Re: rwx mapping between ex_table and rodata

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ingo Molnar <mingo@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
	"x86@kernel.org" <x86@kernel.org>,
	lkml <linux-kernel@vger.kernel.org>
Subject: Re: rwx mapping between ex_table and rodata
Date: Fri, 25 Sep 2015 09:25:33 +0200	[thread overview]
Message-ID: <20150925072533.GA17731@gmail.com> (raw)
In-Reply-To: <CAGXu5j+tTR=x9RTOFvqQP7+W7DFR6N+GUP__uvAicrfTBU1B7w@mail.gmail.com>


* Kees Cook <keescook@chromium.org> wrote:

> On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > Hi,
> >
> > With the attached config and 4.3-rc2 on x86_64, I see the following in /sys/kernel/debug/kernel_page_tables:
> > ...
> > ---[ High Kernel Mapping ]---
> > 0xffffffff80000000-0xffffffff81000000          16M                               pmd
> > 0xffffffff81000000-0xffffffff81600000           6M     ro         PSE     GLB x  pmd
> > 0xffffffff81600000-0xffffffff81775000        1492K     ro                 GLB x  pte
> > 0xffffffff81775000-0xffffffff81800000         556K     RW                 GLB x  pte
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Btw., I think we should run this lookup automatically in late bootup, if 
CONFIG_X86_PTDUMP=y, and print a WARN()ing if there's any RWX permissions in the 
mappings.

That makes sure automated testing picks new bugs up.

Thanks,

	Ingo

next prev parent reply	other threads:[~2015-09-25  7:25 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-09-24 20:23 rwx mapping between ex_table and rodata Stephen Smalley
2015-09-24 20:26 ` Fwd: " Stephen Smalley
2015-09-24 22:25   ` Kees Cook
2015-09-25  7:22     ` Ingo Molnar
2015-09-26 16:49       ` Kees Cook
2015-09-28 21:16       ` H. Peter Anvin
2015-09-28 22:05         ` Kees Cook
2015-09-28 22:20           ` H. Peter Anvin
2015-09-25  7:25     ` Ingo Molnar [this message]
2015-09-28 14:11     ` Stephen Smalley
2015-09-28 18:27       ` Kees Cook
2015-10-01  7:09         ` Ingo Molnar
2015-10-01  9:03         ` Thomas Gleixner
2015-10-01  9:12           ` Ingo Molnar
2015-10-01 17:45             ` Kees Cook
2015-10-02  7:19               ` Ingo Molnar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150925072533.GA17731@gmail.com \
    --to=mingo@kernel.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sds@tycho.nsa.gov \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.