadOJtZti8Z/5aspb3g9vpmjCuE lKXA6AazVT+48O79fX+xuYZAoJVE5lK4GhgfGVWRtbwUwyRsRiB64G/B57fD3b0NkLNj 8nDg== X-Google-Smtp-Source: AFSGD/W1G6Tq7n+hJWkNQlncfqgelqo0DV4gS71OAhO90oATObuU+4gfeMRLnUh0qrb9WRHlqlsVGQ== X-Received: by 2002:a19:2106:: with SMTP id h6mr1979270lfh.29.1545416103579; Fri, 21 Dec 2018 10:15:03 -0800 (PST) Received: from localhost.localdomain (dmhwpt3bffxn8z3-j6k-4.rev.dnainternet.fi. [2001:14bb:51:a4c8:5c24:24d7:ca5f:e7d2]) by smtp.gmail.com with ESMTPSA id m63-v6sm5444564lje.81.2018.12.21.10.15.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Dec 2018 10:15:02 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Matthew Wilcox , Peter Zijlstra , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann Cc: igor.stoppa@huawei.com, Nadav Amit , Kees Cook , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 09/12] rodata_test: add verification for __wr_after_init Date: Fri, 21 Dec 2018 20:14:20 +0200 Message-Id: <20181221181423.20455-10-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181221181423.20455-1-igor.stoppa@huawei.com> References: <20181221181423.20455-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The write protection of the __wr_after_init data can be verified with the same methodology used for const data. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- mm/rodata_test.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/mm/rodata_test.c b/mm/rodata_test.c index e1349520b436..a669cf9f5a61 100644 --- a/mm/rodata_test.c +++ b/mm/rodata_test.c @@ -16,8 +16,23 @@ #define INIT_TEST_VAL 0xC3 +/* + * Note: __ro_after_init data is, for every practical effect, equivalent to + * const data, since they are even write protected at the same time; there + * is no need for separate testing. + * __wr_after_init data, otoh, is altered also after the write protection + * takes place and it cannot be exploitable for altering more permanent + * data. + */ + static const int rodata_test_data = INIT_TEST_VAL; +#ifdef CONFIG_PRMEM +static int wr_after_init_test_data __wr_after_init = INIT_TEST_VAL; +extern long __start_wr_after_init; +extern long __end_wr_after_init; +#endif + static bool test_data(char *data_type, const int *data, unsigned long start, unsigned long end) { @@ -59,7 +74,13 @@ static bool test_data(char *data_type, const int *data, void rodata_test(void) { - test_data("rodata", &rodata_test_data, - (unsigned long)&__start_rodata, - (unsigned long)&__end_rodata); + if (!test_data("rodata", &rodata_test_data, + (unsigned long)&__start_rodata, + (unsigned long)&__end_rodata)) + return; +#ifdef CONFIG_PRMEM + test_data("wr after init data", &wr_after_init_test_data, + (unsigned long)&__start_wr_after_init, + (unsigned long)&__end_wr_after_init); +#endif } From patchwork Fri Dec 21 18:14:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10740829 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5D02B924 for ; Fri, 21 Dec 2018 18:15:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 508D12835B for ; Fri, 21 