From patchwork Wed Feb 13 22:41:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10810991 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4B01E13B4 for ; Wed, 13 Feb 2019 22:42:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 387072E5BD for ; Wed, 13 Feb 2019 22:42:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 29E552E5C5; Wed, 13 Feb 2019 22:42:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6BF672E5BD for ; Wed, 13 Feb 2019 22:42:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6B22E8E0003; Wed, 13 Feb 2019 17:42:05 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 660A18E0001; Wed, 13 Feb 2019 17:42:05 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5772C8E0003; Wed, 13 Feb 2019 17:42:05 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by kanga.kvack.org (Postfix) with ESMTP id 01A118E0001 for ; Wed, 13 Feb 2019 17:42:05 -0500 (EST) Received: by mail-wr1-f71.google.com with SMTP id e2so1420081wrv.16 for ; Wed, 13 Feb 2019 14:42:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=kjAa+t6wY/NU2SY0EM7WFSE8Fn53OhOBDHc4ci8NYm0=; b=AYmeFB33jNHfkzWYd/dlIdhuCzzPTzGoYeiDyX5HC/8R77vH2pTjWqp8dKnSgVAbpS /gryM4t58miFGasLBoJ3+kRi8QXeOY0XU2OQY/ivIRCDqRpHjRPsEB+KIlNOy4Qh6F35 gSlbLnhKw+yBk4l/p1+BLJnjxrsmUMeFJyanBpG1+DHsTy8Q8eG9pqM8cYnoxRHI3TaM RgZ86iK3BCTY7idwybwPM66PqLz8zdOnh+VZ8fwX+wgAjeALDmlZDKV/VIM0fn95CCS2 nYnN80vk+MqxfU2cvjJwVFpapgLQy7alGtvdNmo8ljKs5wciwZNd6uIS/1dSo2xkej0+ TR4Q== X-Gm-Message-State: AHQUAubjE/FDQF+SIhaNCNCVYG8WGVaQpH934QTG/Q164jA/zHsvlduS LFPIdwgvtABSNi5luQnuAat+6xkZdSqZMF8g6gVw4590MZ6kbSvSPR7osM+kfipdirDklYFF9a9 IAkawzilvCSBVc2ghng4AlDYnSHKlOupY46eksh3olULBusOUXZRX9dR52THvJYnstkzbLaCItR 0/GOhJr3q+t3y7hvK02F1llRFe/Y3+eCdtEvWO7B0BvG1l/4Afczsjmz8Lasmw/ZSEerheAH3cd vWQqo/Hi3Gdisd7U87GXwrgj+UHvvK1TrdUlr2K+ecYUcDQDmLoDTyYeuu5pUm1GJ/FQih6+oxQ TlRYFKymXxUIhP+67Rk1Z/71ZUkmhwWJXUU3cxqvCdnm2HuipqvPLuQLxQFR1FmVrXXCRDkKYlf i X-Received: by 2002:a1c:4406:: with SMTP id r6mr285806wma.114.1550097724432; Wed, 13 Feb 2019 14:42:04 -0800 (PST) X-Received: by 2002:a1c:4406:: with SMTP id r6mr285756wma.114.1550097723042; Wed, 13 Feb 2019 14:42:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550097723; cv=none; d=google.com; s=arc-20160816; b=U3FPondsc40989MtdXVdPM9hBRX5hBXPnuQHEsJxvE2zmceV66v0bKvjmj9/ECwh+4 Qf/qVgDwulwZKJL8Aqp1CrJXyn4ykouwv41eHpu+NVweLS2fXcm8HW55wD+5+W4FSDgv 50Ltz96ClJKzXPFHWpHpHZoMxYswvEbbZrvgMoBnsvPRQ59S4SqdOYn6ddmyvZzjrPAA pQZLao/+7w016lMyXeOi8jzBQuvDejrwt7HAG7fUFzaVAebpi+qSPUaxR++U6ROLzsF2 c+21Sn+l1UEzlMLitRIffsF7RHvuorrpJc2iYe/pkhLjq6rNGyuumppnZwtCphZ6hduI oH3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=kjAa+t6wY/NU2SY0EM7WFSE8Fn53OhOBDHc4ci8NYm0=; b=KVIM/lfvAd/et+vK8/eSmuyajQ+fZGkkT/Nhfcv08Tw7pKxj3xNQVwPw4K5fG8mkIJ yVNOyREcXXZ5qKJYg9GNxd9U+/THiQhdSPiJgwE12zih+xe+OdNcrGoiI4ySUKBWhQGK ODPNAlsERfuzO4ewuqBwB/9Xk8egQYf4JU/9E1cShyNxIbgWNXnSZjuZOS7twXdRaqBp uo2NH9avnLnMYuTKiBcNejcjdEDkNQMa5hpI2Hq2ZvCgkeCuwZqWLcd9vEkcbepo8roH nGGUqKwMhNopM5s8UU6AsZpPJbkofUp+rGKo/ZiRqiQdHrRSjcfRMLBT5+j07yuTFtnH bN0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=htxDPkLV; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id l7sor375027wrr.32.2019.02.13.14.42.02 for (Google Transport Security); Wed, 13 Feb 2019 14:42:03 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=htxDPkLV; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=kjAa+t6wY/NU2SY0EM7WFSE8Fn53OhOBDHc4ci8NYm0=; b=htxDPkLVivpCFTEypIPdGV2Vzcy/7XwcJiFvkwrG1psnxGi0fwBH5MLtVcas4TkNf5 2COfLAp/A9wWDZh7H5gt102tb7USgrH5kt07OADZ62iZ43snyIC276rQR5VrT/1El2/W xjBunUpUkSW+Qh91l934BeWTDHAQcJWiFP/kYDazdDd4vbtSNU+FJAvWw+fLPq7EvfFU Arlb671GTpQ1x/rP/Cvm4uNqUkB4YrSanMLjKsj5w2WO7E0A83BivOFJjTGARHAfpbCF WRHIGFlgf5iu7w8wz8WdPjUo1vptVV3XpP9jWK9oNCS8+VV96xSKRv+x4spertOFgrkH 24iw== X-Google-Smtp-Source: AHgI3IZj/GseIu78wPoR51yZNgKKZ1+PWmXGjgVTEqwtadfMaSne4o21po7GtJbpbfy7KQjSsZdPYA== X-Received: by 2002:adf:dbc4:: with SMTP id e4mr322496wrj.320.1550097722567; Wed, 13 Feb 2019 14:42:02 -0800 (PST) Received: from localhost.localdomain ([91.75.74.250]) by smtp.gmail.com with ESMTPSA id f196sm780810wme.36.2019.02.13.14.41.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 14:42:01 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v5 02/12] __wr_after_init: linker section and attribute Date: Thu, 14 Feb 2019 00:41:31 +0200 Message-Id: X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Introduce a linker section and a matching attribute for statically allocated write rare data. The attribute is named "__wr_after_init". After the init phase is completed, this section will be modifiable only by invoking write rare functions. The section occupies a set of full pages, since the granularity available for write protection is of one memory page. The functionality is automatically activated by any architecture that sets CONFIG_ARCH_HAS_PRMEM Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/Kconfig | 15 +++++++++++++++ include/asm-generic/vmlinux.lds.h | 25 +++++++++++++++++++++++++ include/linux/cache.h | 21 +++++++++++++++++++++ init/main.c | 3 +++ 4 files changed, 64 insertions(+) diff --git a/arch/Kconfig b/arch/Kconfig index 4cfb6de48f79..b0b6d176f1c1 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -808,6 +808,21 @@ config VMAP_STACK the stack to map directly to the KASAN shadow map using a formula that is incorrect if the stack is in vmalloc space. +config ARCH_HAS_PRMEM + def_bool n + help + architecture specific symbol stating that the architecture provides + a back-end function for the write rare operation. + +config PRMEM + bool "Write protect critical data that doesn't need high write speed." + depends on ARCH_HAS_PRMEM + default y + help + If the architecture supports it, statically allocated data which + has been selected for hardening becomes (mostly) read-only. + The selection happens by labelling the data "__wr_after_init". + config ARCH_OPTIONAL_KERNEL_RWX def_bool n diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 3d7a6a9c2370..ddb1fd608490 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -311,6 +311,30 @@ KEEP(*(__jump_table)) \ __stop___jump_table = .; +/* + * Allow architectures to handle wr_after_init data on their + * own by defining an empty WR_AFTER_INIT_DATA. + * However, it's important that pages containing WR_RARE data do not + * hold anything else, to avoid both accidentally unprotecting something + * that is supposed to stay read-only all the time and also to protect + * something else that is supposed to be writeable all the time. + */ +#ifndef WR_AFTER_INIT_DATA +#ifdef CONFIG_PRMEM +#define WR_AFTER_INIT_DATA(align) \ + . = ALIGN(PAGE_SIZE); \ + __start_wr_after_init = .; \ + . = ALIGN(align); \ + *(.data..wr_after_init) \ + . = ALIGN(PAGE_SIZE); \ + __end_wr_after_init = .; \ + . = ALIGN(align); +#else +#define WR_AFTER_INIT_DATA(align) \ + . = ALIGN(align); +#endif +#endif + /* * Allow architectures to handle ro_after_init data on their * own by defining an empty RO_AFTER_INIT_DATA. @@ -332,6 +356,7 @@ __start_rodata = .; \ *(.rodata) *(.rodata.*) \ RO_AFTER_INIT_DATA /* Read only after init */ \ + WR_AFTER_INIT_DATA(align) /* wr after init */ \ KEEP(*(__vermagic)) /* Kernel version magic */ \ . = ALIGN(8); \ __start___tracepoints_ptrs = .; \ diff --git a/include/linux/cache.h b/include/linux/cache.h index 750621e41d1c..09bd0b9284b6 100644 --- a/include/linux/cache.h +++ b/include/linux/cache.h @@ -31,6 +31,27 @@ #define __ro_after_init __attribute__((__section__(".data..ro_after_init"))) #endif +/* + * __wr_after_init is used to mark objects that cannot be modified + * directly after init (i.e. after mark_rodata_ro() has been called). + * These objects become effectively read-only, from the perspective of + * performing a direct write, like a variable assignment. + * However, they can be altered through a dedicated function. + * It is intended for those objects which are occasionally modified after + * init, however they are modified so seldomly, that the extra cost from + * the indirect modification is either negligible or worth paying, for the + * sake of the protection gained. + */ +#ifndef __wr_after_init +#ifdef CONFIG_PRMEM +#define __wr_after_init \ + __attribute__((__section__(".data..wr_after_init"))) +#else +#define __wr_after_init +#endif +#endif + + #ifndef ____cacheline_aligned #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif diff --git a/init/main.c b/init/main.c index c86a1c8f19f4..965e9fbc5452 100644 --- a/init/main.c +++ b/init/main.c @@ -496,6 +496,8 @@ void __init __weak thread_stack_cache_init(void) void __init __weak mem_encrypt_init(void) { } +void __init __weak wr_init(void) { } + bool initcall_debug; core_param(initcall_debug, initcall_debug, bool, 0644); @@ -713,6 +715,7 @@ asmlinkage __visible void __init start_kernel(void) cred_init(); fork_init(); proc_caches_init(); + wr_init(); uts_ns_init(); buffer_init(); key_init(); From patchwork Wed Feb 13 22:41:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10810995 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 754C013A4 for ; Wed, 13 Feb 2019 22:42:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 647742E57C for ; Wed, 13 Feb 2019 22:42:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 