From: Hoeun Ryu <hoeun.ryu@gmail.com>
To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org
Cc: Hoeun Ryu <hoeun.ryu@gmail.com>,
Kees Cook <keescook@chromium.org>, Jessica Yu <jeyu@redhat.com>,
Ingo Molnar <mingo@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Emese Revfy <re.emese@gmail.com>,
AKASHI Takahiro <takahiro.akashi@linaro.org>,
Fabian Frederick <fabf@skynet.be>, Helge Deller <deller@gmx.de>,
Laura Abbott <labbott@redhat.com>,
Nicholas Piggin <npiggin@gmail.com>,
Thomas Gleixner <tglx@linutronix.de>,
Petr Mladek <pmladek@suse.com>, Yang Shi <yang.shi@linaro.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Tejun Heo <tj@kernel.org>, Prarit Bhargava <prarit@redhat.com>,
Lokesh Vutla <lokeshvutla@ti.com>
Subject: [kernel-hardening] [RFC 2/7] init: add set_ro_mostly_after_init_rw/ro function
Date: Sun, 19 Feb 2017 19:04:05 +0900 [thread overview]
Message-ID: <1487498660-16600-2-git-send-email-hoeun.ryu@gmail.com> (raw)
In-Reply-To: <1487498660-16600-1-git-send-email-hoeun.ryu@gmail.com>
Add set_ro_mostly_after_init_rw/ro pair to modify memory attributes for
memory marked as `ro_mostly_after_init`.
I am doubtful that this is the right place where these functions reside and
these functions are suitable for all architectures for memory attributes
modification. Please comment.
Signed-off-by: Hoeun Ryu <hoeun.ryu@gmail.com>
---
include/linux/init.h | 6 ++++++
init/main.c | 24 ++++++++++++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/include/linux/init.h b/include/linux/init.h
index 79af096..d68e4f7 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
@@ -131,6 +131,12 @@ extern bool rodata_enabled;
#endif
#ifdef CONFIG_STRICT_KERNEL_RWX
void mark_rodata_ro(void);
+
+void set_ro_mostly_after_init_rw(void);
+void set_ro_mostly_after_init_ro(void);
+#else
+static inline void set_ro_mostly_after_init_rw(void) { }
+static inline void set_ro_mostly_after_init_ro(void) { }
#endif
extern void (*late_time_init)(void);
diff --git a/init/main.c b/init/main.c
index 4719abf..a5d4873 100644
--- a/init/main.c
+++ b/init/main.c
@@ -941,6 +941,30 @@ static void mark_readonly(void)
} else
pr_info("Kernel memory protection disabled.\n");
}
+
+void set_ro_mostly_after_init_rw(void)
+{
+ unsigned long start = PFN_ALIGN(__start_data_ro_mostly_after_init);
+ unsigned long end = PFN_ALIGN(&__end_data_ro_mostly_after_init);
+ unsigned long nr_pages = (end - start) >> PAGE_SHIFT;
+
+ if (!rodata_enabled)
+ return;
+
+ set_memory_rw(start, nr_pages);
+}
+
+void set_ro_mostly_after_init_ro(void)
+{
+ unsigned long start = PFN_ALIGN(__start_data_ro_mostly_after_init);
+ unsigned long end = PFN_ALIGN(&__end_data_ro_mostly_after_init);
+ unsigned long nr_pages = (end - start) >> PAGE_SHIFT;
+
+ if (!rodata_enabled)
+ return;
+
+ set_memory_ro(start, nr_pages);
+}
#else
static inline void mark_readonly(void)
{
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Hoeun Ryu <hoeun.ryu@gmail.com>
To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org
Cc: Hoeun Ryu <hoeun.ryu@gmail.com>,
Kees Cook <keescook@chromium.org>, Jessica Yu <jeyu@redhat.com>,
Ingo Molnar <mingo@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Emese Revfy <re.emese@gmail.com>,
AKASHI Takahiro <takahiro.akashi@linaro.org>,
Fabian Frederick <fabf@skynet.be>, Helge Deller <deller@gmx.de>,
Laura Abbott <labbott@redhat.com>,
Nicholas Piggin <npiggin@gmail.com>,
Thomas Gleixner <tglx@linutronix.de>,
Petr Mladek <pmladek@suse.com>, Yang Shi <yang.shi@linaro.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Tejun Heo <tj@kernel.org>, Prarit Bhargava <prarit@redhat.com>,
Lokesh Vutla <lokeshvutla@ti.com>
Subject: [RFC 2/7] init: add set_ro_mostly_after_init_rw/ro function
Date: Sun, 19 Feb 2017 19:04:05 +0900 [thread overview]
Message-ID: <1487498660-16600-2-git-send-email-hoeun.ryu@gmail.com> (raw)
In-Reply-To: <1487498660-16600-1-git-send-email-hoeun.ryu@gmail.com>
Add set_ro_mostly_after_init_rw/ro pair to modify memory attributes for
memory marked as `ro_mostly_after_init`.
I am doubtful that this is the right place where these functions reside and
these functions are suitable for all architectures for memory attributes
modification. Please comment.