Dec 2018 18:15:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 44C9F28618; Fri, 21 Dec 2018 18:15:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CCF602835B for ; Fri, 21 Dec 2018 18:15:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B4E268E000E; Fri, 21 Dec 2018 13:15:12 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id ACF288E0001; Fri, 21 Dec 2018 13:15:12 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 94EE68E000E; Fri, 21 Dec 2018 13:15:12 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-lf1-f69.google.com (mail-lf1-f69.google.com [209.85.167.69]) by kanga.kvack.org (Postfix) with ESMTP id 1CDA28E0001 for ; Fri, 21 Dec 2018 13:15:12 -0500 (EST) Received: by mail-lf1-f69.google.com with SMTP id f16so708510lfc.3 for ; Fri, 21 Dec 2018 10:15:12 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=SF4qk+bTzK3es4UM9b0qE6afh8/8sQWLd3sxWcWkQd8=; b=Yca6CcfIiYM3bVqMqSaO6C7EbZlodzkbDJgM/eMod1l8ItWqNwtZ7TxKo55YWxE11W JqaIJvskIvi5mN7VdSVkp+OuXK5mIul5QyhPJP41Mt7dQU5WyJx/MmkTGoRvXfShxgxG 2Vz5DV96wK7qr9sqv0r88XGiA4SiJm7cxCIyLVHL7wWcBKFQuzO2W42DnIk3Z7pi61yk rP8OziqJRBDepqcV+hy/TJlRvRT9/kDOIj2PtoyMxlzeMAg7BYgmPm9fmg7XTO8P5eTL FkcjfxhPVBKM+FO1B0OhrnQu0i5CA5K+qW6SiOgzmenNuaTW+gVI2/KFgW86C1geZ+AD orww== X-Gm-Message-State: AA+aEWZTSFzY6zWRWPB3h44DrW575hfmj8ldo0UdHC2grmkmbSYkI7qc 1qnxNLiP9+rxSVuWG/ZuOHC4Bw9xCF2nQz8o6SDgEIkK/gKiypkviefLie00vGh7Sjq6J0Vmqlw NCWOGE16SECwGVn4PB5ZuFI04EUWQ+UIqVmPEdm0OsEfqww/j1gqDngKqewqWjMWxpc+H1PpQ5x 4bjLFAZ1eyDxb8aBjctSlIDMs7VbuF4Bb5Z6mw0d7s6fDFiMf8df1y2cySg4QvxAR8qTvSFV1Yq mYf5RqJhq2sI/yaCM5eVtGL+X9rvDanKBRLIP/V9EAPfY0cebCzOORDk+BjZyj2lWYoLTVMlt/N /nAWEDf66oAShMn/SodILL/sVGgyohSkV4x4AqsqD3+UIboZh2IeVCQ709rbawEXLAuHdyjq6uK s X-Received: by 2002:a19:59c2:: with SMTP id n185mr1898613lfb.118.1545416110956; Fri, 21 Dec 2018 10:15:10 -0800 (PST) X-Received: by 2002:a19:59c2:: with SMTP id n185mr1898510lfb.118.1545416109657; Fri, 21 Dec 2018 10:15:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545416109; cv=none; d=google.com; s=arc-20160816; b=y50Ka+27aqcp/FmF2sZ1ZGmQq0U3n8eqO/+LY9/M4Jzit9gHjubMbpm6eiwOgVpKlr O5Kd2nw6WrHvYMV2ossCswd80EC79yloRyYOMHe5TQPiEPNYZcotk0ZtirrIwkd2VcN9 xrceGIKaI5I8R6jSgYsfpuMUZ3sBy/zxoU0QN5hYwqbYeA3/CgdKqZI4IPiUtq42I/EK u8wyvYQeWRQ/7gu5C3v3llWMKZSOhMfV4soiA/A2ehJcfXybIy0XtAb9RrufldOzuyQE T9aXU99gWihjsBfVoJN/BlYqUoKsD28wNyvA8l2aHvJIas5o8VxotvvLp6LIZtPvqiGl Bv9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=SF4qk+bTzK3es4UM9b0qE6afh8/8sQWLd3sxWcWkQd8=; b=qwkwuzpIck/v3xNV+20E7xHHqnSGpMEytCOORvhrSAiroGI9WgYnC/lnQwjFlQxPJi 6vrhdqAJ1NoTXbra4QJSySkcouIIqEV66JrD+HyBq7JAw/CDOi31X1vqKUsccKMgLFrG 0SMtR080yrJV0WceogG1pdem31Lro3eKkr+VfNvQxVL1w4nN/s4jF905LFDNOFXL/rzs 1dN3tkiRlEf8QbxlUC0980tnDxhZxokLIAZbNNoZ8byARr1DtkWNrAr9yRbE6RYMgZrJ zxOoobkhNiyl82AZM/gLdlxS6YuICYizKHlYdWiRuAjaGDlFdCqwS0YP6jaZnQCYZZqs +fFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="Ii7ELF8/"; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id h39-v6sor16663786lji.32.2018.12.21.10.15.09 for (Google