diff for duplicates of <20160128000906.GA42530@davidb.org> diff --git a/a/1.txt b/N1/1.txt index 32f5b20..0bc335f 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,4 +1,4 @@ ->From 2efef8aa0f8f7f6277ffebe4ea6744fc93d54644 Mon Sep 17 00:00:00 2001 +From 2efef8aa0f8f7f6277ffebe4ea6744fc93d54644 Mon Sep 17 00:00:00 2001 From: David Brown <david.brown@linaro.org> Date: Wed, 27 Jan 2016 13:58:44 -0800 diff --git a/a/content_digest b/N1/content_digest index b06c785..527606e 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -3,7 +3,7 @@ "ref\020160127211105.GA41450@davidb.org\0" "ref\0CAGXu5j+DLRoVE88a9++jVfEkN90HDiAaDAMnT2TrKqtMZ_yOww@mail.gmail.com\0" "From\0David Brown <david.brown@linaro.org>\0" - "Subject\0[kernel-hardening] [PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional\0" + "Subject\0[PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional\0" "Date\0Wed, 27 Jan 2016 17:09:06 -0700\0" "To\0Kees Cook <keescook@chromium.org>\0" "Cc\0kernel-hardening@lists.openwall.com <kernel-hardening@lists.openwall.com>" @@ -28,14 +28,10 @@ Mark Rutland <mark.rutland@arm.com> Ard Biesheuvel <ard.biesheuvel@linaro.org> Laura Abbott <lauraa@codeaurora.org> - Suzuki K. Poulose <suzuki.poulose@arm.com> - Steve Capper <steve.capper@linaro.org> - Jeremy Linton <jeremy.linton@arm.com> - Mark Salter <msalter@redhat.com> - " linux-arm-kernel@lists.infradead.org\0" + " Suzuki K. Poulose <suzuki>\0" "\00:1\0" "b\0" - ">From 2efef8aa0f8f7f6277ffebe4ea6744fc93d54644 Mon Sep 17 00:00:00 2001\n" + "From 2efef8aa0f8f7f6277ffebe4ea6744fc93d54644 Mon Sep 17 00:00:00 2001\n" "From: David Brown <david.brown@linaro.org>\n" "Date: Wed, 27 Jan 2016 13:58:44 -0800\n" "\n" @@ -182,4 +178,4 @@ "-- \n" 2.7.0 -75cabe25d410b262511f1b669267b3327ca0bd00d23421e5f3ace7117460169b +b537add036148dc78314dbddb7cfb28de3dccf809ac4b6707300672a6ae67805
diff --git a/a/1.txt b/N2/1.txt index 32f5b20..8b13789 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -1,146 +1 @@ ->From 2efef8aa0f8f7f6277ffebe4ea6744fc93d54644 Mon Sep 17 00:00:00 2001 -From: David Brown <david.brown@linaro.org> -Date: Wed, 27 Jan 2016 13:58:44 -0800 -This removes the CONFIG_DEBUG_RODATA option and makes it always -enabled. - -Signed-off-by: David Brown <david.brown@linaro.org> ---- -v1: This is in the same spirit as the x86 patch, removing allowing -this option to be config selected. The associated patch series adds a -runtime option for the same thing. However, it does affect the way -some things are mapped, and could possibly result in either increased -memory usage, or a performance hit (due to TLB misses from 4K pages). - -I've tested this on a Hikey 96board (hi6220-hikey.dtb), both with and -without 'rodata=off' on the command line. - - arch/arm64/Kconfig | 3 +++ - arch/arm64/Kconfig.debug | 10 ---------- - arch/arm64/kernel/insn.c | 2 +- - arch/arm64/kernel/vmlinux.lds.S | 5 +---- - arch/arm64/mm/mmu.c | 12 ------------ - 5 files changed, 5 insertions(+), 27 deletions(-) - -diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig -index 8cc6228..ffa617a 100644 ---- a/arch/arm64/Kconfig -+++ b/arch/arm64/Kconfig -@@ -201,6 +201,9 @@ config KERNEL_MODE_NEON - config FIX_EARLYCON_MEM - def_bool y - -+config DEBUG_RODATA -+ def_bool y -+ - config PGTABLE_LEVELS - int - default 2 if ARM64_16K_PAGES && ARM64_VA_BITS_36 -diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug -index e13c4bf..db994ec 100644 ---- a/arch/arm64/Kconfig.debug -+++ b/arch/arm64/Kconfig.debug -@@ -48,16 +48,6 @@ config DEBUG_SET_MODULE_RONX - against certain classes of kernel exploits. - If in