From: Hoeun Ryu <hoeun.ryu@gmail.com>
To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org
Cc: Hoeun Ryu <hoeun.ryu@gmail.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Mark Rutland <mark.rutland@arm.com>,
Laura Abbott <labbott@redhat.com>,
Kefeng Wang <wangkefeng.wang@huawei.com>,
Jeremy Linton <jeremy.linton@arm.com>,
linux-arm-kernel@lists.infradead.org
Subject: [kernel-hardening] [RFC 7/7] arm64: map seperately rodata sections for __ro_mostly_after_init section
Date: Sun, 19 Feb 2017 19:04:10 +0900 [thread overview]
Message-ID: <1487498660-16600-7-git-send-email-hoeun.ryu@gmail.com> (raw)
In-Reply-To: <1487498660-16600-1-git-send-email-hoeun.ryu@gmail.com>
Map rodata sections seperately for the new __ro_mostly_after_init section.
Attribute of memory for __ro_mostly_after_init section can be changed later
so we need a dedicated vmalloced region for set_memory_rw/ro api.
Signed-off-by: Hoeun Ryu <hoeun.ryu@gmail.com>
---
arch/arm64/mm/mmu.c | 30 ++++++++++++++++++++++++++----
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 91271b1..4a89a2e 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -434,8 +434,22 @@ void mark_rodata_ro(void)
* mark .rodata as read only. Use __init_begin rather than __end_rodata
* to cover NOTES and EXCEPTION_TABLE.
*/
- section_size = (unsigned long)__init_begin - (unsigned long)__start_rodata;
- create_mapping_late(__pa_symbol(__start_rodata), (unsigned long)__start_rodata,
+ section_size = (unsigned long)__start_data_ro_mostly_after_init -
+ (unsigned long)__start_rodata;
+ create_mapping_late(__pa_symbol(__start_rodata),
+ (unsigned long)__start_rodata,
+ section_size, PAGE_KERNEL_RO);
+
+ section_size = (unsigned long)__end_data_ro_mostly_after_init -
+ (unsigned long)__start_data_ro_mostly_after_init;
+ create_mapping_late(__pa_symbol(__start_data_ro_mostly_after_init),
+ (unsigned long)__start_data_ro_mostly_after_init,
+ section_size, PAGE_KERNEL_RO);
+
+ section_size = (unsigned long)__init_begin -
+ (unsigned long)__end_data_ro_mostly_after_init;
+ create_mapping_late(__pa_symbol(__end_data_ro_mostly_after_init),
+ (unsigned long)__end_data_ro_mostly_after_init,
section_size, PAGE_KERNEL_RO);
/* flush the TLBs after updating live kernel mappings */
@@ -478,10 +492,18 @@ static void __init map_kernel_segment(pgd_t *pgd, void *va_start, void *va_end,
*/
static void __init map_kernel(pgd_t *pgd)
{
- static struct vm_struct vmlinux_text, vmlinux_rodata, vmlinux_init, vmlinux_data;
+ static struct vm_struct vmlinux_text, vmlinux_rodata1, vmlinux_rodata2, vmlinux_ro_mostly_after_init, vmlinux_init, vmlinux_data;
map_kernel_segment(pgd, _text, _etext, PAGE_KERNEL_EXEC, &vmlinux_text);
- map_kernel_segment(pgd, __start_rodata, __init_begin, PAGE_KERNEL, &vmlinux_rodata);
+ map_kernel_segment(pgd, __start_rodata, __start_data_ro_mostly_after_init, PAGE_KERNEL, &vmlinux_rodata1);
+ __map_kernel_segment(pgd,
+ __start_data_ro_mostly_after_init,
+ __end_data_ro_mostly_after_init,
+ PAGE_KERNEL,
+ &vmlinux_ro_mostly_after_init,
+ VM_MAP | VM_ALLOC);
+ map_kernel_segment(pgd, __end_data_ro_mostly_after_init, __init_begin, PAGE_KERNEL, &vmlinux_rodata2);
+
map_kernel_segment(pgd, __init_begin, __init_end, PAGE_KERNEL_EXEC,
&vmlinux_init);
map_kernel_segment(pgd, _data, _end, PAGE_KERNEL, &vmlinux_data);
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: hoeun.ryu@gmail.com (Hoeun Ryu)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC 7/7] arm64: map seperately rodata sections for __ro_mostly_after_init section
Date: Sun, 19 Feb 2017 19:04:10 +0900 [thread overview]
Message-ID: <1487498660-16600-7-git-send-email-hoeun.ryu@gmail.com> (raw)
In-Reply-To: <1487498660-16600-1-git-send-email-hoeun.ryu@gmail.com>
Map rodata sections seperately for the new __ro_mostly_after_init section.
