diff for duplicates of <1470848794.22360.1.camel@gmail.com> diff --git a/a/content_digest b/N1/content_digest index 33f2660..ca694da 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -2,7 +2,7 @@ "ref\01464979224-2085-3-git-send-email-keescook@chromium.org\0" "ref\020160810094339.GK1041@n2100.armlinux.org.uk\0" "From\0Daniel Micay <danielmicay@gmail.com>\0" - "Subject\0Re: [kernel-hardening] Re: [PATCH 2/2] arm: apply more __ro_after_init\0" + "Subject\0Re: Re: [PATCH 2/2] arm: apply more __ro_after_init\0" "Date\0Wed, 10 Aug 2016 13:06:34 -0400\0" "To\0kernel-hardening@lists.openwall.com" " Kees Cook <keescook@chromium.org>\0" @@ -73,4 +73,4 @@ "=ES56\n" "-----END PGP SIGNATURE-----\n" -6ecd3ee8cb92ed2b74a16231df482c02469bf2dfb9154a3590063b579cab675b +9707cc35250a6bd1351632d9bae112929c7678900b65099777bd3a60c3b62085
diff --git a/a/1.txt b/N2/1.txt index 40a91db..6146c20 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -2,35 +2,42 @@ On Wed, 2016-08-10 at 10:43 +0100, Russell King - ARM Linux wrote: > On Fri, Jun 03, 2016 at 11:40:24AM -0700, Kees Cook wrote: > > > > @@ -1309,16 +1309,11 @@ void __init arm_mm_memblock_reserve(void) -> > * Any other function or debugging method which may touch any +> > ? * Any other function or debugging method which may touch any > > device _will_ -> > * crash the kernel. -> > */ +> > ? * crash the kernel. +> > ? */ > > +static char vectors[PAGE_SIZE * 2] __ro_after_init > > __aligned(PAGE_SIZE); -> > static void __init devicemaps_init(const struct machine_desc +> > ?static void __init devicemaps_init(const struct machine_desc > > *mdesc) -> > { -> > struct map_desc map; -> > unsigned long addr; +> > ?{ +> > ? struct map_desc map; +> > ? unsigned long addr; > > - void *vectors; > > - > > - /* -> > - * Allocate the vector page early. -> > - */ +> > - ?* Allocate the vector page early. +> > - ?*/ > > - vectors = early_alloc(PAGE_SIZE * 2); > -> This one is not appropriate. We _do_ write to these pages after init -> for FIQ handler updates. See set_fiq_handler(). +> This one is not appropriate.??We _do_ write to these pages after init +> for FIQ handler updates.??See set_fiq_handler(). This is one of the many cases where pax_open_kernel/pax_close_kernel are needed to temporarily toggle it read-only. From grsecurity: @@ -95,7 +95,10 @@ void set_fiq_handler(void *start, unsigned int length) - void *base = vectors_page; - unsigned offset = FIQ_OFFSET; - +? void *base = vectors_page; +? unsigned offset = FIQ_OFFSET; +? + pax_open_kernel(); - memcpy(base + offset, start, length); +? memcpy(base + offset, start, length); + pax_close_kernel(); +-------------- next part -------------- +A non-text attachment was scrubbed... +Name: signature.asc +Type: application/pgp-signature +Size: 851 bytes +Desc: This is a digitally signed message part +URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20160810/5bdd557b/attachment.sig> diff --git a/a/2.bin b/a/2.bin deleted