Signed-off-by: Hoeun Ryu <hoeun.ryu@gmail.com>
---
include/linux/init.h | 6 ++++++
init/main.c | 24 ++++++++++++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/include/linux/init.h b/include/linux/init.h
index 79af096..d68e4f7 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
@@ -131,6 +131,12 @@ extern bool rodata_enabled;
#endif
#ifdef CONFIG_STRICT_KERNEL_RWX
void mark_rodata_ro(void);
+
+void set_ro_mostly_after_init_rw(void);
+void set_ro_mostly_after_init_ro(void);
+#else
+static inline void set_ro_mostly_after_init_rw(void) { }
+static inline void set_ro_mostly_after_init_ro(void) { }
#endif
extern void (*late_time_init)(void);
diff --git a/init/main.c b/init/main.c
index 4719abf..a5d4873 100644
--- a/init/main.c
+++ b/init/main.c
@@ -941,6 +941,30 @@ static void mark_readonly(void)
} else
pr_info("Kernel memory protection disabled.\n");
}
+
+void set_ro_mostly_after_init_rw(void)
+{
+ unsigned long start = PFN_ALIGN(__start_data_ro_mostly_after_init);
+ unsigned long end = PFN_ALIGN(&__end_data_ro_mostly_after_init);
+ unsigned long nr_pages = (end - start) >> PAGE_SHIFT;
+
+ if (!rodata_enabled)
+ return;
+
+ set_memory_rw(start, nr_pages);
+}
+
+void set_ro_mostly_after_init_ro(void)
+{
+ unsigned long start = PFN_ALIGN(__start_data_ro_mostly_after_init);
+ unsigned long end = PFN_ALIGN(&__end_data_ro_mostly_after_init);
+ unsigned long nr_pages = (end - start) >> PAGE_SHIFT;
+
+ if (!rodata_enabled)
+ return;
+
+ set_memory_ro(start, nr_pages);
+}
#else
static inline void mark_readonly(void)
{
--
2.7.4
next prev parent reply other threads:[~2017-02-19 10:04 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-19 10:04 [kernel-hardening] [RFC 1/7] arch: add __ro_mostly_after_init section marker Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu [this message]
2017-02-19 10:04 ` [RFC 2/7] init: add set_ro_mostly_after_init_rw/ro function Hoeun Ryu
2017-02-20 10:22 ` [kernel-hardening] " Mark Rutland
2017-02-21 6:33 ` Ho-Eun Ryu
2017-02-19 10:04 ` [kernel-hardening] [RFC 3/7] module: modify memory attrs for __ro_mostly_after_init during module_init/exit Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-20 10:30 ` [kernel-hardening] " Mark Rutland
2017-02-21 13:36 ` Ho-Eun Ryu
2017-02-21 13:58 ` Mark Rutland
2017-02-22 13:45 ` Hoeun Ryu
2017-02-19 10:04 ` [kernel-hardening] [RFC 4/7] selinux: mark __ro_mostly_after_init for selinux_hooks/selinux_nf_ops Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-21 10:35 ` Tetsuo Handa
2017-02-19 10:04 ` [kernel-hardening] [RFC 5/7] cpu: mark ro_mostly_after_init for cpuhp_ap/bp_states Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-20 8:20 ` [kernel-hardening] " Sebastian Andrzej Siewior
2017-02-20 8:20 ` Sebastian Andrzej Siewior
2017-02-21 5:47 ` [kernel-hardening] " Ho-Eun Ryu
2017-02-21 5:47 ` Ho-Eun Ryu
2017-02-19 10:04 ` [kernel-hardening] [RFC 6/7] arm64: add __map_kernel_segment to accept additional vm flags Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-19 11:21 ` [kernel-hardening] " Ard Biesheuvel
2017-02-19 11:21 ` Ard Biesheuvel
2017-02-19 11:21 ` Ard Biesheuvel
2017-02-19 10:04 ` [kernel-hardening] [RFC 7/7] arm64: map seperately rodata sections for __ro_mostly_after_init section Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-19 11:35 ` [kernel-hardening] " Ard Biesheuvel
2017-02-19 11:35 ` Ard Biesheuvel
2017-02-19 11:35 ` Ard Biesheuvel
2017-02-20 12:45 ` [kernel-hardening] " Mark Rutland
2017-02-20 12:45 ` Mark Rutland
2017-02-20 12:45 ` Mark Rutland
2017-02-21 20:38 ` [kernel-hardening] " Kees Cook
2017-02-21 20:38 ` Kees Cook
2017-02-21 20:38 ` Kees Cook
2017-02-19 11:24 ` [kernel-hardening] [RFC 1/7] arch: add __ro_mostly_after_init section marker Ard Biesheuvel
2017-02-19 11:24 ` Ard Biesheuvel
2017-02-21 6:29 ` [kernel-hardening] " Ho-Eun Ryu
2017-02-21 6:29 ` Ho-Eun Ryu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1487498660-16600-2-git-send-email-hoeun.ryu@gmail.com \
--to=hoeun.ryu@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=deller@gmx.de \
--cc=fabf@skynet.be \
--cc=jeyu@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=lokeshvutla@ti.com \
--cc=mingo@kernel.org \
--cc=npiggin@gmail.com \
--cc=pmladek@suse.com \
--cc=prarit@redhat.com \
--cc=re.emese@gmail.com \
--cc=takahiro.akashi@linaro.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=yang.shi@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.