58B612E5C4; Wed, 13 Feb 2019 22:42:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5C5EA2E57C for ; Wed, 13 Feb 2019 22:42:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 466C08E0004; Wed, 13 Feb 2019 17:42:09 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 418258E0001; Wed, 13 Feb 2019 17:42:09 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2E04F8E0004; Wed, 13 Feb 2019 17:42:09 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by kanga.kvack.org (Postfix) with ESMTP id C70698E0001 for ; Wed, 13 Feb 2019 17:42:08 -0500 (EST) Received: by mail-wr1-f71.google.com with SMTP id a5so1456826wrq.3 for ; Wed, 13 Feb 2019 14:42:08 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=cpONfAPk6wUEDmhM/mWi+eIpTzfniRXVZiNB9IzUGPk=; b=m56d6Gro/7P+kSbz7Aj8sH1yCrBHgKw32OLEyDPlVHnYdYcFKkpQyBVnXURYTQqvb8 6VdiWmMIg+05IOn/eN1xuo3j7uELvg8jVP0ej2+VyndlWboXTg9fMYfgyWdvql2/My8w SX2lGLyZ2ioGzebCpV26ogiSexqH4U7ALseONNG+lHiIvd4RW3PhrsOcD4JiWZhtdhMN 2IuCAf8QVaw/RqnZd0KOUpqTLCwjZQWNNcLX8ZYtqRAlzYiVGXSxJKPQlcQWfryyTGo7 ZC4M9KlpMk5mfOWShCBaT4zzFDYqEVSe0V2lVnCvEExSGPWTl8NrOQPSxwUNKczoLEPv pyHw== X-Gm-Message-State: AHQUAuZOGmWdQQXtbkPRI2Uz6qbZaPIiRAFEFNu5vkDxLeT91CsifuEC X118UXgmsVL5EkL9Hs7uU2VJ43okVikfJF9/eyLUyc476zuBHL9LVAq/aPhiRsck2s4Mu0LxFjF ae14ovQD05+32VCgVxb7qUNk5pA+DrVpNs1SX2hOnOdFousOg6eJyDEsebSy1TP3YY+DcAXZZqt cRMiX+fedke470+bG0UdnqIFoWOWAKyLarkQ73Qs5P0Kx0E2rC38l/vqZH7brLxnlloAcbGGp7e QBpvHhw5wOM56ZR3fH21eu4/wEGNSzOUsjMIqDGfgiQAtEPo7/PhgZQIkMJ4MQ3lf5vY85oab2w 6SSFsXLeBcWXNejDlzId6l6h2MhPqPcsfb9mcgeh2RwaDLQQ3d+BEEb6YZsp3wWKqsvsotITwDd V X-Received: by 2002:a5d:684c:: with SMTP id o12mr307814wrw.27.1550097728257; Wed, 13 Feb 2019 14:42:08 -0800 (PST) X-Received: by 2002:a5d:684c:: with SMTP id o12mr307750wrw.27.1550097726645; Wed, 13 Feb 2019 14:42:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550097726; cv=none; d=google.com; s=arc-20160816; b=WB0wSRoiM6AxksyWnbFGnXC5TP0VNise2NujphUuzjcABbAK5lZS6E9gHj2r8RSTkz P1kPdiyuijTvbE49+o7OqW6h2KVNvGqfGftsXBMrX2/ZCkaEGShEJ5D4XMkvGAlQCXJn Bkb4eE/wNBJVPjsKdfHTWip2qzGkd8evXm7vU/C6eizF/Yx18F/FATS665RFMKdBpSY8 bsVnIn+GaJx4SkFAYgA+CcfhBjkI2V4Tx6LnugKGQMcBgwo0Q+emzmRCQPyziEmYxPkY 9OOvmAS0TZCSE/bi2LdNM+OO4xIoknxfzKi0GzgToJN28qfA5qRphfUse6Gb98DBAwXC sTgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=cpONfAPk6wUEDmhM/mWi+eIpTzfniRXVZiNB9IzUGPk=; b=n7jbLBuf2UAjMq6MEwmvGpKURH1iaip/eE5a46/HxudVJvzDj8/u8E5TKB9jnN/C2V qsy+ntEUPqYxiwsx/b+EJ04ySeaILRDOmumLmULKs9wnthSgFkdRpfHQmkL2QphUR2sZ B8Bo1stZU9G+QAMofUHN/8ZrI/RKsMHIthASP3P74ly0Eotm4MXZ9Ha8ddzD0cqmjIsW DEBRvvy5jYevcoAk/k9mYkB9h9sOwfM57mvbStkwHYV3lTIH45qR1u8x5TW0OoXqYrCk 24+gdRyIisGeNu/ifh0fRbXmyFxVfAYhmR31xLhLG3a0t3GDvvqDl7+EnWaoUuLP6+uW JvOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=NpfP7YMb; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id t12sor382713wrw.18.2019.02.13.14.42.06 for (Google Transport Security); Wed, 13 Feb 2019 14:42:06 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=NpfP7YMb; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=cpONfAPk6wUEDmhM/mWi+eIpTzfniRXVZiNB9IzUGPk=; b=NpfP7YMbJknkb6E3ICzhLie/Ht/jwcXKzMye0lW81///ks6jBgvQ+e/FX0ZxxsCtov XKeBVlUVXI+U69qDLw2JRlDtAAIxgmqGtUNJFB8QMih7zWs/OLhYMnqgf2o33qQ3ExWR qaMPjJOz7wPhv300bJIAb+8aCIyxfD4C5Bjx/3Nv1UekkxpFvKbXF8pDM04Sk+h1Sjwk htAExuZfH2AFo0WF8glM+Tk0+CILfeKZYGKeFfpL95nHs6HWuZXX1RiBuNHXcM2q4NSV avo1AoEA1DLXHjvXfXygwMstbZR/DmPOQRkVB/bSl5SRRIFyJ9ryc19c52A/fCUkUuF0 PYfA== X-Google-Smtp-Source: AHgI3Ia+VS3rKLWjGclsu+NoPrWW7oZG4FVXw0KNdR0DM973AqQZb9oxD5K7+pvCp25qY/FuXW3lEQ== X-Received: by 2002:adf:ba8e:: with SMTP id p14mr289178wrg.230.1550097726136; Wed, 13 Feb 2019 14:42:06 -0800 (PST) Received: from localhost.localdomain ([91.75.74.250]) by smtp.gmail.com with ESMTPSA id f196sm780810wme.36.2019.02.13.14.42.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 14:42:05 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v5 03/12] __wr_after_init: Core and default arch Date: Thu, 14 Feb 2019 00:41:32 +0200 Message-Id: X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The patch provides: - the core functionality for write-rare after init for statically allocated data, based on code from Matthew Wilcox - the default implementation for generic architecture A specific architecture can override one or more of the default functions. The core (API) functions are: - wr_memset(): write rare counterpart of memset() - wr_memcpy(): write rare counterpart of memcpy() - wr_assign(): write rare counterpart of the assignment ('=') operator - wr_rcu_assign_pointer(): write rare counterpart of rcu_assign_pointer() In case either the selected architecture doesn't support write rare after init, or the functionality is disabled, the write rare functions will resolve into their non-write rare counterpart: - memset() - memcpy() - assignment operator - rcu_assign_pointer() For code that can be either link as module or as built-in (ex: device driver init function), it is not possible to tell upfront what will be the case. For this scenario if the functions are called during system init, they will automatically choose, at runtime, to go through the fast path of non-write rare. Should they be invoked later, during module init, they will use the write-rare path. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/Kconfig | 7 ++ include/linux/prmem.h (new) | 70 ++++++++++++++ mm/Makefile | 1 + mm/prmem.c (new) | 193 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 271 insertions(+) diff --git a/arch/Kconfig b/arch/Kconfig index b0b6d176f1c1..0380d4a64681 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -814,6 +814,13 @@ config ARCH_HAS_PRMEM architecture specific symbol stating that the architecture provides a back-end function for the write rare operation. +config ARCH_HAS_PRMEM_HEADER + def_bool n + depends on ARCH_HAS_PRMEM + help + architecture specific symbol stating that the architecture provides + own specific header back-end for the write rare operation. + config PRMEM bool "Write protect critical data that doesn't need high write speed." depends on ARCH_HAS_PRMEM diff --git a/include/linux/prmem.h b/include/linux/prmem.h new file mode 100644 index 000000000000..05a5e5b3abfd --- /dev/null +++ b/include/linux/prmem.h @@ -0,0 +1,70 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * prmem.h: Header for memory protection library - generic part + * + * (C) Copyright 2018-2019 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + */ + +#ifndef _LINUX_PRMEM_H +#define _LINUX_PRMEM_H + +#include +#include +#include + +#ifndef CONFIG_PRMEM + +static inline void *wr_memset(void *p, int c, __kernel_size_t n) +{ + return memset(p, c, n); +} + +static inline void *wr_memcpy(void *p, const void *q, __kernel_size_t n) +{ + return memcpy(p, q, n); +} + +#define wr_assign(var, val) ((var) = (val)) +#define wr_rcu_assign_pointer(p, v) rcu_assign_pointer(p, v) + +#else + +void *wr_memset(void *p, int c, __kernel_size_t n); +void *wr_memcpy(void *p, const void *q, __kernel_size_t n); + +/** + * wr_assign() - sets a write-rare variable to a specified value + * @var: the variable to set + * @val: the new value + * + * Returns: the variable + */ + +#define wr_assign(dst, val) ({ \ + typeof(dst) tmp = (typeof(dst))val; \ + \ + wr_memcpy(&dst, &tmp, sizeof(dst)); \ + dst; \ +}) + +/** + * wr_rcu_assign_pointer() - initialize a pointer in rcu mode + * @p: the rcu pointer - it MUST be aligned to a machine word + * @v: the new value + * + * Returns the value assigned to the rcu pointer. + * + * It is provided as macro, to match rcu_assign_pointer() + * The rcu_assign_pointer() is implemented as equivalent of: + * + * smp_mb(); + * WRITE_ONCE(); + */ +#define wr_rcu_assign_pointer(p, v) ({ \ + smp_mb(); \ + wr_assign(p, v); \ + p; \ +}) +#endif +#endif diff --git a/mm/Makefile b/mm/Makefile index d210cc9d6f80..ef3867c16ce0 100644 --- a/mm/Makefile +++ b/mm/Makefile @@ -58,6 +58,7 @@ obj-$(CONFIG_SPARSEMEM) += sparse.o obj-$(CONFIG_SPARSEMEM_VMEMMAP) += sparse-vmemmap.o obj-$(CONFIG_SLOB) += slob.o obj-$(CONFIG_MMU_NOTIFIER) += mmu_notifier.o +obj-$(CONFIG_PRMEM) += prmem.o obj-$(CONFIG_KSM) += ksm.o obj-$(CONFIG_PAGE_POISONING) += page_poison.o obj-$(CONFIG_SLAB) += slab.o diff --git a/mm/prmem.c b/mm/prmem.c new file mode 100644 index 000000000000..455e1e446260 --- /dev/null +++ b/mm/prmem.c @@ -0,0 +1,193 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * prmem.c: Memory Protection Library + * + * (C) Copyright 2018-2019 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + */ + +#include +#include + +/* + * In case an architecture needs a different declaration of struct + * wr_state, it can select ARCH_HAS_PRMEM_HEADER and provide its own + * version, accompanied by matching __wr_enable() and __wr_disable() + */ +#ifdef CONFIG_ARCH_HAS_PRMEM_HEADER +#include +#else + +struct wr_state { + struct mm_struct *prev; +}; + +#endif + + +__ro_after_init struct mm_struct *wr_mm; +__ro_after_init unsigned long wr_base; + +/* + * Default implementation of arch-specific functionality. + * Each arch can override the parts that require special handling. + */ +unsigned long __init __weak __init_wr_base(void) +{ + return 0UL; +} + +void * __weak __wr_addr(void *addr) +{ + return (void *)(wr_base + (unsigned long)addr); +} + +void __weak __wr_enable(struct wr_state *state) +{ + lockdep_assert_irqs_disabled(); + state->prev = current->active_mm; + switch_mm_irqs_off(NULL, wr_mm, current); +} + +void __weak __wr_disable(struct wr_state *state) +{ + lockdep_assert_irqs_disabled(); + switch_mm_irqs_off(NULL, state->prev, current); +} + +bool __init __weak __wr_map_address(unsigned long addr) +{ + spinlock_t *ptl; + pte_t pte; + pte_t *ptep; + unsigned long wr_addr; + struct page *page = virt_to_page(addr); + + if (unlikely(!page)) + return false; + wr_addr = (unsigned long)__wr_addr((void *)addr); + + /* The lock is not needed, but avoids open-coding. */ + ptep = get_locked_pte(wr_mm, wr_addr, &ptl); + if (unlikely(!ptep)) + return false; + + pte = mk_pte(page, PAGE_KERNEL); + set_pte_at(wr_mm, wr_addr, ptep, pte); + spin_unlock(ptl); + return true; +} + + +#if ((defined(INLINE_COPY_TO_USER) && !defined(memset_user)) || \ + !defined(INLINE_COPY_TO_USER)) +unsigned long __weak memset_user(void __user *to, int c, unsigned long n) +{ + unsigned long i; + char b = (char)c; + + for (i = 0; i < n; i++) + copy_to_user((void __user *)((unsigned long)to + i), &b, 1); + return n; +} +#endif + +void * __weak __wr_memset(void *p, int c, __kernel_size_t n) +{ + return (void *)memset_user((void __user *)p, (u8)c, n); +} + +void * __weak __wr_memcpy(void *p, const void *q, __kernel_size_t n) +{ + return (void *)copy_to_user((void __user *)p, q, n); +} + +/* + * The following two variables are statically allocated by the linker + * script at the boundaries of the memory region (rounded up to + * multiples of PAGE_SIZE) reserved for __wr_after_init. + */ +extern long __start_wr_after_init; +extern long __end_wr_after_init; +static unsigned long start = (unsigned long)&__start_wr_after_init; +static unsigned long end = (unsigned long)&__end_wr_after_init; +static inline bool is_wr_after_init(void *p, __kernel_size_t n) +{ + unsigned long low = (unsigned long)p; + unsigned long high = low + n; + + return likely(start <= low && high <= end); +} + +#define wr_mem_is_writable() (system_state == SYSTEM_BOOTING) + +/** + * wr_memcpy() - copies n bytes from q to p + * @p: beginning of the memory to write to + * @q: beginning of the memory to read from + * @n: amount of bytes to copy + * + * Returns pointer to the destination + */ +void *wr_memcpy(void *p, const void *q, __kernel_size_t n) +{ + struct wr_state state; + void *wr_addr; + + if (WARN_ONCE(!is_wr_after_init(p, n), "Invalid WR range.")) + return p; + + if (unlikely(wr_mem_is_writable())) + return memcpy(p, q, n); + + wr_addr = __wr_addr(p); + local_irq_disable(); + __wr_enable(&state); + __wr_memcpy(wr_addr, q, n); + __wr_disable(&state); + local_irq_enable(); + return p; +} + +/** + * wr_memset() - sets n bytes of the destination p to the c value + * @p: beginning of the memory to write to + * @c: byte to replicate + * @n: amount of bytes to copy + * + * Returns pointer to the destination + */ +void *wr_memset(void *p, int c, __kernel_size_t n) +{ + struct wr_state state; + void *wr_addr; + + if (WARN_ONCE(!is_wr_after_init(p, n), "Invalid WR range.")) + return p; + + if (unlikely(wr_mem_is_writable())) + return memset(p, c, n); + + wr_addr = __wr_addr(p); + local_irq_disable(); + __wr_enable(&state); + __wr_memset(wr_addr, c, n); + __wr_disable(&state); + local_irq_enable(); + return p; +} + +struct mm_struct *copy_init_mm(void); +void __init wr_init(void) +{ + unsigned long addr; + + wr_mm = copy_init_mm(); + BUG_ON(!wr_mm); + + wr_base = __init_wr_base(); + + /* Create alternate mapping for the entire wr_after_init range. */ + for (addr = start; addr < end; addr += PAGE_SIZE) + BUG_ON(!__wr_map_address(addr)); +} From patchwork Wed Feb 13 22:41:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10811001 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 55AF713A4 for ; Wed, 13 Feb 2019 22:42:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4396D2E57C for ; Wed, 13 Feb 2019 22:42:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 378412E5BF; Wed, 13 Feb 2019 22:42:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B56C82E57C for ; Wed, 13 Feb 2019 22:42:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 41A988E0005; Wed, 13 Feb 2019 17:42:12 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 3CB1E8E0001; Wed, 13 Feb 2019 17:42:12 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 292008E0005; Wed, 13 Feb 2019 17:42:12 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by kanga.kvack.org (Postfix) with ESMTP id C35968E0001 for ; Wed, 13 Feb 2019 17:42:11 -0500 (EST) Received: by mail-wr1-f70.google.com with SMTP id f4so1448686wrg.9 for ; Wed, 13 Feb 2019 14:42:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=ziJEcxmH0HELRYpJ/Cx0XBIGaICt7y2RQVCxbSTmAUA=; b=WyLkXaRPNnXb7MxCwCwqHq5/DwYd42nFEG+yYpEcnwgt5ThT6VxQ+9Vl0/CkTMGdGi khC2gmQXqLxCDUzariIy8FXPIaDt97gr7VwUblJy7Xmp536F+7p5WNSUyr+C2h8WNsM4 FVB4OCcC2fHap+oqilB5ybcYbJRVlXXicocamf4EYRfpqz45VPvDPCYk6Uxx+8RdD29i p6Ex9DnqRUQIfKHIoWj1N8HO6stw4jolprpHMmDCI8aseLwef9aY2HJTBDyS758WGQV3 MGwTaK0e19LOOjnYOG83yE4TyJvV81/2AucsuzOLHBT2/2wgObbS2A3AfvPEuysc3s/H l2MQ== X-Gm-Message-State: AHQUAua+ch34gU0KE6lpEDr9aMr6Jj/e269SA0tbPAqhDE8DqffQHD0t R8FZeWXxhbzaTjW9OBracmYi75Hp0udLrqKpgELp98hpWZSvf6GK4JU3Um1bX9adcKY8txE4ZDy Yboa87p7tfcUhNaAZq0/7XK2OX//GJDeJ7L4slY23xCI3LcgiX9FIzVsQ1ozCDXRRVEr/e28mLH pC6qXtWM/33LfdoDHGpvEZgxki+E9ZrNsfl/aipbTC5OyS7VxsO68sxgCo2YddHW77w2nVkAVdy jpBi348li/ZAI6ECK/e7I/AoU9BIKY5wFCCIp4wn8xLpIUBCs0rFO/kDbWaQf/8ha/YStncs/bS UOW290IWqyjUW3JVDIUpbpmBRZYqae++KQtooGzORfBRHaaThlFm9/oQaqjgkzdAVpb+XIw5In6 j X-Received: by 2002:a1c:7ec4:: with SMTP id z187mr270566wmc.43.1550097731321; Wed, 13 Feb 2019 14:42:11 -0800 (PST) X-Received: by 2002:a1c:7ec4:: with SMTP id z187mr270522wmc.43.1550097730035; Wed, 13 Feb 2019 14:42:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550097730; cv=none; d=google.com; s=arc-20160816; b=BfBiruVrDw/zpTL/pos5BatqESbH+edNjQ8WhHEXZcYciZU+UiKPLFUMpAYt22Udy3 dai6R4NLzxN4iRvYQ6DAgu3kF07RbIiRf5ucZvK/MPMJpm2jDwB6fygPPwz5rD3fVUbb 2MkHUaQ1DBCIqlI1K8ZOaRvEl8NzbBVjEbsP94l28svhUU37WmO7Kbz5u951RHDByBNI 9BG60UMv/IFkNNHtyojkMyICpEHZTC9SBGAABqitK5VJrC9oGK6oBHJ40N9LypkzTQq4 0H/GXwc+V4DoGNMgvtJ7+y7bH7/qQS2qsGTGaobwUfmf6CVGGM/8vyXYW5uUExW0W6B6 DXyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=ziJEcxmH0HELRYpJ/Cx0XBIGaICt7y2RQVCxbSTmAUA=; b=zVhDCJVHsJ6H+4B0b0XS0bcqaGfgcQ0pTyc2Wha1F/5wt+y5pLdcntHyKCS9bFCDT+ mg6ipOCPFm8QYIdNs+qJhc6DpPTyYou1mAcc0AQLL8ft3iXBP4+wOEH/dmX7b4h4ulBW LBJnJPNfpQ+gOOHekTpc5BWiSdaHN83iD5o/5cL2p6NwHtJt7ZSmTsgxOOEd2j8WCIYN UvdC4APnw0H3586hze4e9D26a2qVqDmM7jE+lqhD4AUUUoE05Wk2kBcZxlARIj2ItPI7 9q3glTa1YRRHNdtIRq48eAYersBwMPszK8mQc0TjLOvIn/tMNcx9pfaeMFDA6FgncQPp gwrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=AT0rnd8B; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id n12sor394671wrm.10.2019.02.13.14.42.09 for (Google Transport Security); Wed, 13 Feb 2019 14:42:10 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=AT0rnd8B; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=ziJEcxmH0HELRYpJ/Cx0XBIGaICt7y2RQVCxbSTmAUA=; b=AT0rnd8BnDyFyzfZmtZcyeTBEWOmVhTvPmEu5QNum22iV2TcKjKPwLVNWNeagC0CRy ctLWeeTYC/+F6/tKvEGXpJEyq+9Yz6bCFYiyBbA3twYThdmj5oAWC32/BvKKUsEGEX7o Ld9HklU7c97NPh13SsZ6fCE/5BMVPh9dqK1naXMrYOstuBxbrBxG+SqHXwEloEStPyvR ffmv8EeqFFFoGyKtg14GqIYxFVbRpPQFp2z+rCCaXp+qC/Cyh9Zji9wP1jG6KdtLhlYx p7hNzJkTQdZOgNlQY/A8FTBEwkpMfs3AiT9jAGZANXbmBbnzIfgztEwbiLzC+FwV2x8J VLpg== X-Google-Smtp-Source: AHgI3IYtU8/AyDQPgRNLGyOtrkGvf7ehC6WRZeZ6D8zc6PNd3G4s/XlOJrLl2q5Ckle3r/z/jdGkyg== X-Received: by 2002:adf:fa0d:: with SMTP id m13mr285795wrr.93.1550097729690; Wed, 13 Feb 2019 14:42:09 -0800 (PST) Received: from localhost.localdomain ([91.75.74.250]) by smtp.gmail.com with ESMTPSA id f196sm780810wme.36.2019.02.13.14.42.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 14:42:09 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v5 04/12] __wr_after_init: x86_64: randomize mapping offset Date: Thu, 14 Feb 2019 00:41:33 +0200 Message-Id: <4f3b363bfd20ec0d79a0b066581d72145bb65883.1550097697.git.igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP x86_64 specialized way of defining the base address for the alternate mapping used by write-rare. Since the kernel address space spans across 64TB and it is mapped into a used address space of 128TB, the kernel address space can be shifted by a random offset that is up to 64TB and page aligned. This is accomplished by providing arch-specific version of the function __init_wr_base() Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/x86/mm/Makefile | 2 ++ arch/x86/mm/prmem.c (new) | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index 4b101dd6e52f..66652de1e2c7 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -53,3 +53,5 @@ obj-$(CONFIG_PAGE_TABLE_ISOLATION) += pti.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_identity.