file mode 100644 index 4348db2..0000000 --- a/a/2.bin +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQIzBAABCAAdBQJXq18aFhxkYW5pZWxtaWNheUBnbWFpbC5jb20ACgkQ+ecS5Zr1 -8irePg//TKe757WyOXALrOMRUCu23Hyabo8KH2hG1+89dhY5wcf8WU62MetiI2ES -yI8i464YC/IQJaPt3ue6DUgI59msSXjbgHFRxUWA/lZBL1AnQQ751g6dQW1Fe52c -KI1DoNcCKEhRFOSRRInhWHjmw0norIb89Uj2VpZzDUigil47mBgDF+cJupV/T+JA -qpgeqHPFRX8x9qB6xySHlrWCShpRobYWqJ3A1o0mPPNucha1S7/HvWbcoLSKxEkS -a+C+At+C8bb5ADgwj+fDEhx1cwLF5GQMyWMFG3X7iEe/FhwAXqtxeALMXpndFjH1 -t0iV4yyeiXG4hz+9rbVh6A176rYUC8nQIHKSZNMNo9W/A9zL3qy3l/IjvuPMF71F -xR44u/kXQ8W7ZFFaGV3FgIFNLP72Aedx26CeDwAfMTf0M79QsUOuRatQfi5WSHQZ -w2So8K+u9C4ZpDWdvMvz+0MxqSrzi6Wscrxnzcy0MnWxYvxDFctGSC71vZCmm5yj -SkZzCN0AXkzBc/u6WgRvUJzbOWLG/VWDAq/NtyCl5WJd2Brn27Wpsw9BGDWbyPUR -HeNXLNfHvk1iCs8ZjHhWmqK+D9hkCL8HhtR0ZTO3u6X+yxyXXC8ThEw/7xVFVjKp -yD0kYhouVM5I/TniKly285OD5WfNlSe1+GL76LiK/sL44uFzOZk= -=ES56 ------END PGP SIGNATURE----- diff --git a/a/2.hdr b/a/2.hdr deleted file mode 100644 index da6d245..0000000 --- a/a/2.hdr +++ /dev/null @@ -1,3 +0,0 @@ -Content-Type: application/pgp-signature; name="signature.asc" -Content-Description: This is a digitally signed message part -Content-Transfer-Encoding: 7bit diff --git a/a/content_digest b/N2/content_digest index 33f2660..8145ea7 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,76 +1,54 @@ "ref\01464979224-2085-1-git-send-email-keescook@chromium.org\0" "ref\01464979224-2085-3-git-send-email-keescook@chromium.org\0" "ref\020160810094339.GK1041@n2100.armlinux.org.uk\0" - "From\0Daniel Micay <danielmicay@gmail.com>\0" - "Subject\0Re: [kernel-hardening] Re: [PATCH 2/2] arm: apply more __ro_after_init\0" + "From\0danielmicay@gmail.com (Daniel Micay)\0" + "Subject\0[kernel-hardening] Re: [PATCH 2/2] arm: apply more __ro_after_init\0" "Date\0Wed, 10 Aug 2016 13:06:34 -0400\0" - "To\0kernel-hardening@lists.openwall.com" - " Kees Cook <keescook@chromium.org>\0" - "Cc\0linux-arch@vger.kernel.org" - Ard Biesheuvel <ard.biesheuvel@linaro.org> - x86@kernel.org - linux-kernel@vger.kernel.org - Andrew Morton <akpm@linux-foundation.org> - Mathias Krause <minipli@googlemail.com> - " linux-arm-kernel@lists.infradead.org\0" - "\01:1\0" + "To\0linux-arm-kernel@lists.infradead.org\0" + "\00:1\0" "b\0" "On Wed, 2016-08-10 at 10:43 +0100, Russell King - ARM Linux wrote:\n" "> On Fri, Jun 03, 2016 at 11:40:24AM -0700, Kees Cook wrote:\n" "> > \n" "> > @@ -1309,16 +1309,11 @@ void __init arm_mm_memblock_reserve(void)\n" - "> > \302\240 * Any other function or debugging method which may touch any\n" + "> > ? * Any other function or debugging method which may touch any\n" "> > device _will_\n" - "> > \302\240 * crash the kernel.\n" - "> > \302\240 */\n" + "> > ? * crash the kernel.\n" + "> > ? */\n" "> > +static char vectors[PAGE_SIZE * 2] __ro_after_init\n" "> > __aligned(PAGE_SIZE);\n" - "> > \302\240static void __init devicemaps_init(const struct machine_desc\n" + "> > ?static void __init devicemaps_init(const struct machine_desc\n" "> > *mdesc)\n" - "> > \302\240{\n" - "> > \302\240\tstruct map_desc map;\n" - "> > \302\240\tunsigned long addr;\n" + "> > ?