Attribute of memory for __ro_mostly_after_init section can be changed later
so we need a dedicated vmalloced region for set_memory_rw/ro api.
Signed-off-by: Hoeun Ryu <hoeun.ryu@gmail.com>
---
arch/arm64/mm/mmu.c | 30 ++++++++++++++++++++++++++----
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 91271b1..4a89a2e 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -434,8 +434,22 @@ void mark_rodata_ro(void)
* mark .rodata as read only. Use __init_begin rather than __end_rodata
* to cover NOTES and EXCEPTION_TABLE.
*/
- section_size = (unsigned long)__init_begin - (unsigned long)__start_rodata;
- create_mapping_late(__pa_symbol(__start_rodata), (unsigned long)__start_rodata,
+ section_size = (unsigned long)__start_data_ro_mostly_after_init -
+ (unsigned long)__start_rodata;
+ create_mapping_late(__pa_symbol(__start_rodata),
+ (unsigned long)__start_rodata,
+ section_size, PAGE_KERNEL_RO);
+
+ section_size = (unsigned long)__end_data_ro_mostly_after_init -
+ (unsigned long)__start_data_ro_mostly_after_init;
+ create_mapping_late(__pa_symbol(__start_data_ro_mostly_after_init),
+ (unsigned long)__start_data_ro_mostly_after_init,
+ section_size, PAGE_KERNEL_RO);
+
+ section_size = (unsigned long)__init_begin -
+ (unsigned long)__end_data_ro_mostly_after_init;
+ create_mapping_late(__pa_symbol(__end_data_ro_mostly_after_init),
+ (unsigned long)__end_data_ro_mostly_after_init,
section_size, PAGE_KERNEL_RO);
/* flush the TLBs after updating live kernel mappings */
@@ -478,10 +492,18 @@ static void __init map_kernel_segment(pgd_t *pgd, void *va_start, void *va_end,
*/
static void __init map_kernel(pgd_t *pgd)
{
- static struct vm_struct vmlinux_text, vmlinux_rodata, vmlinux_init, vmlinux_data;
+ static struct vm_struct vmlinux_text, vmlinux_rodata1, vmlinux_rodata2, vmlinux_ro_mostly_after_init, vmlinux_init, vmlinux_data;
map_kernel_segment(pgd, _text, _etext, PAGE_KERNEL_EXEC, &vmlinux_text);
- map_kernel_segment(pgd, __start_rodata, __init_begin, PAGE_KERNEL, &vmlinux_rodata);
+ map_kernel_segment(pgd, __start_rodata, __start_data_ro_mostly_after_init, PAGE_KERNEL, &vmlinux_rodata1);
+ __map_kernel_segment(pgd,
+ __start_data_ro_mostly_after_init,
+ __end_data_ro_mostly_after_init,
+ PAGE_KERNEL,
+ &vmlinux_ro_mostly_after_init,
+ VM_MAP | VM_ALLOC);
+ map_kernel_segment(pgd, __end_data_ro_mostly_after_init, __init_begin, PAGE_KERNEL, &vmlinux_rodata2);
+
map_kernel_segment(pgd, __init_begin, __init_end, PAGE_KERNEL_EXEC,
&vmlinux_init);
map_kernel_segment(pgd, _data, _end, PAGE_KERNEL, &vmlinux_data);
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Hoeun Ryu <hoeun.ryu@gmail.com>
To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org
Cc: Hoeun Ryu <hoeun.ryu@gmail.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Mark Rutland <mark.rutland@arm.com>,
Laura Abbott <labbott@redhat.com>,