doubt, say "N". - --config DEBUG_RODATA -- bool "Make kernel text and rodata read-only" -- help -- If this is set, kernel text and rodata will be made read-only. This -- is to help catch accidental or malicious attempts to change the -- kernel's executable code. Additionally splits rodata from kernel -- text so it can be made explicitly non-executable. -- -- If in doubt, say Y -- - config DEBUG_ALIGN_RODATA - depends on DEBUG_RODATA && ARM64_4K_PAGES - bool "Align linker sections up to SECTION_SIZE" -diff --git a/arch/arm64/kernel/insn.c b/arch/arm64/kernel/insn.c -index 7371455..a04bdef 100644 ---- a/arch/arm64/kernel/insn.c -+++ b/arch/arm64/kernel/insn.c -@@ -95,7 +95,7 @@ static void __kprobes *patch_map(void *addr, int fixmap) - - if (module && IS_ENABLED(CONFIG_DEBUG_SET_MODULE_RONX)) - page = vmalloc_to_page(addr); -- else if (!module && IS_ENABLED(CONFIG_DEBUG_RODATA)) -+ else if (!module) - page = virt_to_page(addr); - else - return addr; -diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S -index e3928f5..f80903c 100644 ---- a/arch/arm64/kernel/vmlinux.lds.S -+++ b/arch/arm64/kernel/vmlinux.lds.S -@@ -65,12 +65,9 @@ PECOFF_FILE_ALIGNMENT = 0x200; - #if defined(CONFIG_DEBUG_ALIGN_RODATA) - #define ALIGN_DEBUG_RO . = ALIGN(1<<SECTION_SHIFT); - #define ALIGN_DEBUG_RO_MIN(min) ALIGN_DEBUG_RO --#elif defined(CONFIG_DEBUG_RODATA) -+#else - #define ALIGN_DEBUG_RO . = ALIGN(1<<PAGE_SHIFT); - #define ALIGN_DEBUG_RO_MIN(min) ALIGN_DEBUG_RO --#else --#define ALIGN_DEBUG_RO --#define ALIGN_DEBUG_RO_MIN(min) . = ALIGN(min); - #endif - - SECTIONS -diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c -index 58faeaa..3b411b7 100644 ---- a/arch/arm64/mm/mmu.c -+++ b/arch/arm64/mm/mmu.c -@@ -313,7 +313,6 @@ static void create_mapping_late(phys_addr_t phys, unsigned long virt, - phys, virt, size, prot, late_alloc); - } - --#ifdef CONFIG_DEBUG_RODATA - static void __init __map_memblock(phys_addr_t start, phys_addr_t end) - { - /* -@@ -347,13 +346,6 @@ static void __init __map_memblock(phys_addr_t start, phys_addr_t end) - } - - } --#else --static void __init __map_memblock(phys_addr_t start, phys_addr_t end) --{ -- create_mapping(start, __phys_to_virt(start), end - start, -- PAGE_KERNEL_EXEC); --} --#endif - - static void __init map_mem(void) - { -@@ -410,7 +402,6 @@ static void __init map_mem(void) - - static void __init fixup_executable(void) - { --#ifdef CONFIG_DEBUG_RODATA - /* now that we are actually fully mapped, make the start/end more fine grained */ - if (!IS_ALIGNED((unsigned long)_stext, SWAPPER_BLOCK_SIZE)) { - unsigned long aligned_start = round_down(__pa(_stext), -@@ -428,10 +419,8 @@ static void __init fixup_executable(void) - aligned_end - __pa(__init_end), - PAGE_KERNEL); - } --#endif - } - --#ifdef CONFIG_DEBUG_RODATA - void mark_rodata_ro(void) - { - create_mapping_late(__pa(_stext), (unsigned long)_stext, -@@ -439,7 +428,6 @@ void mark_rodata_ro(void) - PAGE_KERNEL_ROX); - - } --#endif - - void fixup_init(void) - { --- -2.7.0 diff --git a/a/content_digest b/N2/content_digest index b06c785..c09ab6f 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -3,7 +3,7 @@ "ref\020160127211105.GA41450@davidb.org\0" "ref\0CAGXu5j+DLRoVE88a9++jVfEkN90HDiAaDAMnT2TrKqtMZ_yOww@mail.gmail.com\0" "From\0David Brown <david.brown@linaro.org>\0" - "Subject\0[kernel-hardening] [PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional\0" + "Subject\0[PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional\0" "Date\0Wed, 27 Jan 2016 17:09:06 -0700\0" "To\0Kees Cook <keescook@chromium.org>\0" "Cc\0kernel-hardening@lists.openwall.com <kernel-hardening@lists.openwall.com>" @@ -35,151 +35,5 @@ " linux-arm-kernel@lists.infradead.org\0" "\00:1\0" "b\0" - ">From 2efef8aa0f8f7f6277ffebe4ea6744fc93d54644 Mon Sep 17 00:00:00 2001\n" - "From: David Brown <david.brown@linaro.org>\n" - "Date: Wed, 27 Jan 2016 13:58:44 -0800\n" - "\n" - "This removes the CONFIG_DEBUG_RODATA option and makes it always\n" - "enabled.