{\n" + "> > ?\tstruct map_desc map;\n" + "> > ?\tunsigned long addr;\n" "> > -\tvoid *vectors;\n" "> > -\n" "> > -\t/*\n" - "> > -\t\302\240* Allocate the vector page early.\n" - "> > -\t\302\240*/\n" + "> > -\t?* Allocate the vector page early.\n" + "> > -\t?*/\n" "> > -\tvectors = early_alloc(PAGE_SIZE * 2);\n" "> \n" - "> This one is not appropriate.\302\240\302\240We _do_ write to these pages after init\n" - "> for FIQ handler updates.\302\240\302\240See set_fiq_handler().\n" + "> This one is not appropriate.??We _do_ write to these pages after init\n" + "> for FIQ handler updates.??See set_fiq_handler().\n" "\n" "This is one of the many cases where pax_open_kernel/pax_close_kernel are\n" "needed to temporarily toggle it read-only. From grsecurity:\n" "\n" "@@ -95,7 +95,10 @@ void set_fiq_handler(void *start, unsigned int\n" "length)\n" - "\302\240\tvoid *base = vectors_page;\n" - "\302\240\tunsigned offset = FIQ_OFFSET;\n" - "\302\240\n" + "?\tvoid *base = vectors_page;\n" + "?\tunsigned offset = FIQ_OFFSET;\n" + "?\n" "+\tpax_open_kernel();\n" - "\302\240\tmemcpy(base + offset, start, length);\n" - "+\tpax_close_kernel();" - "\01:2\0" - "fn\0signature.asc\0" - "d\0This is a digitally signed message part\0" - "b\0" - "-----BEGIN PGP SIGNATURE-----\n" - "Version: GnuPG v2\n" - "\n" - "iQIzBAABCAAdBQJXq18aFhxkYW5pZWxtaWNheUBnbWFpbC5jb20ACgkQ+ecS5Zr1\n" - "8irePg//TKe757WyOXALrOMRUCu23Hyabo8KH2hG1+89dhY5wcf8WU62MetiI2ES\n" - "yI8i464YC/IQJaPt3ue6DUgI59msSXjbgHFRxUWA/lZBL1AnQQ751g6dQW1Fe52c\n" - "KI1DoNcCKEhRFOSRRInhWHjmw0norIb89Uj2VpZzDUigil47mBgDF+cJupV/T+JA\n" - "qpgeqHPFRX8x9qB6xySHlrWCShpRobYWqJ3A1o0mPPNucha1S7/HvWbcoLSKxEkS\n" - "a+C+At+C8bb5ADgwj+fDEhx1cwLF5GQMyWMFG3X7iEe/FhwAXqtxeALMXpndFjH1\n" - "t0iV4yyeiXG4hz+9rbVh6A176rYUC8nQIHKSZNMNo9W/A9zL3qy3l/IjvuPMF71F\n" - "xR44u/kXQ8W7ZFFaGV3FgIFNLP72Aedx26CeDwAfMTf0M79QsUOuRatQfi5WSHQZ\n" - "w2So8K+u9C4ZpDWdvMvz+0MxqSrzi6Wscrxnzcy0MnWxYvxDFctGSC71vZCmm5yj\n" - "SkZzCN0AXkzBc/u6WgRvUJzbOWLG/VWDAq/NtyCl5WJd2Brn27Wpsw9BGDWbyPUR\n" - "HeNXLNfHvk1iCs8ZjHhWmqK+D9hkCL8HhtR0ZTO3u6X+yxyXXC8ThEw/7xVFVjKp\n" - "yD0kYhouVM5I/TniKly285OD5WfNlSe1+GL76LiK/sL44uFzOZk=\n" - "=ES56\n" - "-----END PGP SIGNATURE-----\n" + "?\tmemcpy(base + offset, start, length);\n" + "+\tpax_close_kernel();\n" + "-------------- next part --------------\n" + "A non-text attachment was scrubbed...\n" + "Name: signature.asc\n" + "Type: application/pgp-signature\n" + "Size: 851 bytes\n" + "Desc: This is a digitally signed message part\n" + URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20160810/5bdd557b/attachment.sig> -6ecd3ee8cb92ed2b74a16231df482c02469bf2dfb9154a3590063b579cab675b +ba8855f13f0dbe17008372d57aecf8b4247cb50d5dba6f64328fd5bcd65f4436
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.