From patchwork Mon Feb 11 23:27:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10806943 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 210271390 for ; Mon, 11 Feb 2019 23:28:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0F2D7299FB for ; Mon, 11 Feb 2019 23:28:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0234E29A9D; Mon, 11 Feb 2019 23:28:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_WEB autolearn=no version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2AB8E299FB for ; Mon, 11 Feb 2019 23:28:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 205F68E0192; Mon, 11 Feb 2019 18:28:11 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 1B46F8E0189; Mon, 11 Feb 2019 18:28:11 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 07D7A8E0192; Mon, 11 Feb 2019 18:28:11 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by kanga.kvack.org (Postfix) with ESMTP id A92FD8E0189 for ; Mon, 11 Feb 2019 18:28:10 -0500 (EST) Received: by mail-wm1-f69.google.com with SMTP id u74so253216wmf.0 for ; Mon, 11 Feb 2019 15:28:10 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=wwet/Q5nK1jaWJoGHMR0JRbL8eZ4TUVn/3KeiBKAqsE=; b=HYSnCgv8qSbimZhHsymIr8NNWbhGG4j/E3XGLm748cMpwblyilgJtwS4b4LhdlGlht DZqizv+hSTmF/rUvmKAaqZek6QFj5f7Np4UzHn4EnA/ElklpCjKu9y1YPwKEnOo2EBy1 Vc5lehbmcbZSDMnRaco4r3+zpBSFmx+qroTKcvXQSR3jsPmp9g6Ef/w6ZKLHwxajCpqx qhnNaVMHlCdKvO9elczluIfBnmCxifpPzSn6knvWNFEtlfAxmaziKfbp7x/3NDElvl6A X+SALTJ76J81Y9/zebIliuhowQftJ0Fqi1GsEexNd1AGpjlgwEaxSvdEvFhf7TDavU2h jNcw== X-Gm-Message-State: AHQUAubiUF/bTvR/IdCa+hP84K2L4eNJ2lvnhX+o0Y0RuBBMBkQp80dw 5fN6loHPOoLIntNQSbJj24sZNQnrGZqrZ3y6oWwbfJsBbW5b49jxlU+FfI4Ubx/rnpAdoXUewYa Glqi2z5b4tYa5XwjcNPM2YInrzM4+PG3+Oyh7dqOp80KOqMIyXCJLcGZ6YYdtrcWm+PaKby+86K ElPRIC+aDN3br7cWZvMZW7jP8/+2c0MZPN6S5+93d/CUMzs9ZW3gC1S7oSoMxQxaI4RBYomBagd y+TZ2typbDk4zaOXfcyqOdsXnmfYg0i8MMcOR5iRW+rFlh/irdfkCcZ+Ua1uVuYlIP0uFE1rM3K Hwcb7ceGHKR2yONcqXWG2znxaqNZQ5+lg2llcZbxszd59lmBpNzyOCui8u5K577M0EjLk5uzxd7 x X-Received: by 2002:adf:8224:: with SMTP id 33mr498003wrb.264.1549927690117; Mon, 11 Feb 2019 15:28:10 -0800 (PST) X-Received: by 2002:adf:8224:: with SMTP id 33mr497920wrb.264.1549927688486; Mon, 11 Feb 2019 15:28:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549927688; cv=none; d=google.com; s=arc-20160816; b=idXkgOxETwYqdghK74Q0c7Bjnh1Tw0ddHEQONRwCQYP529psjeFealwfPXFt9avLoW QhBhBcSTf2hix7y5d0kIInaRDpBZo85+PM/Aza4Hc0VEfZqRNjbk3dp03AHZl1lYJnx6 +bci+VtNge2ljc5h3+khFu/iXmZXbye5S8n5x9tHrHkUGlcHK6WSJSlWe+IdmxgmB1Xw WUxrQsALU2w/h4lWK+vbmvcKYXr6P2f5fNkrEicjwtg6T9NSC/jTgpmGMCs88wfxERj2 UaIcZWVGQ/vqrTqB6yoyyNaIYBMqqrAk4Dpbt+36Lj8PPo58wjU81RuFnGW4aN9N+os0 0iRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=wwet/Q5nK1jaWJoGHMR0JRbL8eZ4TUVn/3KeiBKAqsE=; b=LXEm7ax8G2PT77oy+FWzAiR6VUKL86D9fwo5QCWQwanUgsCvVoAa2mm0Jj4Lq7s0Wd PtNuAAEoO/IQWqjZXwmr8Bk47HjuD9/VcJPRktPoekV2hYUB3IgDTzPqVA1pPjqkoT91 p/uMiEAYXjE7V32yCwnMjAHH76OvdIzEJP9uo0ZoAf7NPofok3jYAIZO1RdGLFuB6n+Z xgqKeVYVi9vMnT5/jHXskRsj9E2sCalBdwXmSNapqa3MXx+8oW1Or4L6+pPGdA/UMBQl 5jSaBb0Ep+A/G3Q9qNzLVZJgIa9TvJ26R81QXNc0o/6Wrh9r5zCI6cyjbmDW/O7qYh7b 8tqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=o4AsfiwK; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id t13sor517463wmt.4.2019.02.11.15.28.08 for (Google Transport Security); Mon, 11 Feb 2019 15:28:08 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=o4AsfiwK; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=wwet/Q5nK1jaWJoGHMR0JRbL8eZ4TUVn/3KeiBKAqsE=; b=o4AsfiwKL8uP6vCfhfBSMLyt0b/8pK4aPNm+I6vX8+5SScqpZX5+KySYVQUQ9LSw3m UC5RAPtu6G4auOPaX6osXzHudAhjAJIulwHiEIwhFIkkO4bpFmnhJ824qLXvmoPuBIu/ uJ32HlSZ16snVWzBDlSHMe8ASTbCBVWviBDnnLU3KnPHPzT2hyQSSwxAUFqHAOj63SlG HSenbzVUMUgtTdEvAxNPLWG/+xtF/mO1AoxNMCCFAdUZ8Q6fDvxsq5PNI3ScvnAZ/K2F 3QKm8n9ikOOzK6GXgMm1V7iXzW33doDJOnDgPcFROIp/M0MvSV5DGzApmVtDUGN/qi8H JRcw== X-Google-Smtp-Source: AHgI3IamOL48gPVRuSSuco75tzIoBaq0tGv6MdC6vEna43DbDNCsUFMY/ZZlKkEsF0xEPZX54CWe8A== X-Received: by 2002:a1c:96ce:: with SMTP id y197mr536195wmd.36.1549927688025; Mon, 11 Feb 2019 15:28:08 -0800 (PST) Received: from localhost.localdomain (bba134232.alshamil.net.ae. [217.165.113.120]) by smtp.gmail.com with ESMTPSA id e67sm1470295wmg.1.2019.02.11.15.28.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Feb 2019 15:28:07 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v4 01/12] __wr_after_init: Core and default arch Date: Tue, 12 Feb 2019 01:27:38 +0200 Message-Id: <9d03ef9d09446da2dd92c357aa39af6cd071d7c4.1549927666.git.igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The patch provides: - the core functionality for write-rare after init for statically allocated data, based on code from Matthew Wilcox - the default implementation for generic architecture A specific architecture can override one or more of the default functions. The core (API) functions are: - wr_memset(): write rare counterpart of memset() - wr_memcpy(): write rare counterpart of memcpy() - wr_assign(): write rare counterpart of the assignment ('=') operator - wr_rcu_assign_pointer(): write rare counterpart of rcu_assign_pointer() In case either the selected architecture doesn't support write rare after init, or the functionality is disabled, the write rare functions will resolve into their non-write rare counterpart: - memset() - memcpy() - assignment operator - rcu_assign_pointer() For code that can be either link as module or as built-in (ex: device driver init function), it is not possible to tell upfront what will be the case. For this scenario if the functions are called during system init, they will automatically choose, at runtime, to go through the fast path of non-write rare. Should they be invoked later, during module init, they will use the write-rare path. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/Kconfig | 7 ++ include/linux/prmem.h (new) | 71 +++++++++++++++ mm/Makefile | 1 + mm/prmem.c (new) | 179 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 258 insertions(+) diff --git a/arch/Kconfig b/arch/Kconfig index b0b6d176f1c1..0380d4a64681 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -814,6 +814,13 @@ config ARCH_HAS_PRMEM architecture specific symbol stating that the architecture provides a back-end function for the write rare operation. +config ARCH_HAS_PRMEM_HEADER + def_bool n + depends on ARCH_HAS_PRMEM + help + architecture specific symbol stating that the architecture provides + own specific header back-end for the write rare operation. + config PRMEM bool "Write protect critical data that doesn't need high write speed." depends on ARCH_HAS_PRMEM diff --git a/include/linux/prmem.h b/include/linux/prmem.h new file mode 100644 index 000000000000..0e4683c503b9 --- /dev/null +++ b/include/linux/prmem.h @@ -0,0 +1,71 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * prmem.h: Header for memory protection library - generic part + * + * (C) Copyright 2018-2019 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + */ + +#ifndef _LINUX_PRMEM_H +#define _LINUX_PRMEM_H + +#include +#include + +#ifndef CONFIG_PRMEM + +static inline void *wr_memset(void *p, int c, __kernel_size_t n) +{ + return memset(p, c, n); +} + +static inline void *wr_memcpy(void *p, const void *q, __kernel_size_t n) +{ + return memcpy(p, q, n); +} + +#define wr_assign(var, val) ((var) = (val)) +#define wr_rcu_assign_pointer(p, v) rcu_assign_pointer(p, v) + +#else + +#include + +void *wr_memset(void *p, int c, __kernel_size_t n); +void *wr_memcpy(void *p, const void *q, __kernel_size_t n); + +/** + * wr_assign() - sets a write-rare variable to a specified value + * @var: the variable to set + * @val: the new value + * + * Returns: the variable + */ + +#define wr_assign(dst, val) ({ \ + typeof(dst) tmp = (typeof(dst))val; \ + \ + wr_memcpy(&dst, &tmp, sizeof(dst)); \ + dst; \ +}) + +/** + * wr_rcu_assign_pointer() - initialize a pointer in rcu mode + * @p: the rcu pointer - it MUST be aligned to a machine word + * @v: the new value + * + * Returns the value assigned to the rcu