\n" - "\n" - "Signed-off-by: David Brown <david.brown@linaro.org>\n" - "---\n" - "v1: This is in the same spirit as the x86 patch, removing allowing\n" - "this option to be config selected. The associated patch series adds a\n" - "runtime option for the same thing. However, it does affect the way\n" - "some things are mapped, and could possibly result in either increased\n" - "memory usage, or a performance hit (due to TLB misses from 4K pages).\n" - "\n" - "I've tested this on a Hikey 96board (hi6220-hikey.dtb), both with and\n" - "without 'rodata=off' on the command line.\n" - "\n" - " arch/arm64/Kconfig | 3 +++\n" - " arch/arm64/Kconfig.debug | 10 ----------\n" - " arch/arm64/kernel/insn.c | 2 +-\n" - " arch/arm64/kernel/vmlinux.lds.S | 5 +----\n" - " arch/arm64/mm/mmu.c | 12 ------------\n" - " 5 files changed, 5 insertions(+), 27 deletions(-)\n" - "\n" - "diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig\n" - "index 8cc6228..ffa617a 100644\n" - "--- a/arch/arm64/Kconfig\n" - "+++ b/arch/arm64/Kconfig\n" - "@@ -201,6 +201,9 @@ config KERNEL_MODE_NEON\n" - " config FIX_EARLYCON_MEM\n" - " \tdef_bool y\n" - " \n" - "+config DEBUG_RODATA\n" - "+\tdef_bool y\n" - "+\n" - " config PGTABLE_LEVELS\n" - " \tint\n" - " \tdefault 2 if ARM64_16K_PAGES && ARM64_VA_BITS_36\n" - "diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug\n" - "index e13c4bf..db994ec 100644\n" - "--- a/arch/arm64/Kconfig.debug\n" - "+++ b/arch/arm64/Kconfig.debug\n" - "@@ -48,16 +48,6 @@ config DEBUG_SET_MODULE_RONX\n" - " against certain classes of kernel exploits.\n" - " If in doubt, say \"N\".\n" - " \n" - "-config DEBUG_RODATA\n" - "-\tbool \"Make kernel text and rodata read-only\"\n" - "-\thelp\n" - "-\t If this is set, kernel text and rodata will be made read-only. This\n" - "-\t is to help catch accidental or malicious attempts to change the\n" - "-\t kernel's executable code. Additionally splits rodata from kernel\n" - "-\t text so it can be made explicitly non-executable.\n" - "-\n" - "- If in doubt, say Y\n" - "-\n" - " config DEBUG_ALIGN_RODATA\n" - " \tdepends on DEBUG_RODATA && ARM64_4K_PAGES\n" - " \tbool \"Align linker sections up to SECTION_SIZE\"\n" - "diff --git a/arch/arm64/kernel/insn.c b/arch/arm64/kernel/insn.c\n" - "index 7371455..a04bdef 100644\n" - "--- a/arch/arm64/kernel/insn.c\n" - "+++ b/arch/arm64/kernel/insn.c\n" - "@@ -95,7 +95,7 @@ static void __kprobes *patch_map(void *addr, int fixmap)\n" - " \n" - " \tif (module && IS_ENABLED(CONFIG_DEBUG_SET_MODULE_RONX))\n" - " \t\tpage = vmalloc_to_page(addr);\n" - "-\telse if (!module && IS_ENABLED(CONFIG_DEBUG_RODATA))\n" - "+\telse if (!module)\n" - " \t\tpage = virt_to_page(addr);\n" - " \telse\n" - " \t\treturn addr;\n" - "diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S\n" - "index e3928f5..f80903c 100644\n" - "--- a/arch/arm64/kernel/vmlinux.lds.S\n" - "+++ b/arch/arm64/kernel/vmlinux.lds.S\n" - "@@ -65,12 +65,9 @@ PECOFF_FILE_ALIGNMENT = 0x200;\n" - " #if defined(CONFIG_DEBUG_ALIGN_RODATA)\n" - " #define ALIGN_DEBUG_RO\t\t\t. = ALIGN(1<<SECTION_SHIFT);\n" - " #define ALIGN_DEBUG_RO_MIN(min)\t\tALIGN_DEBUG_RO\n" - "-#elif defined(CONFIG_DEBUG_RODATA)\n" - "+#else\n" - " #define