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_boot.o + +obj-$(CONFIG_PRMEM) += prmem.o diff --git a/arch/x86/mm/prmem.c b/arch/x86/mm/prmem.c new file mode 100644 index 000000000000..b04fc03f92fb --- /dev/null +++ b/arch/x86/mm/prmem.c @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * prmem.c: Memory Protection Library - x86_64 backend + * + * (C) Copyright 2018-2019 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + */ + +#include +#include + +unsigned long __init __init_wr_base(void) +{ + /* + * Place 64TB of kernel address space within 128TB of user address + * space, at a random page aligned offset. + */ + return (((unsigned long)kaslr_get_random_long("WR Poke")) & + PAGE_MASK) % (64 * _BITUL(40)); +} From patchwork Wed Feb 13 22:41:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10811003 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E67A113B4 for ; Wed, 13 Feb 2019 22:42:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D63F22E5BD for ; Wed, 13 Feb 2019 22:42:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CA3B92E5BF; Wed, 13 Feb 2019 22:42:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6506C2E57C for ; Wed, 13 Feb 2019 22:42:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B6DFF8E0006; Wed, 13 Feb 2019 17:42:15 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id B1C648E0001; Wed, 13 Feb 2019 17:42:15 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A0B618E0006; Wed, 13 Feb 2019 17:42:15 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by kanga.kvack.org (Postfix) with ESMTP id 476CF8E0001 for ; Wed, 13 Feb 2019 17:42:15 -0500 (EST) Received: by mail-wr1-f71.google.com with SMTP id s5so1404387wrp.17 for ; Wed, 13 Feb 2019 14:42:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=ktrl99/4+i4VLz6USppssXo49kPq9nmcbGTF0KLoSBQ=; b=WPqPFKDQV3JJ+TDgA76JEHkrzpGat3dtg9u+IKXuVwKRqYLoxlQ2MDIhujHE3tttJR Ia2oYZWMIx92JfL/An9A5b2PsIMNMqT/hZP8tAAxQ6b7mC0ge14PhM9ZTSUZ0Y5Ok1kE T8gn9LfnZxtbTWQWXtQhpGSBxDnUegi3nc88Dt3wKoWQs9iOh1Z54e8YzQSx4+byIOsP VRlkYqR7+cjDF6ZJ9MCZNT+xMafXDcmsgvIC3uwNYD4bwSj+p/UJ4E14nnijkqO6Pfgi WjattkpMq0QHOFoTPBM0dYp4/VDL5HWrVaUgGRprd0QmKzhJNuTrYjnJ3pyYKo34r/+y Olyg== X-Gm-Message-State: AHQUAuaLe0zJ1LPEVl64ytkHFmehZjk73jrXEPuOWNPrm781hUcp1FQ9 FEuNEHVMq4jAE9mG9C4M+fZWmtEHgqZjIwyiLrhah9O4li/A0xJeUrAecd1sjqHnlxQiZCrs27W 9JlADs7FWLOUUJGY50cK9GBpGdRYXA35zBXp2Rr4qbSQONpUX26epQF2jR0iqebkKoWGO1ZhIOM gglNdh4SO6ucSLmJcnCy8XWbxs4FuBkLOyi98Mmr3nffbz5oRyOSlMRoL8H4yi2yvotZ2jGqQib qmhnkSs+9Jtk5mgLK81R+a8AGs2qBcxhfQ4eDoCnv3KKM9X61/Vvg9u2Lz6vQZYB8YCDPwvM5q5 CrX+FEqG+YV73UwDdWT140j9hCdSk9RRc5y61SPEDtIaMFf/6If1Y/p06Ist7zEHEpj2zbvzaam W X-Received: by 2002:adf:dccf:: with SMTP id x15mr265362wrm.309.1550097734818; Wed, 13 Feb 2019 14:42:14 -0800 (PST) X-Received: by 2002:adf:dccf:: with SMTP id x15mr265324wrm.309.1550097733753; Wed, 13 Feb 2019 14:42:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550097733; cv=none; d=google.com; s=arc-20160816; b=Iunf3gO/q1x4BCwtnFHWOlufww9Tpsw0uGcR4+TUvhZqFz6o2Cbuk6XWvKOAvxTeNk m2LP0Rdot2PEx8N6QB1pcDSFkbhkOQrlROvY2fwgW+y++Qs0YnwW77f2VMwF9mgO+K8L kVwMs6UtlgU39l5Ke+y6XA8FqNiyTa8ahvsO1+VOkSpChcZakrO/ykfMpKjst8NAWwGV tfItf7irbPCFQmAi68+VcqRUdpDy6Wn5lkZ0vt5WPnBT6XmMtZx4Tn2YiYKyw/JcxE8l cH5Jo6RHWjlcnYvhGmFlgi8sch9v1TiEtgMB/IXmoB4Qo+W2zab9j8uuoVQ8EKqyi4du ENtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=ktrl99/4+i4VLz6USppssXo49kPq9nmcbGTF0KLoSBQ=; b=lVk21soFr6NhkQ+bzJCdIYL/6gbeiyVKt9gk9iHVPTb9YwQ8YV8s8g95tQzgbJ6U+A ZvBe5qj9BcS4E/4DL/lprw+yOKItLT+uzZfOAc3C27rwYkHl3774otjeqESG3gB3xv3B rLCCu95sbywl0Hw3rcpxrpwia0PIKs+sgo79iCRAHWzoqFESJ47SH6fBXpVhXRHtGqwK AMaJO3/2A7uPuFD1QEt5zOFr/iobah9jL8atui3l4xxH+x0n54rMr8cFFsqLu/iY0+KR WKQz4/o29BYWZZSB/9qnqoPwD/H4qdlucdrqt81C3rvK/dISDACsruRZsvMC83hjGLlX ycSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PL+qO4BS; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 71sor369955wma.20.2019.02.13.14.42.13 for (Google Transport Security); Wed, 13 Feb 2019 14:42:13 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PL+qO4BS; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=ktrl99/4+i4VLz6USppssXo49kPq9nmcbGTF0KLoSBQ=; b=PL+qO4BSrqbTBZVvQdKVfuy3/R+TSzmQVsSmPWSD0nYfCQOw4/ftFDGqeAZGSDmsrD gp5dGhCLQjbXWBv2zPEel7ZGbFiiHXKIek08yxjbI/8bRXIXLDgV3glT33iw2UZwlzF6 ZWtW7gYc5MVUhpPAtUuhRfoed2qyAVf+Nntc5wC3H4/s2pYobeRt0viKWP7Txq5JAUgK zb27BPlMpvk46SWw6eK2V2YyFXBJnAP8jjBEEB5li9V5UUDTFf3bDWz8iq6hJrbY/pXp KcT+ffr0v8t9+4SCEJMuLmWpGXbPjoJa2FgJQJ6vmf7fAQnr6F1cclKwU046m0j6BDC+ kczQ== X-Google-Smtp-Source: AHgI3IZgZPIjnSp/dGfR7iVH0dIRhuCCwStYtqJDhnVvkktzfFNDDUM47bqA//xCjlNKL+dEg6bIOg== X-Received: by 2002:a1c:a58c:: with SMTP id o134mr259360wme.79.1550097733324; Wed, 13 Feb 2019 14:42:13 -0800 (PST) Received: from localhost.localdomain ([91.75.74.250]) by smtp.gmail.com with ESMTPSA id f196sm780810wme.36.2019.02.13.14.42.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 14:42:12 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v5 05/12] __wr_after_init: x86_64: enable Date: Thu, 14 Feb 2019 00:41:34 +0200 Message-Id: X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Set ARCH_HAS_PRMEM to Y for x86_64 Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/x86/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 68261430fe6e..7392b53b12c2 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -32,6 +32,7 @@ config X86_64 select SWIOTLB select X86_DEV_DMA_OPS select ARCH_HAS_SYSCALL_WRAPPER + select ARCH_HAS_PRMEM # # Arch settings From patchwork Wed Feb 13 22:41:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10811007 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1F2C813A4 for ; Wed, 13 Feb 2019 22:42:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0CF862E57C for ; Wed, 13 Feb 2019 22:42:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 00D992E5BF; Wed, 13 Feb 2019 22:42:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8D8892E57C for ; Wed, 13 Feb 2019 22:42:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1A9208E0007; Wed, 13 Feb 2019 17:42:19 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 15AA78E0001; Wed, 13 Feb 2019 17:42:19 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 06F398E0007; Wed, 13 Feb 2019 17:42:19 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by kanga.kvack.org (Postfix) with ESMTP id A4D1D8E0001 for ; Wed, 13 Feb 2019 17:42:18 -0500 (EST) Received: by mail-wr1-f71.google.com with SMTP id b8so1423895wru.10 for ; Wed, 13 Feb 2019 14:42:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=hnmNnr9YQbwfaI93UrUGE24zBu/XKqtY3CcuY5KmkdU=; b=NYLcPf4PhDTfluHGTJ2dshFnd/hJDB1aj6PZ9aFFDduSj290pEv8sCG5Kau+LHhs+2 s0euHu8yTiOeeens+bqmEteR/NMaMfx07ikIpm48zTbIUE2Krvr+oNKHVDMP1MMR1Q+I nrP0FGsUJYCBYabq+wXwLr+awG061Rgim7WAiilgnpnYKcJJJdJs9jV51KPSdwr72/lx Sei6xA13c2ex2VuPXsTMCfITxKDpnSVrMZiYUGXHkMcxXrSD96J7Gk1zEoTXsTdRozGO yeDRobV8j9Bpy264RdHMRmKffkkklZkZrIpYiHGm1SAOwYY10M1cKg2jLFlQG1c8q7Je hWfQ== X-Gm-Message-State: AHQUAuaOTkxbXhif7MdifNgHRVDwAx5dnseaXG49lw6azlIK4qPgOobg lh+LjN2aOszAVGJmZGiwUM5kaktEL9ly12Wr2hhhXHxDMTBylgd+com4tD884qzs2udIgK9Niz/ dlaksUif86MJ2K+MofbfvR9Un7eUlabEy3NCqmt+X/QgaeakVsdygHsjzka4CLp4jWFSbZrPv+C 9hvpScOXq7lvytW5Wd/xYQquo92eyUiTZNIpsN+YgV3kUYS2MTmr6ldPhFOq7cLPZvPoC+uI95h kg3+GlIH1Y8Kzt2MiKIuakgEO1UcjbsIKHMJox/dD/f6P+MHMeNT1O5bQonnyw0BYN3SFOG4hPg WrR9kCYSYs9ltPGZXIPusmGmsNaiDv/tt4hL4jv48VXoh+t2MuQGSOOyS2/AYuh6dBbj1w7ce1T 2 X-Received: by 2002:a1c:7304:: with SMTP id d4mr274752wmb.136.1550097738173; Wed, 13 Feb 2019 14:42:18 -0800 (PST) X-Received: by 2002:a1c:7304:: with SMTP id d4mr274713wmb.136.1550097737138; Wed, 13 Feb 2019 14:42:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550097737; cv=none; d=google.com; s=arc-20160816; b=ea32TTZfql8fA90Xe9wvpcC0GBtxCzQtcMoPrZe6ClqqOfHx3Dvp4PjLnIWnfpkRr0 W9cfo/mGQdP6Pe71eszCAQFcLw3M8gquGe6IJIXVWip5fpKZUre455TiQxF0I5v9biBs R1yDGwtgGG9ZhWr8cL5ZDA+ok4P7fxTsu4WcmQJrjybbY0YVGsIeRHGgiYoQM7WfiJCu H+GnGD9OH8BSS/lC/VPk2BkcSOpBnl9/+MbLdmSnoDf0Eoy1TXrzLvH8NcQ5bIpcF5eg JIsHCJOiq+OQ3yvVEZxw9AV8A2RU0jj3aGBcSZ3NrHGxg9rZK1LvojOnp3Qlovq0gxLa oJCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=hnmNnr9YQbwfaI93UrUGE24zBu/XKqtY3CcuY5KmkdU=; b=FhM+gWRprXsj4d/x1afJa2lx/TvegK5T5ka7PCSpj+C9ezeaG+aWo6JMhWns35P0tV TLNY2rj3xbPoutU/JAyr6Tm9MP8/jn3SttDbXgstH3Nj4SD7BaT+Efytr7y0Y8D3skVk dLA3JKtWXmt6rEmThFMR9K3w2JYvfPChsWyuVEe0F/4wJAerV0MP3Uv/J6qh0Fus8xMD PwW3dzUfUM6OSf6ePUJkuKgJJP7/LZBesLh0tSsKgF6gGHruOcCOcp17au8QgBQC8A/c l8L13rxI3IaPI6RJncQxpI4II8v21SGnGNLmQsd6pex5QJxKKIY+yi+2KB5vVMxoONGU b3TA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PNVepkl6; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id e5sor376952wru.29.2019.02.13.14.42.17 for (Google Transport Security); Wed, 13 Feb 2019 14:42:17 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PNVepkl6; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=hnmNnr9YQbwfaI93UrUGE24zBu/XKqtY3CcuY5KmkdU=; b=PNVepkl6wnUM5Gny5FQUy8cW58lk/9t/2MXulvttnDMJYmFIRT1s7OQDhJgy7JoYKr RENLyyEJtlADc4C3wWCABbcBNHnXBcoU97GOP46rTUOZi8pzqVZgUHorFtxsx6S0m9bo 8cwStO91nzWS2kMGecQlHxxNYgZSEJk8564FrYQFFBKN79k5hsgwSqoR6L1SUgrG5STy 6DnBXrTS5lCwPxLO7pNI8vjUAOAOL0lBgIhfFj90qFIvbvWhy2EvSEM+VEn4kc13PxnL G3vVyv/a1nxVe44l0Mz6WkwSBr5iEs3AxGCQ+65TWE7c0BkrHQtenb7WOy6oPPulyMcA vpRg== X-Google-Smtp-Source: AHgI3IY2zZ/s+/of06qs5oz7e3UG5TRwg7xiFolsJ/mC0V02SnY5LJL9Knhh3oBwoWb72MhgeMlbNw== X-Received: by 2002:a5d:5289:: with SMTP id c9mr284768wrv.11.1550097736697; Wed, 13 Feb 2019 14:42:16 -0800 (PST) Received: from localhost.localdomain ([91.75.74.250]) by smtp.gmail.com with ESMTPSA id f196sm780810wme.36.2019.02.13.14.42.