pointer. + * + * It is provided as macro, to match rcu_assign_pointer() + * The rcu_assign_pointer() is implemented as equivalent of: + * + * smp_mb(); + * WRITE_ONCE(); + */ +#define wr_rcu_assign_pointer(p, v) ({ \ + smp_mb(); \ + wr_assign(p, v); \ + p; \ +}) +#endif +#endif diff --git a/mm/Makefile b/mm/Makefile index d210cc9d6f80..ef3867c16ce0 100644 --- a/mm/Makefile +++ b/mm/Makefile @@ -58,6 +58,7 @@ obj-$(CONFIG_SPARSEMEM) += sparse.o obj-$(CONFIG_SPARSEMEM_VMEMMAP) += sparse-vmemmap.o obj-$(CONFIG_SLOB) += slob.o obj-$(CONFIG_MMU_NOTIFIER) += mmu_notifier.o +obj-$(CONFIG_PRMEM) += prmem.o obj-$(CONFIG_KSM) += ksm.o obj-$(CONFIG_PAGE_POISONING) += page_poison.o obj-$(CONFIG_SLAB) += slab.o diff --git a/mm/prmem.c b/mm/prmem.c new file mode 100644 index 000000000000..9383b7d6951e --- /dev/null +++ b/mm/prmem.c @@ -0,0 +1,179 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * prmem.c: Memory Protection Library + * + * (C) Copyright 2018-2019 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + */ + +#include +#include + +/* + * In case an architecture needs a different declaration of struct + * wr_state, it can select ARCH_HAS_PRMEM_HEADER and provide its own + * version, accompanied by matching __wr_enable() and __wr_disable() + */ +#ifdef CONFIG_ARCH_HAS_PRMEM_HEADER +#include +#else + +struct wr_state { + struct mm_struct *prev; +}; + +#endif + + +__ro_after_init struct mm_struct *wr_mm; +__ro_after_init unsigned long wr_base; + +/* + * Default implementation of arch-specific functionality. + * Each arch can override the parts that require special handling. + */ +unsigned long __init __weak __init_wr_base(void) +{ + return 0UL; +} + +void * __weak __wr_addr(void *addr) +{ + return (void *)(wr_base + (unsigned long)addr); +} + +void __weak __wr_enable(struct wr_state *state) +{ + lockdep_assert_irqs_disabled(); + state->prev = current->active_mm; + switch_mm_irqs_off(NULL, wr_mm, current); +} + +void __weak __wr_disable(struct wr_state *state) +{ + lockdep_assert_irqs_disabled(); + switch_mm_irqs_off(NULL, state->prev, current); +} + +bool __init __weak __wr_map_address(unsigned long addr) +{ + spinlock_t *ptl; + pte_t pte; + pte_t *ptep; + unsigned long wr_addr; + struct page *page = virt_to_page(addr); + + if (unlikely(!page)) + return false; + wr_addr = (unsigned long)__wr_addr((void *)addr); + + /* The lock is not needed, but avoids open-coding. */ + ptep = get_locked_pte(wr_mm, wr_addr, &ptl); + if (unlikely(!ptep)) + return false; + + pte = mk_pte(page, PAGE_KERNEL); + set_pte_at(wr_mm, wr_addr, ptep, pte); + spin_unlock(ptl); + return true; +} + +void * __weak __wr_memset(void *p, int c, __kernel_size_t n) +{ + return (void *)memset_user((void __user *)p, (u8)c, n); +} + +void * __weak __wr_memcpy(void *p, const void *q, __kernel_size_t n) +{ + return (void *)copy_to_user((void __user *)p, q, n); +} + +/* + * The following two variables are statically allocated by the linker + * script at the boundaries of the memory region (rounded up to + * multiples of PAGE_SIZE) reserved for __wr_after_init. + */ +extern long __start_wr_after_init; +extern long __end_wr_after_init; +static unsigned long start = (unsigned long)&__start_wr_after_init; +static unsigned long end = (unsigned long)&__end_wr_after_init; +static inline bool is_wr_after_init(void *p, __kernel_size_t n) +{ + unsigned long low = (unsigned long)p; + unsigned long high = low + n; + + return likely(start <= low && high <= end); +} + +#define wr_mem_is_writable() (system_state == SYSTEM_BOOTING) + +/** + * wr_memcpy() - copies n bytes from q to p + * @p: beginning of the memory to write to + * @q: beginning of the memory to read from + * @n: amount of bytes to copy + * + * Returns pointer to the destination + */ +void *wr_memcpy(void *p, const void *q, __kernel_size_t n) +{ + struct wr_state state; + void *wr_addr; + + if (WARN_ONCE(!is_wr_after_init(p, n), "Invalid WR range.")) + return p; + + if (unlikely(wr_mem_is_writable())) + return memcpy(p, q, n); + + wr_addr = __wr_addr(p); + local_irq_disable(); + __wr_enable(&state); + __wr_memcpy(wr_addr, q, n); + __wr_disable(&state); + local_irq_enable(); + return p; +} + +/** + * wr_memset() - sets n bytes of the destination p to the c value + * @p: beginning of the memory to write to + * @c: byte to replicate + * @n: amount of bytes to copy + * + * Returns pointer to the destination + */ +void *wr_memset(void *p, int c, __kernel_size_t n) +{ + struct wr_state state; + void *wr_addr; + + if (WARN_ONCE(!is_wr_after_init(p, n), "Invalid WR range.")) + return p; + + if (unlikely(wr_mem_is_writable())) + return memset(p, c, n); + + wr_addr = __wr_addr(p); + local_irq_disable(); + __wr_enable(&state); + __wr_memset(wr_addr, c, n); + __wr_disable(&state); + local_irq_enable(); + return p; +} + +struct mm_struct *copy_init_mm(void); +void __init wr_init(void) +{ + unsigned long addr; + + wr_mm = copy_init_mm(); + BUG_ON(!wr_mm); + + wr_base = __init_wr_base(); + + /* Create alternate mapping for the entire wr_after_init range. */ + for (addr = start; addr < end; addr += PAGE_SIZE) + BUG_ON(!__wr_map_address(addr)); +} From patchwork Mon Feb 11 23:27:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10806945 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A43EE1399 for ; Mon, 11 Feb 2019 23:28:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 948D1299FB for ; Mon, 11 Feb 2019 23:28:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 87F8129A9D; Mon, 11 Feb 2019 23:28:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_WEB autolearn=no version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 097FE299FB for ; Mon, 11 Feb 2019 23:28:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E149B8E0193; Mon, 11 Feb 2019 18:28:13 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id DC6578E0189; Mon, 11 Feb 2019 18:28:13 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C8C1E8E0193; Mon, 11 Feb 2019 18:28:13 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by kanga.kvack.org (Postfix) with ESMTP id 723748E0189 for ; Mon, 11 Feb 2019 18:28:13 -0500 (EST) Received: by mail-wr1-f72.google.com with SMTP id m7so232801wrn.15 for ; Mon, 11 Feb 2019 15:28:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=ENlTYT6F8yKSgZtSKFAMRVhy2HT+kX2kAlJukSMyeJE=; b=dWFAfUmAo2LCjve6yPzec1Vmpzr34ixnUIXdeKg9jHmhezpBYAmM8lKcbysX2wIa17 EzkKSBn/0bdTSR9ISK4Op4b+JMYSxhnnI0dpgsFt68Cv2iljAxNKwl92PDuNChJJjwIx E1ZK8KnRw8mCLFVNKSkR6hPpN+q7pE8Rwj4Z4MGE+mEl6lwMB1byoqv1Hu/zHFUL5ONN E4oZttI5ygjhw0/nbP9hhgK72FVizt3NKv527n2OvZ1UXu7mlBtVuJWsK2un4Wf2bkSz TXatX7qxAgCx82tWZxrVN6bC8uLmd8hvsOEGdHEZ3FR3ZmSaGFTqNKr7q7k/ITl/moI8 QP2w== X-Gm-Message-State: AHQUAuaZL8duVJNdX7Xu/fxtWp/f8797MsFxQ57urfIlJ/5tgLicR1nV wT0t4metIRVP3mjg5MA21La78b1mdY53DOM0Ns99SXJLTyo36/eHuGTzVr8ixd3m5ShZe7nbOeZ 0P4jYoGYzvR6W8XDifaOkO5NapfhiBwGHwKtA2JhNKAcrctu7jkgRJot6JvYu/xV7sD6UPsQoh0 a27OKxZ7HyUlMofof9daKV3p3gNhlJ4ioxPwqiAwe3MNuu2ioRyPAlKqzUhBVgvv2ZkHoNemaHz /odAMYNjKyV/BxWyVa0/6LgM8IP57FmDs65UDWfERuwx+HDnAKRsJgyWUNhP/2AKp/vFkGyEw0/ GwRKV5jRqcVptenYyH7LU3COl3e/DS3enpFgBc83tr0dll9GHGstohiyUqgti7L1bNHJYiEnOGd Z X-Received: by 2002:adf:e8c7:: with SMTP id k7mr508841wrn.298.1549927692967; Mon, 11 Feb 2019 15:28:12 -0800 (PST) X-Received: by 2002:adf:e8c7:: with SMTP id k7mr508780wrn.298.1549927691730; Mon, 11 Feb 2019 15:28:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549927691; cv=none; d=google.com; s=arc-20160816; b=cqC9Icn8OfcmkheSDiuJzKtMXfPw0w+pVewpydI5lnF+zcFGIgK7X8OHnXU6oBVS+q 5zLpZUpVd3A4y1o3bGXx5JocwHiGpfkC2uwQNPvnEwYUuFFcCYMj7I3O8sBEyIZ0zACb H/p1dGzaGqsNxXtgQSle1HNu9AL4ANMHoQ2r9zuuEuHOgx+PabldCMs5nyydwp9FcnRs OQ9hrOgn1fjV5RSZdHguaisaHF/PB878I1jJtA6v4uZYM/Y5MPTA2PCF9NXJITxmM3kg PWmxLIYh6IvtXy8sRtXJMx/0ZvKDFeb/rE17piGxSU+PRcW0ei+GGhw+g/RGxspyqqYs kHqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=ENlTYT6F8yKSgZtSKFAMRVhy2HT+kX2kAlJukSMyeJE=; b=zSwXms8ocBZBUjsdCWPD/IdGTn2NlLniFfDC50Q8Po7YjqJGtAFi9mxSimb57Oa3/l J/scPs8IsE39qH1hqQH/8wN0dB9tGT6JQkvvF4I6z9W9HYGspF9pTUQnklcBevi5VKGS