Kefeng Wang <wangkefeng.wang@huawei.com>,
Jeremy Linton <jeremy.linton@arm.com>,
linux-arm-kernel@lists.infradead.org
Subject: [RFC 7/7] arm64: map seperately rodata sections for __ro_mostly_after_init section
Date: Sun, 19 Feb 2017 19:04:10 +0900 [thread overview]
Message-ID: <1487498660-16600-7-git-send-email-hoeun.ryu@gmail.com> (raw)
In-Reply-To: <1487498660-16600-1-git-send-email-hoeun.ryu@gmail.com>
Map rodata sections seperately for the new __ro_mostly_after_init section.
Attribute of memory for __ro_mostly_after_init section can be changed later
so we need a dedicated vmalloced region for set_memory_rw/ro api.
Signed-off-by: Hoeun Ryu <hoeun.ryu@gmail.com>
---
arch/arm64/mm/mmu.c | 30 ++++++++++++++++++++++++++----
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 91271b1..4a89a2e 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -434,8 +434,22 @@ void mark_rodata_ro(void)
* mark .rodata as read only. Use __init_begin rather than __end_rodata
* to cover NOTES and EXCEPTION_TABLE.
*/
- section_size = (unsigned long)__init_begin - (unsigned long)__start_rodata;
- create_mapping_late(__pa_symbol(__start_rodata), (unsigned long)__start_rodata,
+ section_size = (unsigned long)__start_data_ro_mostly_after_init -
+ (unsigned long)__start_rodata;
+ create_mapping_late(__pa_symbol(__start_rodata),
+ (unsigned long)__start_rodata,
+ section_size, PAGE_KERNEL_RO);
+
+ section_size = (unsigned long)__end_data_ro_mostly_after_init -
+ (unsigned long)__start_data_ro_mostly_after_init;
+ create_mapping_late(__pa_symbol(__start_data_ro_mostly_after_init),
+ (unsigned long)__start_data_ro_mostly_after_init,
+ section_size, PAGE_KERNEL_RO);
+
+ section_size = (unsigned long)__init_begin -
+ (unsigned long)__end_data_ro_mostly_after_init;
+ create_mapping_late(__pa_symbol(__end_data_ro_mostly_after_init),
+ (unsigned long)__end_data_ro_mostly_after_init,
section_size, PAGE_KERNEL_RO);
/* flush the TLBs after updating live kernel mappings */
@@ -478,10 +492,18 @@ static void __init map_kernel_segment(pgd_t *pgd, void *va_start, void *va_end,
*/
static void __init map_kernel(pgd_t *pgd)
{
- static struct vm_struct vmlinux_text, vmlinux_rodata, vmlinux_init, vmlinux_data;
+ static struct vm_struct vmlinux_text, vmlinux_rodata1, vmlinux_rodata2, vmlinux_ro_mostly_after_init, vmlinux_init, vmlinux_data;
map_kernel_segment(pgd, _text, _etext, PAGE_KERNEL_EXEC, &vmlinux_text);
- map_kernel_segment(pgd, __start_rodata, __init_begin, PAGE_KERNEL, &vmlinux_rodata);
+ map_kernel_segment(pgd, __start_rodata, __start_data_ro_mostly_after_init, PAGE_KERNEL, &vmlinux_rodata1);
+ __map_kernel_segment(pgd,
+ __start_data_ro_mostly_after_init,
+ __end_data_ro_mostly_after_init,
+ PAGE_KERNEL,
+ &vmlinux_ro_mostly_after_init,
+ VM_MAP | VM_ALLOC);
+ map_kernel_segment(pgd, __end_data_ro_mostly_after_init, __init_begin, PAGE_KERNEL, &vmlinux_rodata2);
