From: lbassel@codeaurora.org (Larry Bassel)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH 1/5] arm: mm: add CONFIG_STRICT_MEMORY_RWX
Date: Wed, 9 Oct 2013 09:47:26 -0700 [thread overview]
Message-ID: <20131009164726.GA379@labbmf01-linux.qualcomm.com> (raw)
In-Reply-To: <1381282292-25251-2-git-send-email-lauraa@codeaurora.org>
On 08 Oct 13 18:31, Laura Abbott wrote:
> From: Larry Bassel <lbassel@codeaurora.org>
>
> If this is set, kernel text will be made RX, kernel data and stack
> RW, rodata R so that writing to kernel text, executing kernel data
> or stack, or writing to read-only data or kernel text will not
> succeed.
>
> Signed-off-by: Larry Bassel <lbassel@codeaurora.org>
> Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
> ---
> arch/arm/mm/Kconfig | 12 ++++++++++++
> 1 files changed, 12 insertions(+), 0 deletions(-)
>
> diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
> index cd2c88e..c223d5c 100644
> --- a/arch/arm/mm/Kconfig
> +++ b/arch/arm/mm/Kconfig
> @@ -952,3 +952,15 @@ config ARCH_HAS_BARRIERS
> help
> This option allows the use of custom mandatory barriers
> included via the mach/barriers.h file.
> +
> +config STRICT_MEMORY_RWX
> + bool "restrict kernel memory permissions as much as possible"
> + default n
> + help
> + If this is set, kernel text will be made RX, kernel data and stack
> + RW, rodata R (otherwise all of the kernel 1-to-1 mapping is
> + made RWX).
> + The tradeoff is that several sections are padded to
> + 1M boundaries (because their permissions are different and
As this presumably (if it is accepted) will also need to run on
LPAE systems, we should say section not 1M here and below.
> + splitting the 1M pages into 4K ones causes TLB performance
> + problems), wasting memory.
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> hosted by The Linux Foundation
>
Larry
--
The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by The Linux Foundation
next prev parent reply other threads:[~2013-10-09 16:47 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-09 1:31 [RFC] Stricter kernel memory permissions Laura Abbott
2013-10-09 1:31 ` [RFC PATCH 1/5] arm: mm: add CONFIG_STRICT_MEMORY_RWX Laura Abbott
2013-10-09 16:47 ` Larry Bassel [this message]
2013-10-09 20:04 ` Kees Cook
2013-10-10 0:18 ` Laura Abbott
2013-10-09 1:31 ` [RFC PATCH 2/5] arm: mm: add new memory mapping types Laura Abbott
2013-10-09 1:31 ` [RFC PATCH 3/5] arm: align init, text, rodata to PMD_SIZE if CONFIG_STRICT_MEMORY_RWX is set Laura Abbott
2013-10-09 1:31 ` [RFC PATCH 4/5] arm: mm: restrict kernel memory permissions if CONFIG_STRICT_MEMORY_RWX set Laura Abbott
2013-10-09 1:31 ` [RFC PATCH 5/5] arm: Don't free init text if CONFIG_STRICT_MEMORY_RWX is enabled Laura Abbott
2013-10-17 21:15 ` [RFC] Stricter kernel memory permissions Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131009164726.GA379@labbmf01-linux.qualcomm.com \
--to=lbassel@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.