y8f+em18Ovj6hF1B1KCvkaWDWVsXQfFzePceRhIxPI6EcajsOj9MMWaNos+uHAfcyKxe BMhOx99J5Iym04gVnPsVF/7sSuFwRuke/4icISd2noLjO2ctklfaugL5+BJnUG2jFXsI SfcDeBfDAtjC7zYhKk+w0F04QlOsIpv64VK7VxmlLNKrKF71MaV7KXXbufiHszrT/f9n caKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=SKFOea9c; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id f12sor148503wru.51.2019.02.11.15.28.11 for (Google Transport Security); Mon, 11 Feb 2019 15:28:11 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=SKFOea9c; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=ENlTYT6F8yKSgZtSKFAMRVhy2HT+kX2kAlJukSMyeJE=; b=SKFOea9clX8kUXjGvLOkAz78zIlXk2l9cAAdszRgpu1WF9+EGlYZ09jCNchdkbmaC2 8XMzc6EJ4es6RG4yfh8iz6ilF2S8pczy501Lmx3sA+5GTPr5jyKxupxht3iJJYNzHPRS dO1Oa2gDPDloNIEL1xoGnm/CWJGTqTk1SNhdetFi8dolnrUHFwi/G35FNwjA4uv5Gq6P lQIguAmqnvp87zrCaSOSlTQeiVXRq6JEBjr/N+0tXSKavkX6Ny/HsOH/xnab0RoGwCxf 2KKeYRqX32cxYQVHhTMaY3YMwATRdRiYfiIA4uI0CuPSdMythsBD+LWEu2/dIFo1YPUL MQUg== X-Google-Smtp-Source: AHgI3Ib9SM/GU3OSZIUw9Ef85LumnojTRalWrCht9QSJZfsd1LMbft46iDmaDh0LxziZQABUjeSKgA== X-Received: by 2002:adf:e290:: with SMTP id v16mr532903wri.100.1549927691315; Mon, 11 Feb 2019 15:28:11 -0800 (PST) Received: from localhost.localdomain (bba134232.alshamil.net.ae. [217.165.113.120]) by smtp.gmail.com with ESMTPSA id e67sm1470295wmg.1.2019.02.11.15.28.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Feb 2019 15:28:10 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v4 02/12] __wr_after_init: x86_64: memset_user() Date: Tue, 12 Feb 2019 01:27:39 +0200 Message-Id: X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP x86_64 specific version of memset() for user space, memset_user() In the __wr_after_init scenario, write-rare variables have: - a primary read-only mapping in kernel memory space - an alternate, writable mapping, implemented as user-space mapping The write rare implementation expects the arch code to privide a memset_user() function, which is currently missing. clear_user() is the base for memset_user() Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/x86/include/asm/uaccess_64.h | 6 ++++ arch/x86/lib/usercopy_64.c | 51 +++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h index a9d637bc301d..f194bfce4866 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -213,4 +213,10 @@ copy_user_handle_tail(char *to, char *from, unsigned len); unsigned long mcsafe_handle_tail(char *to, char *from, unsigned len); +unsigned long __must_check +memset_user(void __user *mem, int c, unsigned long len); + +unsigned long __must_check +__memset_user(void __user *mem, int c, unsigned long len); + #endif /* _ASM_X86_UACCESS_64_H */ diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c index ee42bb0cbeb3..e61963585354 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c @@ -9,6 +9,57 @@ #include #include +/* + * Memset Userspace + */ + +unsigned long __memset_user(void __user *addr, int c, unsigned long size) +{ + long __d0; + unsigned long pattern = 0x0101010101010101UL * (0xFFUL & c); + + might_fault(); + /* no memory constraint: gcc doesn't know about this memory */ + stac(); + asm volatile( + " movq %[pattern], %%rdx\n" + " testq %[size8],%[size8]\n" + " jz 4f\n" + "0: mov %%rdx,(%[dst])\n" + " addq $8,%[dst]\n" + " decl %%ecx ; jnz 0b\n" + "4: movq %[size1],%%rcx\n" + " testl %%ecx,%%ecx\n" + " jz 2f\n" + "1: movb %%dl,(%[dst])\n" + " incq %[dst]\n" + " decl %%ecx ; jnz 1b\n" + "2:\n" + ".section .fixup,\"ax\"\n" + "3: lea 0(%[size1],%[size8],8),%[size8]\n" + " jmp 2b\n" + ".previous\n" + _ASM_EXTABLE_UA(0b, 3b) + _ASM_EXTABLE_UA(1b, 2b) + : [size8] "=&c"(size), [dst] "=&D" (__d0) + : [size1] "r" (size & 7), "[size8]" (size / 8), + "[dst]" (addr), [pattern] "r" (pattern) + : "rdx"); + + clac(); + return size; +} +EXPORT_SYMBOL(__memset_user); + +unsigned long memset_user(void __user *to, int c, unsigned long n) +{ + if (access_ok(to, n)) + return __memset_user(to, c, n); + return n; +} +EXPORT_SYMBOL(memset_user); + + /* * Zero Userspace */ From patchwork Mon Feb 11 23:27:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10806947 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C2BBF1399 for ; Mon, 11 Feb 2019 23:28:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B338A299FB for ; Mon, 11 Feb 2019 23:28:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A6C8D29A9D; Mon, 11 Feb 2019 23:28:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_WEB autolearn=no version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 42780299FB for ; Mon, 11 Feb 2019 23:28:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1DE878E0194; Mon, 11 Feb 2019 18:28:17 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 1B6D88E0189; Mon, 11 Feb 2019 18:28:17 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 08C038E0194; Mon, 11 Feb 2019 18:28:17 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by kanga.kvack.org (Postfix) with ESMTP id A786B8E0189 for ; Mon, 11 Feb 2019 18:28:16 -0500 (EST) Received: by mail-wr1-f69.google.com with SMTP id f5so238662wrt.13 for ; Mon, 11 Feb 2019 15:28:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=ziJEcxmH0HELRYpJ/Cx0XBIGaICt7y2RQVCxbSTmAUA=; b=byrPgjpwB8PEtG1zLcWq3arkivBhBCu5urTtzfD/T6C7lSAVkWPIiWDAc+tnChtggm 1bkCC7qcLPiOOLhDOYHy0/m+R9GOvwlz6n7SoWO+z3KG9jDY5Dhh3QvAgzrwE7D3gQ1Q xRSJHLLpIDEb10/wQkcMP7wxPMJRT1vHexDa6HpcWugqvmbjBPqgm6qwwWjM8eNuMOZ9 8e8v52d7XvjVtmwF3EkYyiiCKCX3787m76M3F0yaPWrWCMMWRW1/SBeLPE3a1bplCPHi imlIEvMTt0p1LM8cI99dNELDWMrCe/JPqsZzj9LO5mAmXQJAZCFptkYknWoV9y2jAeil Z1Yg== X-Gm-Message-State: AHQUAuacg20G0KuDEvUnRpAuoflMCxiUsoXBsyCwLXzUZIf+z3fnZNAI ewBM4Y7tsDhxsCLAuwWFVzTLfG67rWsvhM4cQdWG9GN8XJsbEmtbJauovzB1197SfKcfE+cMbkw JF5fzqanyqMM4BSd0wH2lUZw0oqNJFRwD7qRPAfWKFLbMQbFDv7ktPKZspc/0miZ+wag2gmiuHq dBx4yAj3ZjlYLHtUd3qLanrRBtBQVN0Klm+rZaVX5JeWO4y6o/0yqM7aSq+UhV8nillZv+X2ovW t39l9n+YxVWnPv3NtMKiDs05ETQPi+SrfqSyhR5UUq1cth7v/XreViWjg/tLjiTAn10IC0HLq+v t9j9Xk3uAv6Tux1QgisWK3j6LvY6KdWELjZulNZa9oOnIkjsdN1GJ+JIbYFaC0kYZgYM2YZlLct P X-Received: by 2002:a1c:7ec4:: with SMTP id z187mr462099wmc.43.1549927696200; Mon, 11 Feb 2019 15:28:16 -0800 (PST) X-Received: by 2002:a1c:7ec4:: with SMTP id z187mr462035wmc.43.1549927694940; Mon, 11 Feb 2019 15:28:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549927694; cv=none; d=google.com; s=arc-20160816; b=zozMLa8k5haKexxfISqKKXTMoKmqZRYt+9vI7ammM7EEgLo1ZwW6EUSd3BoxAhXqp8 71gTbxUyejuMFguj3uRve7ma+BqNcoW2nQSkAgULqyn6hvn4noUx/eze3vN4XTetVhST scFV6lqwJyeLPeqW9hF+I5uq3rQ6St0zfy1bmetqXuwsOxr7oWWvXDq0SHxHwZsE7Iy6 3zsKp897mM55wynlRIWDKZ+BGWrLjbWtxaE6KkQ+w9FtFPl1mTyhYRwNPWh+UU2qeBnI FLuHekO4YYWKXKe3dDpYUNsAeC2W7rTCctFYvvL+j5LCk6cCPRZ2SuoX/llMyxbbA7Yj 55+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=ziJEcxmH0HELRYpJ/Cx0XBIGaICt7y2RQVCxbSTmAUA=; b=kJrycb+ku0UwT8WhqTp4jpcND4Bz/pBge0plb8fo0WIOZ8OV3ZUctjXrwonebYeZGC mLyDAj994obh6G224RflyXo3+1rF0nlQViGoKqmq78Ria8s3Dg2nYnJbentdJdiP+UbU 9ZPwDq/J172qhKzWZTH3B/b5wJJYxF9e9KKDRrZ7PhJu7UtuQ27YZcwASKRZkiODcQvt eJM/A5wK4phdS8VK89/cACLoCBlOJmEi27jJL8/wk1UCJhqccP3ROuGc8yszMIfGRYlm hB71km6EwAJjkfeAcz+n+OpCrbyPh/fVXj6dODCra7aUeuP4VYaE6oPgjex/EBNiW6Tt 6N0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Tt9djI+4; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id f193sor503445wme.9.2019.02.11.15.28.14 for (Google Transport Security); Mon, 11 Feb 2019 15:28:14 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Tt9djI+4; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=ziJEcxmH0HELRYpJ/Cx0XBIGaICt7y2RQVCxbSTmAUA=; b=Tt9djI+4tIxxQ5z9XBIXZPNsKwfr142LlXK+hQ65M9C24x2lFzeG66B1tVAsCYEHD5 lxkyRPZQ0d7NehS988SjU2aK0I7kZPVft7Vc+W/HY8bQPsWnifAgKghB7n90aodLDrnl lVPXX7q9YjeS2ulbNmlLXl6NtFYB5XvJEEgxMNocbquz7/szDVHN5yBdzXWilnSUIWV6 5lZKYRyJD3C9KP0rHanJWixPBBH9nGwy+o8iMGvBhmhP+XMzEYm2EF0bhpt1taB4s4z5 8y1TXoBB0V0MwKaVVuakzCSGEEpvjN4D1GunNHN9QYNv1W875CyqAi3osNxWduqQBsDv RurA== X-Google-Smtp-Source: AHgI3IYd7Ah0YVUADfwQ9vu0EMe24Nxeh6S4B8+ipAqvagFO0quTn9x8ysqtHCmL+w/wBQ5gyDPMFA== X-Received: by 2002:a1c:f50a:: with SMTP id t10mr493561wmh.126.1549927694511; Mon, 11 Feb 2019 15:28:14 -0800 (PST) Received: from localhost.localdomain (bba134232.alshamil.net.ae. [217.165.113.120]) by smtp.gmail.com with ESMTPSA id e67sm1470295wmg.1.2019.02.11.15.28.