+
map_kernel_segment(pgd, __init_begin, __init_end, PAGE_KERNEL_EXEC,
&vmlinux_init);
map_kernel_segment(pgd, _data, _end, PAGE_KERNEL, &vmlinux_data);
--
2.7.4
next prev parent reply other threads:[~2017-02-19 10:04 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-19 10:04 [kernel-hardening] [RFC 1/7] arch: add __ro_mostly_after_init section marker Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-19 10:04 ` [kernel-hardening] [RFC 2/7] init: add set_ro_mostly_after_init_rw/ro function Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-20 10:22 ` [kernel-hardening] " Mark Rutland
2017-02-21 6:33 ` Ho-Eun Ryu
2017-02-19 10:04 ` [kernel-hardening] [RFC 3/7] module: modify memory attrs for __ro_mostly_after_init during module_init/exit Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-20 10:30 ` [kernel-hardening] " Mark Rutland
2017-02-21 13:36 ` Ho-Eun Ryu
2017-02-21 13:58 ` Mark Rutland
2017-02-22 13:45 ` Hoeun Ryu
2017-02-19 10:04 ` [kernel-hardening] [RFC 4/7] selinux: mark __ro_mostly_after_init for selinux_hooks/selinux_nf_ops Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-21 10:35 ` Tetsuo Handa
2017-02-19 10:04 ` [kernel-hardening] [RFC 5/7] cpu: mark ro_mostly_after_init for cpuhp_ap/bp_states Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-20 8:20 ` [kernel-hardening] " Sebastian Andrzej Siewior
2017-02-20 8:20 ` Sebastian Andrzej Siewior
2017-02-21 5:47 ` [kernel-hardening] " Ho-Eun Ryu
2017-02-21 5:47 ` Ho-Eun Ryu
2017-02-19 10:04 ` [kernel-hardening] [RFC 6/7] arm64: add __map_kernel_segment to accept additional vm flags Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-19 11:21 ` [kernel-hardening] " Ard Biesheuvel
2017-02-19 11:21 ` Ard Biesheuvel
2017-02-19 11:21 ` Ard Biesheuvel
2017-02-19 10:04 ` Hoeun Ryu [this message]
2017-02-19 10:04 ` [RFC 7/7] arm64: map seperately rodata sections for __ro_mostly_after_init section Hoeun Ryu
2017-02-19 10:04 ` Hoeun Ryu
2017-02-19 11:35 ` [kernel-hardening] " Ard Biesheuvel
2017-02-19 11:35 ` Ard Biesheuvel
2017-02-19 11:35 ` Ard Biesheuvel
2017-02-20 12:45 ` [kernel-hardening] " Mark Rutland
2017-02-20 12:45 ` Mark Rutland
2017-02-20 12:45 ` Mark Rutland
2017-02-21 20:38 ` [kernel-hardening] " Kees Cook
2017-02-21 20:38 ` Kees Cook
2017-02-21 20:38 ` Kees Cook
2017-02-19 11:24 ` [kernel-hardening] [RFC 1/7] arch: add __ro_mostly_after_init section marker Ard Biesheuvel
2017-02-19 11:24 ` Ard Biesheuvel
2017-02-21 6:29 ` [kernel-hardening] " Ho-Eun Ryu
2017-02-21 6:29 ` Ho-Eun Ryu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1487498660-16600-7-git-send-email-hoeun.ryu@gmail.com \
--to=hoeun.ryu@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=jeremy.linton@arm.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=wangkefeng.wang@huawei.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.