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 14:42:16 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v5 06/12] __wr_after_init: arm64: enable Date: Thu, 14 Feb 2019 00:41:35 +0200 Message-Id: X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Set ARCH_HAS_PRMEM to Y for arm64 Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- arch/arm64/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index a4168d366127..7cbb2c133ed7 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -66,6 +66,7 @@ config ARM64 select ARCH_WANT_COMPAT_IPC_PARSE_VERSION select ARCH_WANT_FRAME_POINTERS select ARCH_HAS_UBSAN_SANITIZE_ALL + select ARCH_HAS_PRMEM select ARM_AMBA select ARM_ARCH_TIMER select ARM_GIC From patchwork Wed Feb 13 22:41:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10811011 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C0F9013B4 for ; Wed, 13 Feb 2019 22:42:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AF86C2E5BF for ; Wed, 13 Feb 2019 22:42:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A33532E5CC; Wed, 13 Feb 2019 22:42:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2C8DC2E5BF for ; Wed, 13 Feb 2019 22:42:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AAA2D8E0008; Wed, 13 Feb 2019 17:42:22 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id A580A8E0001; Wed, 13 Feb 2019 17:42:22 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 947D18E0008; Wed, 13 Feb 2019 17:42:22 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by kanga.kvack.org (Postfix) with ESMTP id 3A5548E0001 for ; Wed, 13 Feb 2019 17:42:22 -0500 (EST) Received: by mail-wm1-f71.google.com with SMTP id f202so923318wme.2 for ; Wed, 13 Feb 2019 14:42:22 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=y4zotDQYnZoXB9lfg1fC2W7czb+qE54ZRjKDYZQbGrM=; b=KgplK5PAk5My2zFRWtPSW5mQ7OT6SvyLKkvq4Iz1eThKVhWhuyV+Ty4ZFU4FCZreMA H+JoL6+hyFOJiklmKUntDlIVCO1FQ8U/G8rQ2OGBIIuBQb2u4tXitA6EbhwPfISZ8iSF tyl+1SEiebV5CPZMhjN823NX316V44YysGaPAxgP2N6b/mG+9sx4rGypba7LWe2LxKTz 042eZBnHJLmk0CXqB35N1pzld59iwMfmh5axyoMXSbfTSya738OAg1cE2rr7PNdHe1fM oqJntZfBxzHdl2oUSTzgyrYH5tQ6k6W90Vn5nNthST1ud50oBMdSXdld3cmMRzHFS0GZ E4mg== X-Gm-Message-State: AHQUAuZmivQGQgPzDcHIGbirPAEZRAbXVqtsJjFFnImLbHnjGlucr63I V8JDxyKEYSkxwP9FlDnYpg3JHNxWmR/zHQKfSu9DCzy58o56y9nNPsBgJQAoAcwcw4AINv7X92o 1XUZC6ulRnHBUCGpp6eJNR48jqsiwEFD6yGzoCNUsIr9gk3atKdU9q+5HsdWwjrMLVQmg6X3ZuS Nj7B4NYAZERlWvg2/6HEJXXQIrcJOQWKda0UOPrROHgiOny92QaPuCe35e3aoCWqdP3NU0YCUI7 qXMKic88eZV/J3wxvwTGLIfm+MW6JPhS6VtG8VU/1q31HKTweX6RXMgwGHu4rhYHiNWsvW6H2cB uzL8Y+UpgNNq3c37XV3Axr6dXFLI+FWviKkzQh6XIBvjyF811cP/VPd9Mn8p3VhEnsAYPV0ffNo p X-Received: by 2002:a1c:2804:: with SMTP id o4mr297675wmo.150.1550097741747; Wed, 13 Feb 2019 14:42:21 -0800 (PST) X-Received: by 2002:a1c:2804:: with SMTP id o4mr297627wmo.150.1550097740465; Wed, 13 Feb 2019 14:42:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550097740; cv=none; d=google.com; s=arc-20160816; b=bADH0q2r4FqbPDsGWtrl5ltOXVr8qiL2nKp8jh7Pev2ii16WSE6nfPh2Y0Lao04sZ/ 2YlaBECgjdoKUgZw7EfL+RvQw0XD0TTVVpzoL4I+Vv6a/3BLAlG/TaQ58BlyE3smkVA8 Xh/vZaxj5rNoVE9MM3ZcSB9jF4sMdEfkWVEdROmyiW5GZyEMExrE1rxYUX4/YvHs/srd mIrLTetKMbIYROCXdzqjZopTCZP3OkwvBISChULoaGHQ5uwZzrDdsIuL2OfbSz9hYelw 1NoKavSzmonY5EWvntcYR5uxF7IaP7XgoWAgGtIHQo1VI63ueQiJ6pDNtgTTgHxoHV6m e0iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=y4zotDQYnZoXB9lfg1fC2W7czb+qE54ZRjKDYZQbGrM=; b=E7wTyKm4rfI53WprjEn5T8s8vM04Z2JoS+XfXPVayqzMhLs6Urrcn56o0dEgFI9AW8 33HvGTU9QRm69gNJ1HYYBxe+MR9reUhpP1n9eBLlTa0C7S0HXA4EDJB3tsDLuh+qnFPU NWGx1GNcN/aUYpZJD7nS5KJI6HWyAVZlWzRf17mm2nIXMTUYRNoV7cI+tVl+nqejMpqt PoG1w3dB0mAoyHBFzU8YF7xNW0nDF30UcOdveSLCdaTZox17bqUJNLROpdIeCHiLgCjL aez9JsHB2q2RYNLIPF3/OByvBI+czvnQTIUZ5xem8N7IJpHM6z3383QZfPDTxv2Qw5Ib L7Yg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ULj+THdU; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id c1sor369434wrx.39.2019.02.13.14.42.20 for (Google Transport Security); Wed, 13 Feb 2019 14:42:20 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ULj+THdU; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=y4zotDQYnZoXB9lfg1fC2W7czb+qE54ZRjKDYZQbGrM=; b=ULj+THdUZNWpGpW+KM463NwXvBXWj/ziG70TMcSMLTrDNndnvryzpWfDrOvQsAMlCy WTqTZgCLccOezugr9gkA0PatiHtL3QYcaVFHXdeDbHSfxmJnJ51XdhRFY2aUkbBgSTXx tipXJL3Dy6QXxBL3zVgPtPq1ANzRsbGAy0+TigONDh7YYLPUk1GGivftv1kHhyKzxr+p oyQSUS3fuoSUEsbw4S9g37thArexER13LrUX+3yjAYx3TqSBBIUg7eNLJ1ItQYMqyIY6 X6RFb4SUKd44Df0ltx5kfaGf/joUGmooAumJyOgvpEFh9LCb/dYw4CmmbPPAwy2VlDMo 0ODQ== X-Google-Smtp-Source: AHgI3IYegSvkdqTo7yAMNGYKpTH4etQCyxzK1x4a5zwRFav668/1dvUCN1p823cxzwulFtPYhon3xA== X-Received: by 2002:adf:9004:: with SMTP id h4mr302936wrh.49.1550097740125; Wed, 13 Feb 2019 14:42:20 -0800 (PST) Received: from localhost.localdomain ([91.75.74.250]) by smtp.gmail.com with ESMTPSA id f196sm780810wme.36.2019.02.13.14.42.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 14:42:19 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v5 07/12] __wr_after_init: Documentation: self-protection Date: Thu, 14 Feb 2019 00:41:36 +0200 Message-Id: X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Update the self-protection documentation, to mention also the use of the __wr_after_init attribute. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- Documentation/security/self-protection.rst | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rst index f584fb74b4ff..df2614bc25b9 100644 --- a/Documentation/security/self-protection.rst +++ b/Documentation/security/self-protection.rst @@ -84,12 +84,14 @@ For variables that are initialized once at ``__init`` time, these can be marked with the (new and under development) ``__ro_after_init`` attribute. -What remains are variables that are updated rarely (e.g. GDT). These -will need another infrastructure (similar to the temporary exceptions -made to kernel code mentioned above) that allow them to spend the rest -of their lifetime read-only. (For example, when being updated, only the -CPU thread performing the update would be given uninterruptible write -access to the memory.) +Others, which are statically allocated, but still need to be updated +rarely, can be marked with the ``__wr_after_init`` attribute. + +The update mechanism must avoid exposing the data to rogue alterations +during the update. For example, only the CPU thread performing the update +would be given uninterruptible write access to the memory. + +Currently there is no protection available for data allocated dynamically. Segregation of kernel memory from userspace memory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From patchwork Wed Feb 13 22:41:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10811015 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A262413A4 for ; Wed, 13 Feb 2019 22:42:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 924762E5BD for ; Wed, 13 Feb 2019 22:42:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 85F932E5BF; Wed, 13 Feb 2019 22:42:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EBB8D2E5C4 for ; Wed, 13 Feb 2019 22:42:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3A4768E0009; Wed, 13 Feb 2019 17:42:26 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 3534B8E0001; Wed, 13 Feb 2019 17:42:26 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 243A78E0009; Wed, 13 Feb 2019 17:42:26 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by kanga.kvack.org (Postfix) with ESMTP id BCFEF8E0001 for ; Wed, 13 Feb 2019 17:42:25 -0500 (EST) Received: by mail-wr1-f72.google.com with SMTP id e2so1420429wrv.16 for ; Wed, 13 Feb 2019 14:42:25 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=FDryqu5ur4j9ePg/wc9MnpTPYVkBg8AjJFLLJs3gfA8=; b=hoSKbBtfpbj9OHt5963nQzgnb0bv0uVt0FMtKRj+smqQjzX/jfxplOdpNbFITsJyz4 AFT6o8vU7Nk1U2tv9kfl6b/XzyN9O8IQj26bSNqsqDWcw3lBrNP+qmBfIZx2RA5+hgGx KSqiOQiwg+QV1PuTJo8LIGDcEdo+ojtLQ+iTmb2YfNS7dBMPwtl8yTAdevXvEnDDLmav Q15ITG9obGLFXcHkNGs3s0pzPR3K44yUu37U/w/ylSGM+GQtD7FkUhFQR/MvEl4yNr0T x/08bIBpvePWbcZ+F4qFixL3BrpROE4uIon1Qpje+x6RAHaHepUHXXiOOPiYChoKuHIC NKRw== X-Gm-Message-State: AHQUAuYbVhoL00Blsdb8sJO/B/cb6k/qpZLjBwJpBhC69+tXP0jf8dTr cInYbF8O9UyAW2cQTcP1uXXE9R9+YVxwcBWR+Im01wSShKY3ZedSY9mdtAnvGTp3v+YqMvvMDrW QgvC5oiK6tR/ZVjrzA3hhUnal9KFbqS3gUuj1G5NLFj7TWhYm8FwOit7v5jIrxwnyo7TIn+gur/ UaeHvhVHV/CWX5gsHoYLryMP0XAkm09yNSUH/rptjKS/MzFqBve6pFX7OXI2LRYK+EvTcs6D6Jb 0HQsL+CRbuCfJB6S8Lm5jxeAd7CiD9aQLb6GfYO127X/ddZSuEEOex2jL4xwtyOBKqbtPfSTISb BPHjCnrgK3rYHfU4xubXxSJujZEPLsBqME8igIRoDKNArAeu3/b0PraxsQ29xe1rFZuy/Mi02iI s X-Received: by 2002:adf:f410:: with SMTP id g16mr319589wro.246.1550097745286; Wed, 13 Feb 2019 14:42:25 -0800 (PST) X-Received: by 2002:adf:f410:: with SMTP id g16mr319531wro.246.1550097743982; Wed, 13 Feb 2019 14:42:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550097743; cv=none; d=google.com; s=arc-20160816; b=aWhETM7947fM7ipKcGBSlAgCgsvBV9Kp1qYqjCX9D9snLKM9KwmNaGYiKqtowNODYG dAUvQi5c04ztSX/qie+bfkaI1K+HK9Wr5ZsWkugPBLxBs84t14hQbHzkt/rn0t5NzoNb ldcUv8mhDUNQhhsTIsddxxA2ZPxYZKrNL7g5KA8/132lQBI6UnIVI3+zW7SWsv/wnvFh tQf5UBtjfPC0UZTu6fkqD/qhB3q85aJcDQnvODqIgKDlIYu0iim+rO8WIyvRLQmwv3eJ /UT3HFxrBkRySAe6UDDKxncXyMzm2D2vtxQMrZPYNvD1LaW9vk6BB4w6XmB4TDHwBVcq QJvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=FDryqu5ur4j9ePg/wc9MnpTPYVkBg8AjJFLLJs3gfA8=; b=qnxBd0ErdEM3BjZ9VmLpuq54PGx2it88wh0d5YyKfL162GIJ+F2Sn9d2MATuUFSvmg z9WEOX7hHxM9rEQDwyKF3LzJg0JEuO5GnPWS6Eq3swBJADnK0gNnTz2JqxamrEialnUy ZKjdUBWID1H/o1DRYAFcpDvFM527JFms9Kf3CWLprrHZrmmBuS8lDNw7SpI56aANWlIR YqepDchEntkSvt13mdMRAUA2zbOuKsq8T+1j1O708t3/c7RKMAW+Xa/bHFTlG20WaNLs lZm8hIjLJm620xpzH7IhLX7kNmSgylfyXSxIE2Ux0eFvMxnrZwkznSHZxT2uCvL0dUZa lJ1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=NjIzVPkQ; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id t8sor377761wmh.15.2019.02.13.14.42.23 for (Google Transport Security); Wed, 13 Feb 2019 14:42:23 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=NjIzVPkQ; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=FDryqu5ur4j9ePg/wc9MnpTPYVkBg8AjJFLLJs3gfA8=; b=NjIzVPkQI+bCcLNEI/Rt4U85tu0DGaKik0uQCOMXvSEkO/SvlHDTcAU8+IhLk21y1p 5m+FNp4iAWRrJ/k/DDDQZG8GEE1PO9QmTNuEZj9sZ3t8GOVxkaHS88LjJhq6BKQ7N9X3 FJu9x7w0j1lXKAVEa9NaOLOiDSwyj28NVgD1R/mi4Ij/muEfi9+4T/7X6PO8M08gwtT4 aaJwB93WJNH0Lk9jcLkQo1ju6chbGRcgdS0TIt45lL7EReQ2hPmGRvbjzBEH7IuKbkQK PTBJS9E+bupu40oKgPBcvq9VxB11GBhj6qIU7b2yqA1Ep6uVGLC5RY2njYXlBvxDI91M RhlQ== X-Google-Smtp-Source: AHgI3Ia10COWxjNMWWeGUZ4kyfPoLmhHvf/GKRNqfO/0o20+P2q+df+RyfuyEETkMZNIJGOmGU8VSw== X-Received: by 2002:a1c:e086:: with SMTP id x128mr325384wmg.10.1550097743522; Wed, 13 Feb 2019 14:42:23 -0800 (PST) Received: from localhost.localdomain ([91.75.74.250]) by smtp.gmail.com with ESMTPSA id f196sm780810wme.36.2019.02.13.14.42.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 14:42:22 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v5 08/12] __wr_after_init: lkdtm test Date: Thu, 14 Feb 2019 00:41:37 +0200 Message-Id: X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Verify that trying to modify a variable with the __wr_after_init attribute will cause a crash. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- drivers/misc/lkdtm/core.c | 3 +++ drivers/misc/lkdtm/lkdtm.h | 3 +++ drivers/misc/lkdtm/perms.c | 29 +++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/drivers/misc/lkdtm/core.c b/drivers/misc/lkdtm/core.c index 2837dc77478e..73c34b17c433 100644 --- a/drivers/misc/lkdtm/core.c +++ b/drivers/misc/lkdtm/core.c @@ -155,6 +155,9 @@ static const struct crashtype crashtypes[] = { CRASHTYPE(ACCESS_USERSPACE), CRASHTYPE(WRITE_RO), CRASHTYPE(WRITE_RO_AFTER_INIT), +#ifdef CONFIG_PRMEM + CRASHTYPE(WRITE_WR_AFTER_INIT), +#endif CRASHTYPE(WRITE_KERN), CRASHTYPE(REFCOUNT_INC_OVERFLOW), CRASHTYPE(REFCOUNT_ADD_OVERFLOW), diff --git a/drivers/misc/lkdtm/lkdtm.h b/drivers/misc/lkdtm/lkdtm.h index 3c6fd327e166..abba2f52ffa6 100644 --- a/drivers/misc/lkdtm/lkdtm.h +++ b/drivers/misc/lkdtm/lkdtm.h @@ -38,6 +38,9 @@ void lkdtm_READ_BUDDY_AFTER_FREE(void); void __init lkdtm_perms_init(void); void lkdtm_WRITE_RO(void); void lkdtm_WRITE_RO_AFTER_INIT(void); +#ifdef CONFIG_PRMEM +void lkdtm_WRITE_WR_AFTER_INIT(void); +#endif void lkdtm_WRITE_KERN(void); void lkdtm_EXEC_DATA(void); void lkdtm_EXEC_STACK(void); diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c index 53b85c9d16b8..f681730aa652 100644 --- a/drivers/misc/lkdtm/perms.c +++ b/drivers/misc/lkdtm/perms.c @@ -9,6 +9,7 @@ #include #include #include +#include #include /* Whether or not to fill the target memory area with do_nothing(). */ @@ -27,6 +28,10 @@ static const unsigned long rodata = 0xAA55AA55; /* This is marked __ro_after_init, so it should ultimately be .rodata. */ static unsigned long ro_after_init __ro_after_init = 0x55AA5500; +/* This is marked __wr_after_init, so it should be in .rodata. */ +static +unsigned long wr_after_init __wr_after_init = 0x55AA5500; + /* * This just returns to the caller. It is designed to be copied into * non-executable memory regions. @@ -104,6 +109,28 @@ void lkdtm_WRITE_RO_AFTER_INIT(void) *ptr ^= 0xabcd1234; } +#ifdef CONFIG_PRMEM + +void lkdtm_WRITE_WR_AFTER_INIT(void) +{ + unsigned long *ptr = &wr_after_init; + + /* + * Verify we were written to during init. Since an Oops + * is considered a "success", a failure is to just skip the + * real test. + */ + if ((*ptr & 0xAA) != 0xAA) { + pr_info("%p was NOT written during init!?\n", ptr); + return; + } + + pr_info("attempting bad wr_after_init write at %p\n", ptr); + *ptr ^= 0xabcd1234; +} + +#endif + void lkdtm_WRITE_KERN(void) { size_t size; @@ -200,4 +227,6 @@ void __init lkdtm_perms_init(void) /* Make sure we can write to __ro_after_init values during __init */ ro_after_init |= 0xAA; + /* Make sure we can write to __wr_after_init during __init */ + wr_after_init |= 0xAA; } From patchwork Wed Feb 13 22:41:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10811017 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6BA0413B4 for ; Wed, 13 Feb 2019 22:42:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5A1762E57C for ; Wed, 13 Feb 2019 22:42:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4DBC62E5BF; Wed, 13 Feb 2019 22:42:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B4B6C2E57C for ; Wed, 13 Feb 2019 22:42:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D40B58E000A; Wed, 13 Feb 2019 17:42:29 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id CF6AD8E0001; Wed, 13 Feb 2019 17:42:29 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BBCED8E000A; Wed, 13 Feb 2019 17:42:29 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by kanga.kvack.org (Postfix) with ESMTP id 6069C8E0001 for ; Wed, 13 Feb 2019 17:42:29 -0500 (EST) Received: by mail-wr1-f72.google.com with SMTP id v16so1412385wru.8 for ; Wed, 13 Feb 2019 14:42:29 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=vgb7J+uzu72a1nLgAIDJQpmIZYI0IWGcwJEvrx3eHk8=; b=r8LNN9A4g6Kgu1L0fJrxzWlE+WlwfcYmC6nefqfPg/52sThW+5jbKrktWMw9uhNW4j xt2GUwXKGFOuYEcf8DF7/B3fR1lXUTlwqbnRNfpqvsMxyLJ7/a6exrYxDYaLgWDjWjY+ VCV4K5vaT7Gj47kT4o8AbmetsGKfzjcvJ7xOIxvZh0akdHMOluMFQXymDipUiMNArvAV kT2NBEZ3tLPbccGOH2InWejTwRF/wcMPKXWvm1wNVEhhYc53jJCtk+lwiBF52uLrxnNX V9yPKNIYkRTKnwjLxS6lVf7KVZUvQ7pmiEpOGWPskiv/fN7r2sQKnJ7T5uvQSmLgZANQ s2Mg== X-Gm-Message-State: AHQUAuZc8Hi+EhznTVZJzIbnUwmUKinBCTx1WAsdLQ2SDkyU7UfQWyjW YJpWFGy4CbqpRzX7p0z2kd9Q0J9oEw1HuYtiMr3RHhDkx8Y3lHvmpPtZOvn+sZiNgRNDL5DI/LZ lylLhbJHzp0bePMot6K90MZgq98bvGTQ8pLtuMjD2Zz7yMCU8/csX4H8d5z3GLBUfJYubjOAjWi hsYo5KtkZFqhIXiGRWwoKdH+zmk6fq2p0NIWyWNGZ4zqzDssYVV2vAZzVWIH0BGepNbOsdu9L9E AAxMAXqFk/4luXt8kPw5kxTfHZl60g+MyvUEyCfqiq5tfY3ZtlCzEEi1QTQ5w1Zsdo7GBL+cY/3 hN1RxPAig8PHGpEECdiwm6PGLZBMS+wCWKgcqkad1WMBOTSAotcxzZu9kdMrBLlAdsgrIeCROfR s X-Received: by 2002:a1c:4006:: with SMTP id n6mr276892wma.137.1550097748898; Wed, 13 Feb 2019 14:42:28 -0800 (PST) X-Received: by 2002:a1c:4006:: with SMTP id n6mr276856wma.137.1550097747621; Wed, 13 Feb 2019 14:42:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550097747; cv=none; d=google.com; s=arc-20160816; b=wClrNA1L8Ha38L9C3/DM1mznmY5wtRE++26qQeRAvguMnjFo0B4YPAZM5ZvEBXE2Pt 7OOkdgoVw3iHtoqXWeoW0mfnwNttEZYDc1JnbkP0/CHKrKmA7zMNDqfMK2EaFxI54Jka i6Hd1JdhZR66+fgGov5ztcfVWyVHReIwSZLSMmVwV5TbeSpbdMmzppBUpvwHRVIQrDzT QS24/Uzl1c8O0u2PXYTJEcBDll5AOQ5s4ZgAxHxp9pTX4ibA7jphD56NR5DXOOCQe7dp B0A/ZOrhPtWbfcXo1U9AHJAEVuBdo3R3WiExo5vEe+g4LDd+dPZqRurxJnMf+wcCNTSQ IB7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=vgb7J+uzu72a1nLgAIDJQpmIZYI0IWGcwJEvrx3eHk8=; b=ByEoDKtZxYDOmuyVLP0NGTz3JlVuvyGV0tDOvRJVHNUKAeJ4MupikLaVpXdfFZND4F RBPxCZBs5X3UnH5YWyD67e3CH863d6Csuo1CoTuiqgVGiTZo4aYvDs0FwdPcCBLcTRJw Z5jDGGjDPvp8oCJ/SDM6ep4Bu8dDo3b+eB8Pu/Pjkho/gXjGAZfFqFfMSrJ0iIHB9wcr oYQf5DhIz9GQJP4kbNOGCjftyBni4x/O6G/TPN1R8pzkvDfG60EkBPZpUp6TqHQKTBlE 5eOQJXKhZhoTpSAgJmQqc9FQvc/0IrQYpYmi7zFQSm0R1D9rGcUYv7EVEFKJD8T2DHrq Ihfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="MIR5bn/f"; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id l23sor366566wmi.23.2019.02.13.14.42.27 for (Google Transport Security); Wed, 13 Feb 2019 14:42:27 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="MIR5bn/f"; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=vgb7J+uzu72a1nLgAIDJQpmIZYI0IWGcwJEvrx3eHk8=; b=MIR5bn/fwd0D9N8Om1k7o8c/GCTN6LB0C3GeABYZt+IdgyaeK88/xnCr2afThsQtba OdrxjaKohAGefxP47UJqddJuo1wL6QROIgYS0nqcNKVXavRx0k4ynvja67Sso2VpdoLb z9j+1xtt6Ba4iqVJyiEtsV6kVv2f6na8AIvyf5kQBP+bHJANL/fMnSMajCnjT+s2x5We S0NgnOqmddtMsILaxMaOff7AK5WqJx2F8sVI6dC5yeP3exfq/e0MKp75IrcRWN3PIgcX a55clojZ32DlpLA7ve3dKZwubnysbhMO49f7OxiSBhfj+QUGvfT6whA+F8zobwRBMXHz Re+w== X-Google-Smtp-Source: AHgI3IY/qpx9bIN8m/MToJYg7+VC1FFLoWbQiBQL48Q2ZmiFFaSGSIEBHj0CtX918v3oqTB9pREW7w== X-Received: by 2002:a1c:14:: with SMTP id 20mr259551wma.91.1550097747249; Wed, 13 Feb 2019 14:42:27 -0800 (PST) Received: from localhost.localdomain ([91.75.74.250]) by smtp.gmail.com with ESMTPSA id f196sm780810wme.36.2019.02.13.14.42.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 14:42:26 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v5 09/12] __wr_after_init: rodata_test: refactor tests Date: Thu, 14 Feb 2019 00:41:38 +0200 Message-Id: <826811306c45f5735b83b169017b40f563f21fba.1550097697.git.igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Refactor the test cases, in preparation for using them also for testing __wr_after_init memory, when available. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- mm/rodata_test.c | 48 ++++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/mm/rodata_test.c b/mm/rodata_test.c index d908c8769b48..e1349520b436 100644 --- a/mm/rodata_test.c +++ b/mm/rodata_test.c @@ -14,44 +14,52 @@ #include #include -static const int rodata_test_data = 0xC3; +#define INIT_TEST_VAL 0xC3 -void rodata_test(void) +static const int rodata_test_data = INIT_TEST_VAL; + +static bool test_data(char *data_type, const int *data, + unsigned long start, unsigned long end) { - unsigned long start, end; int zero = 0; /* test 1: read the value */ /* If this test fails, some previous testrun has clobbered the state */ - if (!rodata_test_data) { - pr_err("test 1 fails (start data)\n"); - return; + if (*data != INIT_TEST_VAL) { + pr_err("%s: test 1 fails (init data value)\n", data_type); + return false; } /* test 2: write to the variable; this should fault */ - if (!probe_kernel_write((void *)&rodata_test_data, - (void *)&zero, sizeof(zero))) { - pr_err("test data was not read only\n"); - return; + if (!probe_kernel_write((void *)data, (void *)&zero, sizeof(zero))) { + pr_err("%s: test data was not read only\n", data_type); + return false; } /* test 3: check the value hasn't changed */ - if (rodata_test_data == zero) { - pr_err("test data was changed\n"); - return; + if (*data != INIT_TEST_VAL) { + pr_err("%s: test data was changed\n", data_type); + return false; } /* test 4: check if the rodata section is PAGE_SIZE aligned */ - start = (unsigned long)__start_rodata; - end = (unsigned long)__end_rodata; if (start & (PAGE_SIZE - 1)) { - pr_err("start of .rodata is not page size aligned\n"); - return; + pr_err("%s: start of data is not page size aligned\n", + data_type); + return false; } if (end & (PAGE_SIZE - 1)) { - pr_err("end of .rodata is not page size aligned\n"); - return; + pr_err("%s: end of data is not page size aligned\n", + data_type); + return false; } + pr_info("%s tests were successful", data_type); + return true; +} - pr_info("all tests were successful\n"); +void rodata_test(void) +{ + test_data("rodata", &rodata_test_data, + (unsigned long)&__start_rodata, + (unsigned long)&__end_rodata); } From patchwork Wed Feb 13 22:41:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10811019 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CB9A913B4 for ; Wed, 13 Feb 2019 22:42:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BB4462E5BD for ; Wed, 13 Feb 2019 22:42:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AD0FD2E5BF; Wed, 13 Feb 2019 22:42:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6858E2E42F for ; Wed, 13 Feb 2019 22:42:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 330FC8E000B; Wed, 13 Feb 2019 17:42:33 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 2BCA08E0001; Wed, 13 Feb 2019 17:42:33 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 15B248E000B; Wed, 13 Feb 2019 17:42:33 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by kanga.kvack.org (Postfix) with ESMTP id B4D358E0001 for ; Wed, 13 Feb 2019 17:42:32 -0500 (EST) Received: by mail-wr1-f69.google.com with SMTP id a5so1457229wrq.3 for ; Wed, 13 Feb 2019 14:42:32 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=hKpBmvKhY62YcE+qk2JyFeoOHJdEVTVCpq3mJ7wKHeo=; b=TEsw0RV/yt56MmyinZrc1YdXA9lUlJiHPhRAeBdetnXO+tQydvDdL9eOUgYyb8mc+9 /K63Y6f0t6lqMRynwDmExGpslUbgcCpc49XHbgty2u+VqnOH90ed4OQM2bORSPtY2csl 4aLUJSrvdVArGqjcirrOrTgNWcgURRlVOhYaI7YMnscDqzRWQFGcovu95JCFdk9Hfnen IK62x3FDcd2QfWXv7b9piM7uDp7xt3hidK1vqNZdsSu0RhydYPBfBRcbc35Y+bfnkWwI +adOWcvCV3sbd5CHrk8z3IuGqDHcVwAbCDvHzSABGIryWoqhoSu/SHuXgNExZ3k691p5 0DjA== X-Gm-Message-State: AHQUAuZ95tRoKJR/1tvXvBqd9ycAbHPnjPDn+gA2+16NTCt9Jrtdba79 kxajjMmqePoS1vo2vIxVO6wz+qh5wir2ycTTDA2dzGYJqk8DkOcGgyu2c/nsJxW9CgjHpppWct2 SWMD7hcYva2dZtzRoTF50t4E73X4hvfmJoFivQkWt/wDCJZvuGiI5rYhAMIV4N38VfwEmmR9ZXo shzLllGTz82PcIOGUvx89InEe9G0eNHApBchJ8YECMj1RA3SbOMi2zKe9Ii4PfGE1pxl82SaBYY CwsFs5fjTT25C+msrTk8dMMApaMDGVB1exMtB+zbuxJzO0HJYFuZ7QDM4rpxuFWWGeBHboXRmz4 8s/hijTE6k7pNQkWsZ/37ydAKNRKQAfCXl0PnMpOBDy6/mW9bkH9MxpRrBzqQSFXJ8uuO80GKnX s X-Received: by 2002:a05:6000:8a:: with SMTP id m10mr275939wrx.79.1550097752247; Wed, 13 Feb 2019 14:42:32 -0800 (PST) X-Received: by 2002:a05:6000:8a:: with SMTP id m10mr275899wrx.79.1550097750960; Wed, 13 Feb 2019 14:42:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550097750; cv=none; d=google.com; s=arc-20160816; b=MXoPx6AA0DGx+bCiw3zA/U1oMPZbInGiAjFdOvYSZDxuvQgLoNuoiGcabwilRn1u0y 65jGnH+O5iyvVRi5gA3/m9nfiRIwnNp1WpgJ7n++4TC5JIDOR103TnQ9meFVgWx3vEgE w7WuS/SPp5/3unjYcBbQe5xfiwrbKdsJGAFEdCwhdjAc+35sby+F5e9KXh26iUTIe/AT xjmmvDKgVZUhCmlvPjkq+ZfxsQ8IPObg4D8/4GwHF2ua0eWMo83DQDI6wLNK/+KrUhFP 7w2W8972aUE2tSgJzzzUNKM6ffGfW0gT1nyJg1zwpTyqxwkSdsFHJouZTbUFJ6mU239O AuMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=hKpBmvKhY62YcE+qk2JyFeoOHJdEVTVCpq3mJ7wKHeo=; b=f42xJrwhGv1A70CD5Z8/KufVOMePqBQHo2gH7o8skyhBgtl0B5H9TydjuorwG4LdgB kTlbOB8m021/CC0xN2bBLe3hR2E4gJiyeDD1Xb53X54mrUR5MWbeifL+st523PyzPBQY Twla9AVZZxONWYx5AWD1nR2rBjc9XrlKHAEjA0dmNHayOYzLZ2LFIOP37P2u/b9Zi4Rp S64sVhmMGhjwb/35GYnIms2n63i+sfPYN2ZS/0HB46cVdG44PZnx893vIroKPf6JDJf4 G6kQnsf4ElpHHOmONHxijzNEyJ4Gz+5zFXwdEW3pu+AH/LJYRccTZAIMEVh+Gv9QX/R2 RC1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=qXZ2Vu+P; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id t12sor383128wrw.18.2019.02.13.14.42.30 for (Google Transport Security); Wed, 13 Feb 2019 14:42:30 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=qXZ2Vu+P; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=hKpBmvKhY62YcE+qk2JyFeoOHJdEVTVCpq3mJ7wKHeo=; b=qXZ2Vu+P6kthMEkjo4iNmgotT7rvJqsgrxxwiFIZl81jupiKBpLSUH2abdTiMlSLJs YahkFPUw4qFNOTutD7eS0RkUg8/4x71BFfYo03YVardx8EzGJKYPhLTp7k9S+a53JLMv M0pdfY2WiUJrH05PCxiQNB/qHgXxlZuJ3TU+QrEu0FcGIo457jatHpc7OPuJqaa9AZl6 RGP/Zel8+olUZCL6uwyRtRpnAnITyKhXcOeL8t64zoh8KvFaWjZqdhMCNOoDamFRVbxm WFsxWPvhhEzgW6QvSW1k6TbPE36aOAgqq9OpmuIO5LEScw602S7o8oXyO3Tc0d4i2nNa pjag== X-Google-Smtp-Source: AHgI3IawnVj1KBrwvlzP2l4yYPQzxhp3IgPK38fpbbnsPGtbn+e/GwYjxoGB2EAAlzWjGvPfKesd0w== X-Received: by 2002:a5d:538a:: with SMTP id d10mr283768wrv.121.1550097750621; Wed, 13 Feb 2019 14:42:30 -0800 (PST) Received: from localhost.localdomain ([91.75.74.250]) by smtp.gmail.com with ESMTPSA id f196sm780810wme.36.2019.02.13.14.42.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 14:42:30 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v5 10/12] __wr_after_init: rodata_test: test __wr_after_init Date: Thu, 14 Feb 2019 00:41:39 +0200 Message-Id: X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The write protection of the __wr_after_init data can be verified with the same methodology used for const data. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- mm/rodata_test.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/mm/rodata_test.c b/mm/rodata_test.c index e1349520b436..a669cf9f5a61 100644 --- a/mm/rodata_test.c +++ b/mm/rodata_test.c @@ -16,8 +16,23 @@ #define INIT_TEST_VAL 0xC3 +/* + * Note: __ro_after_init data is, for every practical effect, equivalent to + * const data, since they are even write protected at the same time; there + * is no need for separate testing. + * __wr_after_init data, otoh, is altered also after the write protection + * takes place and it cannot be exploitable for altering more permanent + * data. + */ + static const int rodata_test_data = INIT_TEST_VAL; +#ifdef CONFIG_PRMEM +static int wr_after_init_test_data __wr_after_init = INIT_TEST_VAL; +extern long __start_wr_after_init; +extern long __end_wr_after_init; +#endif + static bool test_data(char *data_type, const int *data, unsigned long start, unsigned long end) { @@ -59,7 +74,13 @@ static bool test_data(char *data_type, const int *data, void rodata_test(void) { - test_data("rodata", &rodata_test_data, - (unsigned long)&__start_rodata, - (unsigned long)&__end_rodata); + if (!test_data("rodata", &rodata_test_data, + (unsigned long)&__start_rodata, + (unsigned long)&__end_rodata)) + return; +#ifdef CONFIG_PRMEM + test_data("wr after init data", &wr_after_init_test_data, + (unsigned long)&__start_wr_after_init, + (unsigned long)&__end_wr_after_init); +#endif } From patchwork Wed Feb 13 22:41:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10811023 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2C11213B4 for ; Wed, 13 Feb 2019 22:42:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 19A2E2E42F for ; Wed, 13 Feb 2019 22:42:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0DC9B2E5BF; Wed, 13 Feb 2019 22:42:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 441632E42F for ; Wed, 13 Feb 2019 22:42:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D4A5F8E000C; Wed, 13 Feb 2019 17:42:36 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id C83318E0001; Wed, 13 Feb 2019 17:42:36 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AD0EF8E000C; Wed, 13 Feb 2019 17:42:36 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by kanga.kvack.org (Postfix) with ESMTP id 58C7D8E0001 for ; Wed, 13 Feb 2019 17:42:36 -0500 (EST) Received: by mail-wr1-f69.google.com with SMTP id v16so1412489wru.8 for ; Wed, 13 Feb 2019 14:42:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:reply-to:mime-version :content-transfer-encoding; bh=wCRDB9N5TtYa3rCa6suYTZMLeDPPoUYVjqLC9Yos7dc=; b=cdOjLiwO7XO5HxdXXeYdPsMOM36a+2bpVHyRjFz2mq59GWbXmvU0F+mNk505zcQZXO RiPC2AS0DFyykP5CsWWy0RlQumh7/8xGlF+dHVr7NSbJ72LxKmks6sn8A03fdmcvsa+f 7Q+t+ynqO2R3kAgF4mSunxTZj3UKH/faCpLNCWqOJRvXAqVe1fSswCU2hcL/GLuvAAX5 JLoghOaWOzCwxnNWwF5FD9WBUtSsK3AsOR3AeGbMhlxvvD7sL0cAoO9UfjirwObPOiI+ jGJhE9r625kEKMhnB3RnK2HScVyD9cC1d/NXzj81899phEy/7ctHo1Cl8WSieSK9xp9L 7D9Q== X-Gm-Message-State: AHQUAuaO7UcDglJ6Isx34/J5wV4QDI+e4M9vkL2CWtzvX5hOYH9rdexJ ibyU/zpbA98eOGm0eVhr4sOqhhBIOpNYR+w9XoDJenMVGSnlQltigazYHBuvIku93otagErpmvY YJiDNMGO/t3APbzZ/+0H5X8k7F+qFJs8Z+uRt8/51OjpVUj8iS6Is5lRag+DJYTFcB15OK1oZ6Y v+OAbBZowQpRgUmZNolbH8EKpYlGIRIZFp0kvZ/ZUhctzMhX0xVGBI0RUi46IjhA3R/5+uL7U/w Mw67jwjd6puw+1qKox9kxGthBgaxlpYoDXKezzRbJAj6CjUN2XI+qRqBaecMqYZ05GfzqIoJxq5 u1CM6A8I7Af+z9p2KHttGXHHNKkVt0UVPWVSjjAtw0IQFCeNwe242AAuL2hiQ9dTR6uaL7MbOcn x X-Received: by 2002:a5d:574e:: with SMTP id q14mr298614wrw.200.1550097755860; Wed, 13 Feb 2019 14:42:35 -0800 (PST) X-Received: by 2002:a5d:574e:: with SMTP id q14mr298579wrw.200.1550097754523; Wed, 13 Feb 2019 14:42:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550097754; cv=none; d=google.com; s=arc-20160816; b=LzK6ymFHPJTr7EnEodFjXx2YhaOXP5odfqdBebzvTHeoX8+qJLxDRD506I1xOAhvQE PhwYY2RTazTA49trwFg7ogTytBkVNTELjAo+i7C0KhSTiRXeo0Bq6qujKCiS5kGcSg/k Xdp8o0rSROp+3nwRYIXcOwWgOTUhLFu9H2VwpAH2BL/1EjHl4khlR/kS7KeUfMLZoidn aUPS7tpomnx9BZbFjHIk2zcE5IL5u5vAFddz3ymFZE6CHhZPvpK7DmVh5Wq0gNiYjQzo /lh9fYCZORQV0ssJslEFOHQlrgjkrrKEuUy9u3Zb5FMqCHSuYaN0VYpWvJHu02ptBo1+ I6Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=wCRDB9N5TtYa3rCa6suYTZMLeDPPoUYVjqLC9Yos7dc=; b=cstqDxU3KLx3qYKdD9ZEMSwEiK5kj/AD6gZgzyYE5wcKcXWckTw5amOoSewC3z4dVo qVHJOOosffpUhVGjPeMC10DKG6eoJ96avkfYuwvX+oaqMXbKVbBATkZDZgTL4jgOzmfj QlsfPZjDvuYNSZPipC+FHUyWJmcAIMMq7gKjGm2fKFikzjrYb9dsmDVxei0Z5qh2oAxF hAssfK82gtA367AuUHm2RNN5q4v/hFEToBd/I1jKH2S96pxFaSnGqSBBk3itj1Jgz7fm HdoarRT9+ZNSqSFdRjQmdc4CaiOdPy8bIPsJtrgdh+rqGK6JEl3hDpIaXlqK5ZVQxmPa i72g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=TIw6rtOy; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id y4sor397304wrh.6.2019.02.13.14.42.34 for (Google Transport Security); Wed, 13 Feb 2019 14:42:34 -0800 (PST) Received-SPF: pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=TIw6rtOy; spf=pass (google.com: domain of igor.stoppa@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=igor.stoppa@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=wCRDB9N5TtYa3rCa6suYTZMLeDPPoUYVjqLC9Yos7dc=; b=TIw6rtOyjaONtQsjhIlQpVLu2ZEQ+rEV+L3V2lcYZ0in1bYgfu7uBdU5k23yOKY1fu XU9Mxu+MU2HuBZVjPKxLOXmTqy6w5940ncoJTA0nr67mtrVOFBX5c7KM91Yn0FA0U+gb NkowSC0nyRckPRsIDwiUOslXXKxWKbadr043RBh+Cga1oyqFagDiS1WiT3agTR3Z3Plu fRTH0dNdS7wH4tCEuMF81FGEoyLIjYgzlBohqqUYqT/CNuZAGcMsdUKrgkAs2UI+h4WS +d4L7KdQHozJkRft3bsWZnCXq4PzN7QJ3ZozDtfNsKw6lEYxQuWxNq8TgDGfZhsGgqBp zF9A== X-Google-Smtp-Source: AHgI3Ial7QSwV8vc2DB+PujK1Kt2IXsKfk76ElX0Wf6gNMPti4q1AkMfAbFdrtoGcQolDZsKqU9/qg== X-Received: by 2002:adf:fa51:: with SMTP id y17mr292984wrr.233.1550097754132; Wed, 13 Feb 2019 14:42:34 -0800 (PST) Received: from localhost.localdomain ([91.75.74.250]) by smtp.gmail.com with ESMTPSA id f196sm780810wme.36.2019.02.13.14.42.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 14:42:33 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Cc: Igor Stoppa , Andy Lutomirski , Nadav Amit , Matthew Wilcox , Peter Zijlstra , Kees Cook , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v5 11/12] __wr_after_init: test write rare functionality Date: Thu, 14 Feb 2019 00:41:40 +0200 Message-Id: <16a099a9d40e00591b106676eb7f18cc304b1f85.1550097697.git.igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: References: Reply-To: Igor Stoppa MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Set of test cases meant to confirm that the write rare functionality works as expected. It can be optionally compiled as module. Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- mm/Kconfig.debug | 8 +++ mm/Makefile | 1 + mm/test_write_rare.c (new) | 142 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 151 insertions(+) diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug index 9a7b8b049d04..a62c31901fea 100644 --- a/mm/Kconfig.debug +++ b/mm/Kconfig.debug @@ -94,3 +94,11 @@ config DEBUG_RODATA_TEST depends on STRICT_KERNEL_RWX ---help--- This option enables a testcase for the setting rodata read-only. + +config DEBUG_PRMEM_TEST + tristate "Run self test for statically allocated protected memory" + depends on PRMEM + default n + help + Tries to verify that the protection for statically allocated memory + works correctly and that the memory is effectively protected. diff --git a/mm/Makefile b/mm/Makefile index ef3867c16ce0..8de1d468f4e7 100644 --- a/mm/Makefile +++ b/mm/Makefile @@ -59,6 +59,7 @@ obj-$(CONFIG_SPARSEMEM_VMEMMAP) += sparse-vmemmap.o obj-$(CONFIG_SLOB) += slob.o obj-$(CONFIG_MMU_NOTIFIER) += mmu_notifier.o obj-$(CONFIG_PRMEM) += prmem.o +obj-$(CONFIG_DEBUG_PRMEM_TEST) += test_write_rare.o obj-$(CONFIG_KSM) += ksm.o obj-$(CONFIG_PAGE_POISONING) += page_poison.o obj-$(CONFIG_SLAB) += slab.o diff --git a/mm/test_write_rare.c b/mm/test_write_rare.c new file mode 100644 index 000000000000..e9ebc8e12041 --- /dev/null +++ b/mm/test_write_rare.c @@ -0,0 +1,142 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * test_write_rare.c + * + * (C) Copyright 2018 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + */ + +#include +#include +#include +#include +#include +#include + +#ifdef pr_fmt +#undef pr_fmt +#endif + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +extern long __start_wr_after_init; +extern long __end_wr_after_init; + +static __wr_after_init int scalar = '0'; +static __wr_after_init u8 array[PAGE_SIZE * 3] __aligned(PAGE_SIZE); + +/* The section must occupy a non-zero number of whole pages */ +static bool test_alignment(void) +{ + unsigned long pstart = (unsigned long)&__start_wr_after_init; + unsigned long pend = (unsigned long)&__end_wr_after_init; + + if (WARN((pstart & ~PAGE_MASK) || (pend & ~PAGE_MASK) || + (pstart >= pend), "Boundaries test failed.")) + return false; + pr_info("Boundaries test passed."); + return true; +} + +static bool test_pattern(void) +{ + if (memchr_inv(array, '0', PAGE_SIZE / 2)) + return pr_info("Pattern part 1 failed."); + if (memchr_inv(array + PAGE_SIZE / 2, '1', PAGE_SIZE * 3 / 4) ) + return pr_info("Pattern part 2 failed."); + if (memchr_inv(array + PAGE_SIZE * 5 / 4, '0', PAGE_SIZE / 2)) + return pr_info("Pattern part 3 failed."); + if (memchr_inv(array + PAGE_SIZE * 7 / 4, '1', PAGE_SIZE * 3 / 4)) + return pr_info("Pattern part 4 failed."); + if (memchr_inv(array + PAGE_SIZE * 5 / 2, '0', PAGE_SIZE / 2)) + return pr_info("Pattern part 5 failed."); + return 0; +} + +static bool test_wr_memset(void) +{ + int new_val = '1'; + + wr_memset(&scalar, new_val, sizeof(scalar)); + if (WARN(memchr_inv(&scalar, new_val, sizeof(scalar)), + "Scalar write rare memset test failed.")) + return false; + + pr_info("Scalar write rare memset test passed."); + + wr_memset(array, '0', PAGE_SIZE * 3); + if (WARN(memchr_inv(array, '0', PAGE_SIZE * 3), + "Array page aligned write rare memset test failed.")) + return false; + + wr_memset(array + PAGE_SIZE / 2, '1', PAGE_SIZE * 2); + if (WARN(memchr_inv(array + PAGE_SIZE / 2, '1', PAGE_SIZE * 2), + "Array half page aligned write rare memset test failed.")) + return false; + + wr_memset(array + PAGE_SIZE * 5 / 4, '0', PAGE_SIZE / 2); + if (WARN(memchr_inv(array + PAGE_SIZE * 5 / 4, '0', PAGE_SIZE / 2), + "Array quarter page aligned write rare memset test failed.")) + return false; + + if (WARN(test_pattern(), "Array write rare memset test failed.")) + return false; + + pr_info("Array write rare memset test passed."); + return true; +} + +static u8 array_1[PAGE_SIZE * 2]; +static u8 array_2[PAGE_SIZE * 2]; + +static bool test_wr_memcpy(void) +{ + int new_val = 0x12345678; + + wr_assign(scalar, new_val); + if (WARN(memcmp(&scalar, &new_val, sizeof(scalar)), + "Scalar write rare memcpy test failed.")) + return false; + pr_info("Scalar write rare memcpy test passed."); + + wr_memset(array, '0', PAGE_SIZE * 3); + memset(array_1, '1', PAGE_SIZE * 2); + memset(array_2, '0', PAGE_SIZE * 2); + wr_memcpy(array + PAGE_SIZE / 2, array_1, PAGE_SIZE * 2); + wr_memcpy(array + PAGE_SIZE * 5 / 4, array_2, PAGE_SIZE / 2); + + if (WARN(test_pattern(), "Array write rare memcpy test failed.")) + return false; + + pr_info("Array write rare memcpy test passed."); + return true; +} + +static __wr_after_init int *dst; +static int reference = 0x54; + +static bool test_wr_rcu_assign_pointer(void) +{ + wr_rcu_assign_pointer(dst, &reference); + return dst == &reference; +} + +static int __init test_static_wr_init_module(void) +{ + pr_info("static write rare test"); + if (WARN(!(test_alignment() && + test_wr_memset() && + test_wr_memcpy() && + test_wr_rcu_assign_pointer()), + "static write rare test failed")) + return -EFAULT; + pr_info("static write rare test passed"); + return 0; +} + +module_init(test_static_wr_init_module); + +MODULE_LICENSE("GPL v2"); +MODULE_AUTHOR("Igor Stoppa "); +MODULE_DESCRIPTION("Test module for static write rare.");