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Feb 2019 15:28:13 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v4 03/12] __wr_after_init: x86_64: randomize mapping offset Date: Tue, 12 Feb 2019 01:27:40 +0200 Message-Id: <378ee1e7e4c17e3bf6e49e1fb6c7cd9abd18ccfe.1549927666.git.igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP x86_64 specialized way of defining the base address for the alternate mapping used by write-rare. Since the kernel address space spans across 64TB and it is mapped into a used address space of 128TB, the kernel address space can be shifted by a random offset that is up to 64TB and page aligned. This is accomplished by providing arch-specific version of the function __init_wr_base() Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/x86/mm/Makefile | 2 ++ arch/x86/mm/prmem.c (new) | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index 4b101dd6e52f..66652de1e2c7 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -53,3 +53,5 @@ obj-$(CONFIG_PAGE_TABLE_ISOLATION) += pti.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_identity.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_boot.o + +obj-$(CONFIG_PRMEM) += prmem.o diff --git a/arch/x86/mm/prmem.c b/arch/x86/mm/prmem.c new file mode 100644 index 000000000000..b04fc03f92fb --- /dev/null +++ b/arch/x86/mm/prmem.c @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * prmem.c: Memory Protection Library - x86_64 backend + * + * (C) Copyright 2018-2019 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + */ + +#include +#include + +unsigned long __init __init_wr_base(void) +{ + /* + * Place 64TB of kernel address space within 128TB of user address + * space, at a random page aligned offset. + */ + return (((unsigned long)kaslr_get_random_long("WR Poke")) & + PAGE_MASK) % (64 * _BITUL(40)); +} From patchwork Mon Feb 11 23:27:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10806953 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C213A1390 for ; Mon, 11 Feb 2019 23:28:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B27F1299FB for ; Mon, 11 Feb 2019 23:28:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A6ABA29A9D; Mon, 11 Feb 2019 23:28:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_WEB autolearn=no version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4B645299FB for ; Mon, 11 Feb 2019 23:28:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1DF728E0195; Mon, 11 Feb 2019 18:28:20 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 1B7BB8E0189; Mon, 11 Feb 2019 18:28:20 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0A4718E0195; Mon, 11 Feb 2019 18:28:20 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by kanga.kvack.org (Postfix) with ESMTP id A9AF58E0189 for ; Mon, 11 Feb 2019 18:28:19 -0500 (EST) Received: by mail-wm1-f71.google.com with SMTP id y85so235736wmc.7 for ; Mon, 11 Feb 2019 15:28:19 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=ktrl99/4+i4VLz6USppssXo49kPq9nmcbGTF0KLoSBQ=; b=Fp6rWSipIfHmPYLRs5To0nlNMw3yzTAGWUxfazkqdPXOXhmuZfPm88zwkcawTgAeRm hmEMSZ4iBRCSFWgyHwPFdUqkiaIIHrp9hIRMlnZ81QgLjUoy4RmrsbwtGJzt74rKZU3O gTasceeAckEsBIRpYncpz+W4vQ9ibZs6+KvKeokWQE9Sfn5pCYcxHd1KoN/aw4trzwBy WOGZdHw/myX+FBJRcxlcPgS0OgMDU6K4FCunoZmx6jG4Vyk3dwbyJUzaHjl8kDT8+oJ/ avJ/qKnlRUjyFhIAwA1bnAig3onkw87NE0KkSP/bG5e6X2Zhux/ZRChAykLEWZ5Zmafn t9Ig== X-Gm-Message-State: AHQUAuYquMYZHML44pFseyToMbY8fKjhhsQs5ecAxYRROLH/gfCpjVpY btN0Em2f7UyRW4P992ol+SziJyUdkgewNMMZBnYj2w5FJgtE6GZiwKL9qh0EmCJpByj3tKeXeHp yno9aWzplVXBYitQNDClwL61YP0nDBbQgBIuI3KzngKa0IEenLW8juUawBEKFW2U8x/X7SbjeIx 6PVDWMsyo7ZkBc4yNnfLUcpIOL3JAxHJujOnE6A9YXM4d3nel540nZu5Aw7ZsWwDbt1B5fbEcuq 98CWlBbNiXJfpS9HRm+x9Kj3xDAEUPL2BAl5Z/F4axO3SFap+OB2EkxruJ3m54s5rJqiOnec3Ap TZbqtZBKCkKpUszGTzjO1C9fL6icDmspQKpbQ45Cu5ahU6ywQ4R1aR6HqHmsusV8ygwTaZvQwJa N X-Received: by 2002:a7b:c315:: with SMTP id k21mr442168wmj.145.1549927699136; Mon, 11 Feb 2019 15:28:19 -0800 (PST) X-Received: by 2002:a7b:c315:: with SMTP id k21mr442121wmj.145.1549927698144; Mon, 11 Feb 2019 15:28:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549927698; cv=none; d=google.com; s=arc-20160816; b=eGz+xJUR+f5+Y5sffnzQwFO1tc6eeyUgtiZHxg8AlPVVsv3rYetoxdHZ9bZR/IYDI+ RRycdz+jJnawtZr2UcYrIuDCJ6KZ59Vc51ar0Xp8Ba6qPDlfKkoCusJjKRywTTfMr/Ia cwmQKFdYzipgzwUd29oxzS/D8tfSdPw4WSvFMTlVrt0kM4lIgXPclzxKDmTQOAt3l+Ik HpA1vi/FHYyoVidsyGxAtnxGbTAvzCLj++G9tgxwtp4aP3jbJKrrQVHf5xhPfoIMHOKT f+KwwX6HTne10PDmxq2y6fRkI4/mybhYfLk2sDjO4WnegLuj2vnxEa5lZYjBTphRFR+S Xeyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=ktrl99/4+i4VLz6USppssXo49kPq9nmcbGTF0KLoSBQ=; b=KtukHwt/tmrRwAWiyY1i0krFWTl3fLWh1iNoCGzt8RWu6wwWUwZRx6Eh9rGFj31Hzi Sp4huVKhlzt+cqFWaGb3p6RqajsdGTV8ww7gZvtYLtlgxNQGwcecE+bbfZ2z4cCoqMN8 UySHOJiXl5+V2a1Rj6h/gvUVL6698rETt7CWnMlbOvIAlAAMOeplGz5VKiHFEIWB0hOI 4Q6iAA7Pq6uZsG7HaqsKGqoY879Mvn4pV0CmivnVzNKDvi/NaIVfLmSbSW3FZ7bFSjzw z3dyOcbDJSe3cKETw62pNp5PBApdt9pj3lfvWwxPfnMzl3O5s1FDZ/SeURzrag4yy5Gb lrlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ERfk6YwV; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id v16sor487960wmc.26.2019.02.11.15.28.18 for (Google Transport Security); Mon, 11 Feb 2019 15:28:18 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ERfk6YwV; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=ktrl99/4+i4VLz6USppssXo49kPq9nmcbGTF0KLoSBQ=; b=ERfk6YwVVFsD4gpa86J3tNvUf/jRxA7negb6JBcQ5PSR0xZZvMMbnqTZ+wRrS2Husj Ggd8+h/Q6iGpIBl92FmkpdpssV2xt9w6MiuQS2cXjMtk96NDjzsy/uEnc/s7yXVpuL6c mpoDNWR+cp0zbAXtobA5UoCkq+orGEc1HmBwrLmgLHRuHzaFQ/+tRBnFd/U7BP3qfbPV ln/K1BHTqeaHXoV9cT0aGU+M7Xa55XRzuBeoCYotqmiST1osgENBFvz37ywgrYEko+pv OnWJ8Rdek3QLL7gzQPr7kKm7jyZ28jH2jgCwj74BAERzhEIIn+YrVvRGcUeyx16kqW+P hxEQ== X-Google-Smtp-Source: AHgI3IaPnxVvWxLjhqm0PsH5iF2NiueH7C1Z1h4hq25QVvV24PnbiOHB8xirGOEnJlaL7jk97tS8SA== X-Received: by 2002:a1c:7719:: with SMTP id t25mr513964wmi.7.1549927697736; Mon, 11 Feb 2019 15:28:17 -0800 (PST) Received: from localhost.localdomain (bba134232.alshamil.net.ae. [217.165.113.120]) by smtp.gmail.com with ESMTPSA id e67sm1470295wmg.1.2019.02.11.15.28.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Feb 2019 15:28:17 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v4 04/12] __wr_after_init: x86_64: enable Date: Tue, 12 Feb 2019 01:27:41 +0200 Message-Id: <38307f2c7ae982478d33f55f7a7b827de489cdf3.1549927666.git.igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Set ARCH_HAS_PRMEM to Y for x86_64 Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/x86/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 68261430fe6e..7392b53b12c2 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -32,6 +32,7 @@ config X86_64 select SWIOTLB select X86_DEV_DMA_OPS select ARCH_HAS_SYSCALL_WRAPPER + select ARCH_HAS_PRMEM # # Arch settings From patchwork Mon Feb 11 23:27:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10806957 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5A5E21390 for ; Mon, 11 Feb 2019 23:28:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4A794299FB for ; Mon, 11 Feb 2019 23:28:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3EB6E29A9D; Mon, 11 Feb 2019 23:28:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_WEB autolearn=no version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DEB7C299FB for ; Mon, 11 Feb 2019 23:28:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 783338E0196; Mon, 11 Feb 2019 18:28:23 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 7334A8E0189; Mon, 11 Feb 2019 18:28:23 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6258A8E0196; Mon, 11 Feb 2019 18:28:23 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by kanga.kvack.org (Postfix) with ESMTP id 0E1BD8E0189 for ; Mon, 11 Feb 2019 18:28:23 -0500 (EST) Received: by mail-wr1-f69.google.com with SMTP id z4so245478wrq.1 for ; Mon, 11 Feb 2019 