Transport Security); Fri, 21 Dec 2018 10:15:09 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="Ii7ELF8/"; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=SF4qk+bTzK3es4UM9b0qE6afh8/8sQWLd3sxWcWkQd8=; b=Ii7ELF8/5y1rVaPhHiLhgDtq4P7/rfzqXnM3EeCH5GRSr2Kq2zzNF5t8kZw3ND0+a6 10vlyhvH2ZArYPGzD8PwHtf9EFg96E8dJK8mNhL944qEkX0oPwo3++zWdGQklQ9CWU8B ETzu3Boaxa10N5Nt8r1xtE9gTtRaR9kkLpPgE8BLmp1z/ycZC0NNjjNhkSeV27VB58Vh cylWppIJrf8u0uC15//e4cctuMhk9qlnQyspjtHkl2k33XBKfEPLw9N9gKQ8QuMGKnxR 26HLuc8Ps/OA9fdgIFgv2Zi8d3KV46SAyUsiabS45ayIX64sTa1CQlIsMkc80vD0t48o vIng== X-Google-Smtp-Source: AFSGD/U5nUYrabzF4bcWijW9jX9KfZDA5WG1g0TgA4b42uvAMM3t6RmJ/Cf3Ft6Rt3AgJtUscpiQGw== X-Received: by 2002:a2e:9cd2:: with SMTP id g18-v6mr2461814ljj.161.1545416109279; Fri, 21 Dec 2018 10:15:09 -0800 (PST) Received: from localhost.localdomain (dmhwpt3bffxn8z3-j6k-4.rev.dnainternet.fi. [2001:14bb:51:a4c8:5c24:24d7:ca5f:e7d2]) by smtp.gmail.com with ESMTPSA id m63-v6sm5444564lje.81.2018.12.21.10.15.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Dec 2018 10:15:08 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Matthew Wilcox , Peter Zijlstra , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann Cc: igor.stoppa@huawei.com, Nadav Amit , Kees Cook , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 12/12] x86_64: __clear_user as case of __memset_user Date: Fri, 21 Dec 2018 20:14:23 +0200 Message-Id: <20181221181423.20455-13-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181221181423.20455-1-igor.stoppa@huawei.com> References: <20181221181423.20455-1-igor.stoppa@huawei.com> Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP To avoid code duplication, re-use __memset_user(), when clearing user-space memory. The overhead should be minimal (2 extra register assignments) and outside of the writing loop. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/x86/lib/usercopy_64.c | 29 +---------------------------- 1 file changed, 1 insertion(+), 28 deletions(-) diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c index 84f8f8a20b30..ab6aabb62055 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c @@ -69,34 +69,7 @@ EXPORT_SYMBOL(memset_user); unsigned long __clear_user(void __user *addr, unsigned long size) { - long __d0; - might_fault(); - /* no memory constraint because it doesn't change any memory gcc knows - about */ - stac(); - asm volatile( - " testq %[size8],%[size8]\n" - " jz 4f\n" - "0: movq $0,(%[dst])\n" - " addq $8,%[dst]\n" - " decl %%ecx ; jnz 0b\n" - "4: movq %[size1],%%rcx\n" - " testl %%ecx,%%ecx\n" - " jz 2f\n" - "1: movb $0,(%[dst])\n" - " incq %[dst]\n" - " decl %%ecx ; jnz 1b\n" - "2:\n" - ".section .fixup,\"ax\"\n" - "3: lea 0(%[size1],%[size8],8),%[size8]\n" - " jmp 2b\n" - ".previous\n" - _ASM_EXTABLE_UA(0b, 3b) - _ASM_EXTABLE_UA(1b, 2b) - : [size8] "=&c"(size), [dst] "=&D" (__d0) - : [size1] "r"(size & 7), "[size8]" (size / 8), "[dst]"(addr)); - clac(); - return size; + return __memset_user(addr, 0, size); } EXPORT_SYMBOL(__clear_user);