15:28:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=ZdMEqkaTdkU9cQtnyBwyKsKlsrmvMKKieThBtq30bZY=; b=f4M5PJLj05mUYDkozvQT8lq3Ek06kmGC7bNRxlWHssVX+KrhpdoVoYXXfMRvuypRws /2QTOemP7abrJgnppJ4cZwjH8HWB/Y5XSppv/SRDe1w29BwNIHdWJ6UpvL3HZ6ivpfd3 ZwwTLbq7cDTujIOOGMyZ3r2qyJcUHM6gMfuj05F9hf6rH3Xnshj4W3zSiCJ7uq8qsjmM rrR3kbHeKJK/7/Ao2HfuDDPMLTJjV+ix1K76xyauaulQsoueSZz4xNl71dK9GaHVLM4e yLkzofFIQmmpnW5c4PdV2GuLSJh03Px9m/ypUk6T6Uiwc9sPzkn6iM8ILL9xdNb+CHed Xmjg== X-Gm-Message-State: AHQUAuY2z0zb10sB+LKIGpUOOC6lvfNUH7glfkCE4f5oMp2kn9uSLyVe 3mN78DCygh8gAf1aBIUJIkjKMPoNcGdMRv6beqY4UcMwGERVj3AYciUsXoXrrWUZBNecp1C+WpV aJSd2V96HDysDt363du7hsI1mGSDfqWQdQs6y/Y4hcbfSQOxAdOyPWbRaTHagHRNvRH5Utau80/ ALGP+Sxs2h48x3nwCVNYeVwZusIRIgWD15Iyu5jIZpV/UsPp7NjQvPuJQyUhG3LSVjw+cRgoK09 d0PZ8j8vPpwX4nLhI2HyTi5oRzMtgLj03ixA3EtqvzMsidnOkz7kVq9OAEdjBG3cV2rYDjFTC8M 9M5qvYOwWlR29H4dIbEJ5b0TpuX3nWinfluPfinI9PJcFgJWeamfMH2xthI0CqM9LCBFgfjlEpS 7 X-Received: by 2002:a1c:4889:: with SMTP id v131mr479363wma.146.1549927702545; Mon, 11 Feb 2019 15:28:22 -0800 (PST) X-Received: by 2002:a1c:4889:: with SMTP id v131mr479316wma.146.1549927701486; Mon, 11 Feb 2019 15:28:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549927701; cv=none; d=google.com; s=arc-20160816; b=zfqjJF447c0PFPRp67RiuxE+rg9YqdJri5N6a37l9HNerUxUBHRSQV8B8KErm71zS/ tGmL7JK5GVV9a+pUpNuU5HC4QclxVprKIR3ayjF9o/TTH5W0u8njgUT1ZJ8Fd7M9IF3U stzgoaKjCYhrBRgLq0XPGAREd1bwepPbfJQvWoRU6gZUhb7OE0q5frw44tx5ZerOHJRI Mx90UOpJw7a1nenTDsuLKYm2PlmR30mYm8UoTxynlTOAsjzRh6XC5StH0NtyKbMNPQKK 0vGh9yWvYSpudhKHDiQ4Tr//aB6KrlNb2dHSVb4+ZEZJvMO/KW17YDFAxXAZm5jD1Zn2 o8lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=ZdMEqkaTdkU9cQtnyBwyKsKlsrmvMKKieThBtq30bZY=; b=VfOUjIF9YPijWinI1SD70VKJLkW/eWNHK3LdblO88fIs8hLgcagLq5U10MrFn0u9xN kyIfKu6FKv5sLSNaHzNT1iTcl0K5c4sWMHmlRkMSCxILJhfuPTWMTmPPt+ucOv6AcRzM DYJeU2wC6UedG2xOJLQn3mkUL9j5GFNcmr1FsKVn3TSJy839lmx/J+xpVmYujqkM0lql huOz9BoGtYmBMz9NqFeEmBmbdOFkShEWTEc4SJJGS7Lzv18QazseCKFfs0dHjD7AaqXX qtrZaQTYNyKIB/CX6V9Mz9RVxNhVogFiah8ROa78HnALS00pCSdcykMaXBCB6Lg1jt// zXVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Gqq17HZa; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id h126sor496595wmf.21.2019.02.11.15.28.21 for (Google Transport Security); Mon, 11 Feb 2019 15:28:21 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Gqq17HZa; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=ZdMEqkaTdkU9cQtnyBwyKsKlsrmvMKKieThBtq30bZY=; b=Gqq17HZaZ6nYNJ2Waw8C45/pT84leeq75yxS8fGSjHCrkQFeSHGV6+O/G32DVn0ZPW LRntTc/gWGiCzbHknpYD0WIGdPBsxF48Pi2Eqezr+FYqE5EmvTh3gCPWTYFSLfM9T3S4 BuGCmH14QZYFnQPwRp0pjsUno0lKnQ68bBnb4VDLucg0jV9j8RZusWMJ6QcjhNcdNBeC Ud9mamr/FU72AoO/EsCppelcnPqu7/6ZEELqCQRUybUL7VLnarMjsDuTrtKoX/Uuclke S1yE7MCcTW62lyFf8XSPh0C8fTcP7AG+sX97NdgWIG8QKtRNmwZABW2W7CFA8P6s6CRg aDhA== X-Google-Smtp-Source: AHgI3IaRbYzOvYY9aR2Sas9wiYW3Vep8Wn7Wc3iPNf+FO4IJVM9hmiyDf+hkZLdGHUnUWgdhWnBgeQ== X-Received: by 2002:a1c:f916:: with SMTP id x22mr488708wmh.87.1549927701124; Mon, 11 Feb 2019 15:28:21 -0800 (PST) Received: from localhost.localdomain (bba134232.alshamil.net.ae. [217.165.113.120]) by smtp.gmail.com with ESMTPSA id e67sm1470295wmg.1.2019.02.11.15.28.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Feb 2019 15:28:20 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v4 05/12] __wr_after_init: arm64: memset_user() Date: Tue, 12 Feb 2019 01:27:42 +0200 Message-Id: <165661e29f9a2a6aa36e51ae79a06f03b7c8718e.1549927666.git.igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP arm64 specific version of memset() for user space, memset_user() In the __wr_after_init scenario, write-rare variables have: - a primary read-only mapping in kernel memory space - an alternate, writable mapping, implemented as user-space mapping The write rare implementation expects the arch code to privide a memset_user() function, which is currently missing. clear_user() is the base for memset_user() Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/arm64/include/asm/uaccess.h | 9 +++++ arch/arm64/lib/Makefile | 2 +- arch/arm64/lib/memset_user.S (new) | 63 ++++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 547d7a0c9d05..0094f92a8f1b 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -415,6 +415,15 @@ extern unsigned long __must_check __arch_copy_in_user(void __user *to, const voi #define INLINE_COPY_TO_USER #define INLINE_COPY_FROM_USER +extern unsigned long __must_check __arch_memset_user(void __user *to, int c, unsigned long n); +static inline unsigned long __must_check __memset_user(void __user *to, int c, unsigned long n) +{ + if (access_ok(to, n)) + n = __arch_memset_user(__uaccess_mask_ptr(to), c, n); + return n; +} +#define memset_user __memset_user + extern unsigned long __must_check __arch_clear_user(void __user *to, unsigned long n); static inline unsigned long __must_check __clear_user(void __user *to, unsigned long n) { diff --git a/arch/arm64/lib/Makefile b/arch/arm64/lib/Makefile index 5540a1638baf..614b090888de 100644 --- a/arch/arm64/lib/Makefile +++ b/arch/arm64/lib/Makefile @@ -1,5 +1,5 @@ # SPDX-License-Identifier: GPL-2.0 -lib-y := clear_user.o delay.o copy_from_user.o \ +lib-y := clear_user.o memset_user.o delay.o copy_from_user.o \ copy_to_user.o copy_in_user.o copy_page.o \ clear_page.o memchr.o memcpy.o memmove.o memset.o \ memcmp.o strcmp.o strncmp.o strlen.o strnlen.o \ diff --git a/arch/arm64/lib/memset_user.S b/arch/arm64/lib/memset_user.S new file mode 100644 index 000000000000..1bfbda3d112b --- /dev/null +++ b/arch/arm64/lib/memset_user.S @@ -0,0 +1,63 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * memset_user.S - memset for userspace on arm64 + * + * (C) Copyright 2018 Huawey Technologies Co. Ltd. + * Author: Igor Stoppa + * + * Based on arch/arm64/lib/clear_user.S + */ + +#include + +#include + + .text + +/* Prototype: int __arch_memset_user(void *addr, int c, size_t n) + * Purpose : set n bytes of user memory at "addr" to the value "c" + * Params : x0 - addr, user memory address to set + * : x1 - c, byte value + * : x2 - n, number of bytes to set + * Returns : number of bytes NOT set + * + * Alignment fixed up by hardware. + */ +ENTRY(__arch_memset_user) + uaccess_enable_not_uao x3, x4, x5 + // replicate the byte to the whole register + and x1, x1, 0xff + lsl x3, x1, 8 + orr x1, x3, x1 + lsl x3, x1, 16 + orr x1, x3, x1 + lsl x3, x1, 32 + orr x1, x3, x1 + mov x3, x2 // save the size for fixup return + subs x2, x2, #8 + b.mi 2f +1: +uao_user_alternative 9f, str, sttr, x1, x0, 8 + subs x2, x2, #8 + b.pl 1b +2: adds x2, x2, #4 + b.mi 3f +uao_user_alternative 9f, str, sttr, x1, x0, 4 + sub x2, x2, #4 +3: adds x2, x2, #2 + b.mi 4f +uao_user_alternative 9f, strh, sttrh, w1, x0, 2 + sub x2, x2, #2 +4: adds x2, x2, #1 + b.mi 5f +uao_user_alternative 9f, strb, sttrb, w1, x0, 0 +5: mov x0, #0 + uaccess_disable_not_uao x3, x4 + ret +ENDPROC(__arch_memset_user) + + .section .fixup,"ax" + .align 2 +9: mov x0, x3 // return the original size + ret + .previous From patchwork Mon Feb 11 23:27:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10806959 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C2A621575 for ; Mon, 11 Feb 2019 23:28:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B36E6299FB for ; Mon, 11 Feb 2019 23:28:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A6E5029A5C; Mon, 11 Feb 2019 23:28:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_WEB autolearn=no version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5261A29E90 for ; Mon, 11 Feb 2019 23:28:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 90AFB8E0197; Mon, 11 Feb 2019 18:28:26 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 8BD088E0189; Mon, 11 Feb 2019 18:28:26 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7D0B18E0197; Mon, 11 Feb 2019 18:28:26 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by kanga.kvack.org (Postfix) with ESMTP id 2B9138E0189 for ; Mon, 11 Feb 2019 18:28:26 -0500 (EST) Received: by mail-wr1-f71.google.com with SMTP id e14so231651wrt.12 for ; Mon, 11 Feb 2019 15:28:26 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=hnmNnr9YQbwfaI93UrUGE24zBu/XKqtY3CcuY5KmkdU=; b=qc+4ZrWBhS5lat9N38c7azJGytstjirpRoqoAkq3eMUe0XwK11dw2k1YuOtAk/ybdN 4Hr1f1TmZ3NlYCcch+7zXtTFB31MrmJcy7GXk/sbocW7Z5oAOrPFUdeTvdzeCtB55CnZ cQyko2+5CJ9Z8Wwv3oqvDh32QaACI9IBtX7eUdlnXATyQHrwiawJvD0J71Pt6d0Cmml3 rh96aCqAE9fe0HPwgg9k3el+ccEJEkLL9X8zYs3KFNMbN2qRFDiYHMyIT5pH/ddH5FOD zFoDkL6nln/ngDz3xMqvviG5uCaZaCFFSOm8wxinZVVNdpkJ1RQXG1UemCDVwzs8U4zs zL4A== X-Gm-Message-State: AHQUAuZ6T+cVQULoq2X8Ym0pGOIR7OWptnBri+/uldceAxz+nReEXu13 3zJbdcXnNt44iKgJ5twMOgc1O0iLrPNjDl3CoNAtvyexuGFNe7pyDr4dt8swv+Jyy3LqZCCVtR9 JigGcC982zBpDzS1Prg5E9vjHfdCHohW/eOgKFMRRzg/PrHpGHc9sF/sBBF5tkUekWJiYMl6CLa j+qmJE+l1cYbt5SpAKXQDzOo9PA41VrYPJSskPlPmMzQA4zrpIW4Lgsc47fFLkUwpUQAn+5n1u3 CWi6mT12YFSmuKzMEYwwFnaI5TSfEbaKVZR/H2psmxd30g6GyDMcbmnrhGUkMbE7Jc77IiZ6Ikc k/Rl/jewgUAcGCRHOgTkFVGK05InMtcQyi+DNXUjr9qAXPDAPbrWUuiyIIL6VXTNQgBGjfRYhqx h X-Received: by 2002:a1c:be09:: with SMTP id o9mr486338wmf.3.1549927705718; Mon, 11 Feb 2019 15:28:25 -0800 (PST) X-Received: by 2002:a1c:be09:: with SMTP id o9mr486290wmf.3.1549927704730; Mon, 11 Feb 2019 15:28:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549927704; cv=none; d=google.com; s=arc-20160816; b=MrvN5JYDmZOUV8Tfgd39fZCLVNOy36aw8w/mvk7DDUZKCZf5mhUhju/BiEddkXvH5+ 8YNtyckCiDTVsm3b0OqNO4bnUl4xMsRxrvgMweyFOJoHKqAO7GKFEkHfZbb/tOQaKk1W 183LyioC1eqAdXQIWETybhI63oYvwO9k3I4wlV2oXpyQ8lTTyOuRjpCW37Z2LYvTnznz nDKezftsLsMn+XJq6en6JlzPsrlnRtLlXljWSHoNI7jJrHVE+Lq3B8/CNxkH2R6rlyg1 iG0xehEux1N6CfwmS9V2NiIYlINKHDuAEIDNTQ1e1xItNhgv1bTB/b9xU3cEoZmQtBnu LSIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=hnmNnr9YQbwfaI93UrUGE24zBu/XKqtY3CcuY5KmkdU=; b=EcqWmDmOUgU/8qc6B71BIccjY1frGvyiMmMVUcWkgpxufZebzJzVm8Y3KJfCoCoJXx +ZTdFC/pL39NwdeNiW3ylj74q2zABIOGTHJNAofpv9HzD091ANb17qrAsQIp5OVRsU5y SCDMnzS7byJzx8a0uugtqhFwo7icP3aHLJGllHX5FcySOrqQXjV5gDuAMtJAYqrMiSWp yNUiZmyKsZPLRM7rxDHKot/ochNdpZWrkXGRlS0URe9ebGnA9CV15pHyW1ZIlfF+ZMZl xKEbdxGQmkZ4T/IgQi9gJ+YA0LnrShQkWwNmNZYJTi5MvxMKxAKGOFEyU8b29QAIlgiy L1Iw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=uYEaYUBO; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id x3sor7007056wrw.47.2019.02.11.15.28.24 for (Google Transport Security); Mon, 11 Feb 2019 15:28:24 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=uYEaYUBO; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=hnmNnr9YQbwfaI93UrUGE24zBu/XKqtY3CcuY5KmkdU=; b=uYEaYUBOjZ1m5B6He86ZkAdxBgB6xG90lpl13Gk1Hrdiy2liTU2fpge+1cP7+Qcn6P emp1I3cfdW/eFM5ehGcXia7aD5KRIrcUO5KLp3y0d03SJnHlYa9M1Nrk/j9WlOBZd5vM NPhVHQ5yjo3jg+IdDZgstra/VE5OEv5TkKDW60i2fCnhn1M3rHve7RRlJI3pwQX0i2oO nzXQ3Y1hVyuu7hiWSI6AAJ/iJgoifRyEzUCYAW/WTwTbuJ/c3kKLtIYUUXTTl2s4MABn myO9A78iPisLHHaZdLR9c6eEk1EQBlg6qs5wdKYl6B1b1EbFoU++Ygll3gD7Mvu2THwr kJMA== X-Google-Smtp-Source: AHgI3IZ5giTTjGoZ5V4UEH/aAowb6QbzDCVtz5Ak4aVSloW6V3hsGpwN/xytbf9yxR8h2JyjNIwF9Q== X-Received: by 2002:adf:9f48:: with SMTP id f8mr488678wrg.151.1549927704399; Mon, 11 Feb 2019 15:28:24 -0800 (PST) Received: from localhost.localdomain (bba134232.alshamil.net.ae. [217.165.113.120]) by smtp.gmail.com with ESMTPSA id e67sm1470295wmg.1.2019.02.11.15.28.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Feb 2019 15:28:23 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v4 06/12] __wr_after_init: arm64: enable Date: Tue, 12 Feb 2019 01:27:43 +0200 Message-Id: <3aa3892bcef3aa8613df74c911c56a3d07599630.1549927666.git.igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Set ARCH_HAS_PRMEM to Y for arm64 Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/arm64/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index a4168d366127..7cbb2c133ed7 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -66,6 +66,7 @@ config ARM64 select ARCH_WANT_COMPAT_IPC_PARSE_VERSION select ARCH_WANT_FRAME_POINTERS select ARCH_HAS_UBSAN_SANITIZE_ALL + select ARCH_HAS_PRMEM select ARM_AMBA select ARM_ARCH_TIMER select ARM_GIC From patchwork Mon Feb 11 23:27:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10806961 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3CC281390 for ; Mon, 11 Feb 2019 23:28:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2DCF6299FB for ; Mon, 11 Feb 2019 23:28:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 21B3729A9D; Mon, 11 Feb 2019 23:28:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_WEB autolearn=no version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B41FD299FB for ; Mon, 11 Feb 2019 23:28:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DECB98E0198; Mon, 11 Feb 2019 18:28:29 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id D9EB48E0189; Mon, 11 Feb 2019 18:28:29 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CB3358E0198; Mon, 11 Feb 2019 18:28:29 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by kanga.kvack.org (Postfix) with ESMTP id 77BEE8E0189 for ; Mon, 11 Feb 2019 18:28:29 -0500 (EST) Received: by mail-wr1-f71.google.com with SMTP id m7so233014wrn.15 for ; Mon, 11 Feb 2019 15:28:29 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=y4zotDQYnZoXB9lfg1fC2W7czb+qE54ZRjKDYZQbGrM=; b=dhDMM6VMi/JmH3+o0e+dDwzD3nPwjiM12Anzrk+e4C0NP8amX6LckJtujTNbtbXDfQ iH92sKATezcuVHmb0E8lGrH5nNdkZYM3zq8C8RKKF3r9h2D4dMuNv3mxiowoj6LRjqrL OFR4FyS/vt+ukGyv+LiI5IxLRaBm5TWRslLH0Fuyk49jGoHJLR1ZJ7P58wbjaMdLELqp peD8qLzQx3oP65NL2VbWaQn0cwY5FZCbhlelD04h/YF9z6drjPLrGaE/z/90w/Zb0ikb 2ThhNEo+tRZu+a0v//xnAuC1ElbOiJnJbjM6mh6gpCzbe8krhQgp8TophFDsoaEVDOHw mXGA== X-Gm-Message-State: AHQUAuYDXHKGnpWE6Kw5W0TaUJGLNr/Z5XheXEjZuEZwlEQbkiGgEayr VjG0KS+JA0wWlcB+BejB31cKRFxuojfXIOas2v2c0nMItPfdfzJrYDbp2xQBpCowcYxOlCU5OCX GMYPY1xGMN7oNJ57WXPmCvNuC7/37nLysYDhW/mzgsFDTkrw5SaHs3yyuQKtu7Z0HOu3XdahVU0 Jws36ToZGnxeQBPOUH6g0xzhhhFq2CX34HPs7kavIgsB+6uQwVHrSvAk7XWd3iCHpTHV13PVN7A KE3RkqqddKbRlz2r6c2uDC4PQyf60HK9GzWsRBHC+zLBzNRnKldGLQ75p1r/0pNJa+/svJMGyJr 5rqpdW5RLpzu1B/hUeJoldESLRBp9irldP9Tvr1/UV0Y0QX58XdYKpd9e8dweLbyGRqPH9qgorb o X-Received: by 2002:a5d:4ccb:: with SMTP id c11mr486702wrt.241.1549927709010; Mon, 11 Feb 2019 15:28:29 -0800 (PST) X-Received: by 2002:a5d:4ccb:: with SMTP id c11mr486664wrt.241.1549927707876; Mon, 11 Feb 2019 15:28:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549927707; cv=none; d=google.com; s=arc-20160816; b=GR1Cfpk9dEjDgxm6FJYi2ZJmfSN4k6wsy8nnpqf2St+7Kqur9ibgZrWm66G56OLmHo 7oIH3mIdvp+hxnishR1UlYVW1koO3LW1IkYzKZYKz14vzuQZhccg5Zxh0ft+jhSgzW+/ 4cAU4TpmFj58P3cp1hRQMt5MH7V5wApvDI0P3g1J+3QKwWYYBojsl792MeVcWi4bEtYN 2IGeRHqqTvBKZK9/85wd1kRelnhfN2Rezv30Hqf3sVsz63AOufLrvSRrvRBJ9n6ZFjTC IpGhV9orAuxMTaS0KySLbtNmiqB63WrmQ7bRh6Fy750Q6suAysznMqg3QAGmDfp3KCHX PZyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=y4zotDQYnZoXB9lfg1fC2W7czb+qE54ZRjKDYZQbGrM=; b=nMiBLVLZ2rXmUc3XQiVczGECK9nQA1lz7kFFvOOvHkP3k21q5oWbpiUSnT87gVA02B 1844VzJVZk/BUplS5l0KxXUOtAzfRKvMTxJ1aPzA6khRSIRyQvfKJ+yDAg+lPef5MjEo ADZyrACvxwBGZCGVX7gZKRUOuHN8CQBKYl4DdTdBMO0aJ7tiFIevjjWGLNajoibXeyO5 Eb72hLMNbaBIL0tleY3gHGCfayhuPjQPQyIZ+y6EuunQXnGzQsOYUpgQwzoEFShhOr+r P6e+gvT7VDPVCZ2ST+ClU8AD/W8Pmo/0Fg2g6UoRePXvXdVgox6veLuV9htq53CKuX6l +ZdQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=RiIwOk4Y; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id x5sor468988wmb.27.2019.02.11.15.28.27 for (Google Transport Security); Mon, 11 Feb 2019 15:28:27 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=RiIwOk4Y; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=y4zotDQYnZoXB9lfg1fC2W7czb+qE54ZRjKDYZQbGrM=; b=RiIwOk4Yh3oZElR1xL4cASyYj7D6BXihLz4aCG/v4xszt7i6uSqsxIV7ytYwftyfcc uTuXGibwTiA/aj+YnMYCpkiM2z6kfso+3dbhiW9YSOHBl6nP1RszYI63KB8K2NsBpdrq 0O12+xpEmBDUqkUXAPxb8OuavppC4Jr2y/PKJY27TEuHaKKz0cs5qLr1lY41XPnz7Zxl sA5IfuG6fAjiZmtxt25Ed0yZ2F0YDSgON1s7dC59J6yvzTcBnm5YPJLSt9XplPkdVRWQ K3g6xJSwVQiZphYA66q/CfA/tFG9bpv0/xDVALdXoiSGfJj+EbFGKE64OBFZr0dgUItK w5sw== X-Google-Smtp-Source: AHgI3IYPC5M3Lyg22y71g2LtAl1fvg/0Ej4pQcQ/hIiBIm9wNMef0twZh8pcHX4//0/AZscOz8ApJw== X-Received: by 2002:a1c:2804:: with SMTP id o4mr502017wmo.150.1549927707535; Mon, 11 Feb 2019 15:28:27 -0800 (PST) Received: from localhost.localdomain (bba134232.alshamil.net.ae. [217.165.113.120]) by smtp.gmail.com with ESMTPSA id e67sm1470295wmg.1.2019.02.11.15.28.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Feb 2019 15:28:26 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v4 07/12] __wr_after_init: Documentation: self-protection Date: Tue, 12 Feb 2019 01:27:44 +0200 Message-Id: X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Update the self-protection documentation, to mention also the use of the __wr_after_init attribute. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- Documentation/security/self-protection.rst | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rst index f584fb74b4ff..df2614bc25b9 100644 --- a/Documentation/security/self-protection.rst +++ b/Documentation/security/self-protection.rst @@ -84,12 +84,14 @@ For variables that are initialized once at ``__init`` time, these can be marked with the (new and under development) ``__ro_after_init`` attribute. -What remains are variables that are updated rarely (e.g. GDT). These -will need another infrastructure (similar to the temporary exceptions -made to kernel code mentioned above) that allow them to spend the rest -of their lifetime read-only. (For example, when being updated, only the -CPU thread performing the update would be given uninterruptible write -access to the memory.) +Others, which are statically allocated, but still need to be updated +rarely, can be marked with the ``__wr_after_init`` attribute. + +The update mechanism must avoid exposing the data to rogue alterations +during the update. For example, only the CPU thread performing the update +would be given uninterruptible write access to the memory. + +Currently there is no protection available for data allocated dynamically. Segregation of kernel memory from userspace memory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From patchwork Mon Feb 11 23:27:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10806965 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B0C301399 for ; Mon, 11 Feb 2019 23:28:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A0A22299FB for ; Mon, 11 Feb 2019 23:28:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 94C6229A9D; Mon, 11 Feb 2019 23:28:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_WEB autolearn=no version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 16B61299FB for ; Mon, 11 Feb 2019 23:28:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5D7048E0199; Mon, 11 Feb 2019 18:28:33 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 5AC7C8E0189; Mon, 11 Feb 2019 18:28:33 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 477F08E0199; Mon, 11 Feb 2019 18:28:33 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by kanga.kvack.org (Postfix) with ESMTP id DFAE68E0189 for ; Mon, 11 Feb 2019 18:28:32 -0500 (EST) Received: by mail-wr1-f71.google.com with SMTP id x3so221371wru.22 for ; Mon, 11 Feb 2019 15:28:32 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=FDryqu5ur4j9ePg/wc9MnpTPYVkBg8AjJFLLJs3gfA8=; b=CimRDiFCjEFO38H/4J2qQiQYg9D3vKNrjjQCT3sKzEnPSQhGO0E3Fjs67iq4L2yXkP TlLsJK71Ecbn66xKsLm+cgrewoa7bWuCsObBiuu++TB+8YUbS1jBJCuEPwaKthAmhzgl C+QgJWyfcAcgk8nCrAFkXa707TBDdbiCZRJvEoX009cXaSh68q4s6TB1NapjGoHw/wj7 fFbj1gUEWkDWikEMYUBavHKZNlLiKqfIf5Xlm8HgFScUS4Cbwcw5POWro5XNYEr6MLVE 5ojE+MPZJ8t18Q2Khl7NnqTsS8dN3j98gm2EBLYJgClR/GJwOyDQjLHrd4qsRdzDuCa1 gJdg== X-Gm-Message-State: AHQUAuYgCOi9faKWp6O4kNG1kGvwXnYcIV9D97zFQt5FOJEGY+nhugLN E3T0xs4wEznQf+1hbgdluhWvVLOGre46rNnb+/WXiVdbcxrkwVpjmIn7XBK6qhyiRlSZtR2LT7y DMIFmHZqIjLIeJGJzCyltg0XHMyX0z420A8pBUYN1oKvW9/0mBteL19rfMH3JsX1cXPbFTj1tf1 iOTuEV16/3fpMPuXMpvErmCiCSZMugp1KUB/Zrz+r2KkXaVaQufI4cZL2HvYxrs2Fwc1xyL8LDb 3s9GDu72TBaHGqIucBSJzuxby6vh2xjheEMZkxOm2QWOWvxrtkk9Jk0kTBM+BhJ/hXcgOLGmAKd v//dJYuR0msFPJjylac0Z+6KvfKyVsc+oP8KPhXyraDTIvCmariYpJGADUWumeJmFXctomgky1G 8 X-Received: by 2002:a5d:4486:: with SMTP id j6mr456269wrq.41.1549927712438; Mon, 11 Feb 2019 15:28:32 -0800 (PST) X-Received: by 2002:a5d:4486:: with SMTP id j6mr456220wrq.41.1549927711129; Mon, 11 Feb 2019 15:28:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549927711; cv=none; d=google.com; s=arc-20160816; b=us5uFo8j7PAvA+lhVOBL1u4fVxBnREuKx2V7/p3CQJRfTpYTb+SzlYNTbI7IdTTWUG eb8pk+eEKZ1kmsSknbjtRer7QQxfM3Pmg5+3sCnCi/cPTwD1mbM1vONj86Oj9rktlUW5 1sTdaWr1cNKeiBbQ6jLAA4+Fv60snZDVnRg7kL7ByCSpXJEIXflU0rah0MwaqZjn7Y4Q Sj9PMfeGQEwMxEE8YmlUdeY29/vGPav1CJpi0aXGoAEdpumIIoz8jXts2XhzkR60cdaY l3y6oV0YY1Hvun60LJ2RsLoOyppRo2s9QowIKPfDXcJluZNthpT5ColBvA93yoyl+UAp uMFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=FDryqu5ur4j9ePg/wc9MnpTPYVkBg8AjJFLLJs3gfA8=; b=Mtw8mnRsCvFbU0ATmo+xEzE//jRpM15teOMZjpWjuThT5PhVryKHHnqE8xSRGqDHJE xEBdKqGTYsnd32OfUyPOPgYQ2e2NxduXPZaeSUEcWDwKf3Q7cN6Wmc/j0wDhHSSTO67g /BdeRnG+tK9Fswu2Sm+broI0dJN8HWJY9w/nMCQG7mjxukWx5zyPUIZInDXCD3n1R7J9 XExKfFauYjyUSxPBsH7GGOmUnFf/BXxjSMSrWom0xYKphIfN0Ai4UfYlh3RMd3Y8y7Ne XxfiQo2mlrE1U88SA/WaLRUNw4ZLzfrWsexFDlHJVa/wk65QwYvJu/Qi/jcsjTvHnpIL BHBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=h0Rzbxd5; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id f193sor503703wme.9.2019.02.11.15.28.31 for (Google Transport Security); Mon, 11 Feb 2019 15:28:31 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=h0Rzbxd5; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=FDryqu5ur4j9ePg/wc9MnpTPYVkBg8AjJFLLJs3gfA8=; b=h0Rzbxd5vn6TVM2F2wuqMENuqEgutSdwfh3qz1lUYLLEMfzzzFr+9FKaWiM0SL7W/l PMFr/LndNJVr8UlZOHtY8hVVLm1ymPo6bBVirh1KqTOo1QuyQ10b8dyw6Up5cQgDaCI1 MqMBnExiZM6pKTNfcEJSMM6f+AP7TnRUhahb1YCl/NAT19yR8i9SdJIdijWHiJAsJHOH rA/m0TBUELlebS6i3BK6rYJIqveTENGDdz52jo5px/scN6ruwhzpSOrXXFX86fD/rg/U DWtGaSmXDyNtXRrLF30Q6TRcElVr7wnfYYgwhiq9Pjo/v/ZbTPeSEW/poumVo6sQ/JpM tlNw== X-Google-Smtp-Source: AHgI3IbtlJdoliv99+hxRUZolITpfcILFWmzZayl1QjTtb4jAfcYq8ZcflEbQCEsF264j4rFm1ARKw== X-Received: by 2002:a1c:4044:: with SMTP id n65mr477987wma.85.1549927710788; Mon, 11 Feb 2019 15:28:30 -0800 (PST) Received: from localhost.localdomain (bba134232.alshamil.net.ae. [217.165.113.120]) by smtp.gmail.com with ESMTPSA id e67sm1470295wmg.1.2019.02.11.15.28.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Feb 2019 15:28:30 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v4 08/12] __wr_after_init: lkdtm test Date: Tue, 12 Feb 2019 01:27:45 +0200 Message-Id: <8708f8d2c541ce803072acec153f38011b271e90.1549927666.git.igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Verify that trying to modify a variable with the __wr_after_init attribute will cause a crash. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- drivers/misc/lkdtm/core.c | 3 +++ drivers/misc/lkdtm/lkdtm.h | 3 +++ drivers/misc/lkdtm/perms.c | 29 +++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/drivers/misc/lkdtm/core.c b/drivers/misc/lkdtm/core.c index 2837dc77478e..73c34b17c433 100644 --- a/drivers/misc/lkdtm/core.c +++ b/drivers/misc/lkdtm/core.c @@ -155,6 +155,9 @@ static const struct crashtype crashtypes[] = { CRASHTYPE(ACCESS_USERSPACE), CRASHTYPE(WRITE_RO), CRASHTYPE(WRITE_RO_AFTER_INIT), +#ifdef CONFIG_PRMEM + CRASHTYPE(WRITE_WR_AFTER_INIT), +#endif CRASHTYPE(WRITE_KERN), CRASHTYPE(REFCOUNT_INC_OVERFLOW), CRASHTYPE(REFCOUNT_ADD_OVERFLOW), diff --git a/drivers/misc/lkdtm/lkdtm.h b/drivers/misc/lkdtm/lkdtm.h index 3c6fd327e166..abba2f52ffa6 100644 --- a/drivers/misc/lkdtm/lkdtm.h +++ b/drivers/misc/lkdtm/lkdtm.h @@ -38,6 +38,9 @@ void lkdtm_READ_BUDDY_AFTER_FREE(void); void __init lkdtm_perms_init(void); void lkdtm_WRITE_RO(void); void lkdtm_WRITE_RO_AFTER_INIT(void); +#ifdef CONFIG_PRMEM +void lkdtm_WRITE_WR_AFTER_INIT(void); +#endif void lkdtm_WRITE_KERN(void); void lkdtm_EXEC_DATA(void); void lkdtm_EXEC_STACK(void); diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c index 53b85c9d16b8..f681730aa652 100644 --- a/drivers/misc/lkdtm/perms.c +++ b/drivers/misc/lkdtm/perms.c @@ -9,6 +9,7 @@ #include #include #include +#include #include /* Whether or not to fill the target memory area with do_nothing(). */ @@ -27,6 +28,10 @@ static const unsigned long rodata = 0xAA55AA55; /* This is marked __ro_after_init, so it should ultimately be .rodata. */ static unsigned long ro_after_init __ro_after_init = 0x55AA5500; +/* This is marked __wr_after_init, so it should be in .rodata. */ +static +unsigned long wr_after_init __wr_after_init = 0x55AA5500; + /* * This just returns to the caller. It is designed to be copied into * non-executable memory regions. @@ -104,6 +109,28 @@ void lkdtm_WRITE_RO_AFTER_INIT(void) *ptr ^= 0xabcd1234; } +#ifdef CONFIG_PRMEM + +void lkdtm_WRITE_WR_AFTER_INIT(void) +{ + unsigned long *ptr = &wr_after_init; + + /* + * Verify we were written to during init. Since an Oops + * is considered a "success", a failure is to just skip the + * real test. + */ + if ((*ptr & 0xAA) != 0xAA) { + pr_info("%p was NOT written during init!?\n", ptr); + return; + } + + pr_info("attempting bad wr_after_init write at %p\n", ptr); + *ptr ^= 0xabcd1234; +} + +#endif + void lkdtm_WRITE_KERN(void) { size_t size; @@ -200,4 +227,6 @@ void __init lkdtm_perms_init(void) /* Make sure we can write to __ro_after_init values during __init */ ro_after_init |= 0xAA; + /* Make sure we can write to __wr_after_init during __init */ + wr_after_init |= 0xAA; } From patchwork Mon Feb 11 23:27:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10806967 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7AA391399 for ; Mon, 11 Feb 2019 23:28:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 697D0299FB for ; Mon, 11 Feb 2019 23:28:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5C50929A9D; Mon, 11 Feb 2019 23:28:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_WEB autolearn=no version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DB058299FB for ; Mon, 11 Feb 2019 23:28:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B0B638E019A; Mon, 11 Feb 2019 18:28:36 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id AB86D8E0189; Mon, 11 Feb 2019 18:28:36 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9CDE18E019A; Mon, 11 Feb 2019 18:28:36 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by kanga.kvack.org (Postfix) with ESMTP id 49CC98E0189 for ; Mon, 11 Feb 2019 18:28:36 -0500 (EST) Received: by mail-wm1-f70.google.com with SMTP id t133so245853wmg.4 for ; Mon, 11 Feb 2019 15:28:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=vgb7J+uzu72a1nLgAIDJQpmIZYI0IWGcwJEvrx3eHk8=; b=OwMSbqSDTUPZ6gKp2d4PWeA9uNuSba4WaEP19RfIthKkplBf3qFa3635uOvBo30zn2 lyhlXCzlEynp2tbL834m0s7Chcuwe0Eb6Bm/FxEjXNEdTq9WufOIvItQdU7ylG0Jc3uf afGub34Llo706an/LIZLLV/sDicHbY6oWeX63+aS4X/WJfklAQ2C/isDJc+5auPM4xT3 YhNs5hrXYYBEyjsR/Hge7+B8FPWhrRF/1zSYDGUhIs2Ocv2c5zr+Ph3nKzkt21s/1wFW HATPVW3JkgS0rrrYPeGA8jlSFlV/3wecJYA19YaOSE8/dQpFNeS9aNTtipzKjNqnvdgf pXjA== X-Gm-Message-State: AHQUAubmgv1yQxGd2WVKbLJhTPf+fdjvcnDd3JLjcphy9c8m4ICoTF+x w5/9QHgOH6uNZuYt04L/vS221GEZRi+4sgTiGs6k+UWdCUeZOKnth1mIpqAGDQqXZM5vqQHszKV 3VcmCQlzyyLXmz/dylohqhRZD8sPWE3p6X07BdPl01AsTDVTJ1cKpYqRwBQbz6DUz3/fnAqpo+G sGtnNm7iHsqqL7y3o3JhFnFG2d/HTT6cenrcLn96B6E82obgRm3ZAThdjbFCEqs7wTKsv5qu2KA BralepOviB2GYbkaAfmRWspefKqWu5WM0RYgHT0kDQ6C+XrZzgvCB53CSmVu5QSDPqfQLoT5qbZ i8UwtygNk9J0rewscB6bIw+Ma+UF5z94J+U+KZF3E5VzTOD54jGAE4NOMN6XCymAGwYwmnh12nj B X-Received: by 2002:a1c:9e4a:: with SMTP id h71mr517373wme.82.1549927715825; Mon, 11 Feb 2019 15:28:35 -0800 (PST) X-Received: by 2002:a1c:9e4a:: with SMTP id h71mr517323wme.82.1549927714542; Mon, 11 Feb 2019 15:28:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549927714; cv=none; d=google.com; s=arc-20160816; b=UGRKSWEkeSTEFhFBZU9FtJ0W+JQV4iv30cYwiW6wPd9MDlFtuZI1VWsWhXKOXsoskJ YueGHMalXUHPh3k53A2ugDWL586vNkYEQCV3ihVa+/Uhu6uCMNcifnJrwp9r7TVBUtpp JHKdVRhq0wuh6dV6pyPgr+k+d1lRu1WwmwLcOxd5HYoH0I/gIv/jsrrPmuf5Z8ZwrS71 JL9qgOAP9oH7VE35zzkL6aMMY7AMR1CRV344el53Ywtgemmme9SOPDAlXxhV1jD1FRHI H0XfvXWqn121G6S3WqZoz8JQoPdxmprTMTzOEp8k3/gBOvrra7zO5xNktxw/ep45sIde tCaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=vgb7J+uzu72a1nLgAIDJQpmIZYI0IWGcwJEvrx3eHk8=; b=0dZl+jM3avIpPwR3H4q6h4wJRWEl9/KO+hXo8UVnujcCiAoAeFWJDOORYf/+C3CBnt oGsQV22N1LqzFsEiTeAx/bcISdfuvEQPStMPIcYCx0TM9XPaJZcRc386AT5V5JIIy1jw mfhJEQLRePOAaNEbWodZAyAuLYhuZ+ECWoaFo4a2W3P/9JouRXaGd8+4HpsyipgNDUXJ gYndz271i0yOwM5uAG2EFrjFqzAbCOjy4SAfKX6wDH3uVbPWAsuZcivJAWB8u3Lc1vbV jjpD9STEFkjA6vlZ6+ThWlUlS9fQM8o2dn+utLQUla0Dnoz4wGMnfAjeWbCoZiCh/UB4 2U+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=VmiIU8pX; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id d7sor3668525wrx.34.2019.02.11.15.28.34 for (Google Transport Security); Mon, 11 Feb 2019 15:28:34 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=VmiIU8pX; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=vgb7J+uzu72a1nLgAIDJQpmIZYI0IWGcwJEvrx3eHk8=; b=VmiIU8pXfiJ8oLtorDhULSxsmh+YjuTJjvlq8YuRiNowB4/1UqpCrVw5BosEBTfL6V lQbb1zyKnf0f37rNuOWdB/36I0sBvIypEXOaJlidU+6cLxaed7X4JobdhlwNv7l2ZOgr CLcpjJ/DKikqWa2/di7U6WvgXoxM13L73BBHmEh+vVp+7fBOqFY3BuY7Dsv3OewGcQn7 wx+umnTSpRY8mM+athafH9jgbBlDHfGt5caNxzNx1BFVa2rsre/0TI78tes3g2BD6/u6 dID0vUXju22Zkh/Kep+vSEP2+NHeXyAdLybiLgP8GoWTcJfJRcKIg6pEbmyXmkESLdcX RvPg== X-Google-Smtp-Source: AHgI3IbQwu8eTmjbJnx/2r01oGyJDgWGHUAAfDPRDsTqvehJCmHsCuN42bxdkY5qB2bklveZMh0xdg== X-Received: by 2002:adf:f410:: with SMTP id g16mr517807wro.246.1549927714236; Mon, 11 Feb 2019 15:28:34 -0800 (PST) Received: from localhost.localdomain (bba134232.alshamil.net.ae. [217.165.113.120]) by smtp.gmail.com with ESMTPSA id e67sm1470295wmg.1.2019.02.11.15.28.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Feb 2019 15:28:33 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v4 09/12] __wr_after_init: rodata_test: refactor tests Date: Tue, 12 Feb 2019 01:27:46 +0200 Message-Id: X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Refactor the test cases, in preparation for using them also for testing __wr_after_init memory, when available. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- mm/rodata_test.c | 48 ++++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/mm/rodata_test.c b/mm/rodata_test.c index d908c8769b48..e1349520b436 100644 --- a/mm/rodata_test.c +++ b/mm/rodata_test.c @@ -14,44 +14,52 @@ #include #include -static const int rodata_test_data = 0xC3; +#define INIT_TEST_VAL 0xC3 -void rodata_test(void) +static const int rodata_test_data = INIT_TEST_VAL; + +static bool test_data(char *data_type, const int *data, + unsigned long start, unsigned long end) { - unsigned long start, end; int zero = 0; /* test 1: read the value */ /* If this test fails, some previous testrun has clobbered the state */ - if (!rodata_test_data) { - pr_err("test 1 fails (start data)\n"); - return; + if (*data != INIT_TEST_VAL) { + pr_err("%s: test 1 fails (init data value)\n", data_type); + return false; } /* test 2: write to the variable; this should fault */ - if (!probe_kernel_write((void *)&rodata_test_data, - (void *)&zero, sizeof(zero))) { - pr_err("test data was not read only\n"); - return; + if (!probe_kernel_write((void *)data, (void *)&zero, sizeof(zero))) { + pr_err("%s: test data was not read only\n", data_type); + return false; } /* test 3: check the value hasn't changed */ - if (rodata_test_data == zero) { - pr_err("test data was changed\n"); - return; + if (*data != INIT_TEST_VAL) { + pr_err("%s: test data was changed\n", data_type); + return false; } /* test 4: check if the rodata section is PAGE_SIZE aligned */ - start = (unsigned long)__start_rodata; - end = (unsigned long)__end_rodata; if (start & (PAGE_SIZE - 1)) { - pr_err("start of .rodata is not page size aligned\n"); - return; + pr_err("%s: start of data is not page size aligned\n", + data_type); + return false; } if (end & (PAGE_SIZE - 1)) { - pr_err("end of .rodata is not page size aligned\n"); - return; + pr_err("%s: end of data is not page size aligned\n", + data_type); + return false; } + pr_info("%s tests were successful", data_type); + return true; +} - pr_info("all tests were successful\n"); +void rodata_test(void) +{ + test_data("rodata", &rodata_test_data, + (unsigned long)&__start_rodata, + (unsigned long)&__end_rodata); }