ALIGN_DEBUG_RO\t\t\t. = ALIGN(1<<PAGE_SHIFT);\n" - " #define ALIGN_DEBUG_RO_MIN(min)\t\tALIGN_DEBUG_RO\n" - "-#else\n" - "-#define ALIGN_DEBUG_RO\n" - "-#define ALIGN_DEBUG_RO_MIN(min)\t\t. = ALIGN(min);\n" - " #endif\n" - " \n" - " SECTIONS\n" - "diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c\n" - "index 58faeaa..3b411b7 100644\n" - "--- a/arch/arm64/mm/mmu.c\n" - "+++ b/arch/arm64/mm/mmu.c\n" - "@@ -313,7 +313,6 @@ static void create_mapping_late(phys_addr_t phys, unsigned long virt,\n" - " \t\t\t\tphys, virt, size, prot, late_alloc);\n" - " }\n" - " \n" - "-#ifdef CONFIG_DEBUG_RODATA\n" - " static void __init __map_memblock(phys_addr_t start, phys_addr_t end)\n" - " {\n" - " \t/*\n" - "@@ -347,13 +346,6 @@ static void __init __map_memblock(phys_addr_t start, phys_addr_t end)\n" - " \t}\n" - " \n" - " }\n" - "-#else\n" - "-static void __init __map_memblock(phys_addr_t start, phys_addr_t end)\n" - "-{\n" - "-\tcreate_mapping(start, __phys_to_virt(start), end - start,\n" - "-\t\t\tPAGE_KERNEL_EXEC);\n" - "-}\n" - "-#endif\n" - " \n" - " static void __init map_mem(void)\n" - " {\n" - "@@ -410,7 +402,6 @@ static void __init map_mem(void)\n" - " \n" - " static void __init fixup_executable(void)\n" - " {\n" - "-#ifdef CONFIG_DEBUG_RODATA\n" - " \t/* now that we are actually fully mapped, make the start/end more fine grained */\n" - " \tif (!IS_ALIGNED((unsigned long)_stext, SWAPPER_BLOCK_SIZE)) {\n" - " \t\tunsigned long aligned_start = round_down(__pa(_stext),\n" - "@@ -428,10 +419,8 @@ static void __init fixup_executable(void)\n" - " \t\t\t\taligned_end - __pa(__init_end),\n" - " \t\t\t\tPAGE_KERNEL);\n" - " \t}\n" - "-#endif\n" - " }\n" - " \n" - "-#ifdef CONFIG_DEBUG_RODATA\n" - " void mark_rodata_ro(void)\n" - " {\n" - " \tcreate_mapping_late(__pa(_stext), (unsigned long)_stext,\n" - "@@ -439,7 +428,6 @@ void mark_rodata_ro(void)\n" - " \t\t\t\tPAGE_KERNEL_ROX);\n" - " \n" - " }\n" - "-#endif\n" - " \n" - " void fixup_init(void)\n" - " {\n" - "-- \n" - 2.7.0 -75cabe25d410b262511f1b669267b3327ca0bd00d23421e5f3ace7117460169b +4bd68389f9bfb0be5b0d12c7d5107e7698c49e6c8728919dc88b92a2f272d397
diff --git a/a/content_digest b/N3/content_digest index b06c785..cdc0b89 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -2,37 +2,10 @@ "ref\01453226922-16831-4-git-send-email-keescook@chromium.org\0" "ref\020160127211105.GA41450@davidb.org\0" "ref\0CAGXu5j+DLRoVE88a9++jVfEkN90HDiAaDAMnT2TrKqtMZ_yOww@mail.gmail.com\0" - "From\0David Brown <david.brown@linaro.org>\0" - "Subject\0[kernel-hardening] [PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional\0" + "From\0david.brown@linaro.org (David Brown)\0" + "Subject\0[PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional\0" "Date\0Wed, 27 Jan 2016 17:09:06 -0700\0" - "To\0Kees Cook <keescook@chromium.org>\0" - "Cc\0kernel-hardening@lists.openwall.com <kernel-hardening@lists.openwall.com>" - Ingo Molnar <mingo@redhat.com> - Andy Lutomirski <luto@amacapital.net> - H. Peter Anvin <hpa@zytor.com> - Michael Ellerman <mpe@ellerman.id.au> - Mathias Krause <minipli@googlemail.com> - Thomas Gleixner <tglx@linutronix.de> - x86@kernel.org <x86@kernel.org> - Arnd Bergmann <arnd@arndb.de> - PaX Team <pageexec@freemail.hu> - Emese Revfy <re.emese@gmail.com> - LKML <linux-kernel@vger.kernel.org> - linux-arch <linux-arch@vger.kernel.org> - Catalin Marinas <catalin.marinas@arm.com> - Will Deacon <will.deacon@arm.com> - Marc Zyngier <marc.zyngier@arm.com> - yalin wang <yalin.wang2010@gmail.com> - Zi Shen Lim <zlim.lnx@gmail.com> - Yang Shi <yang.shi@linaro.org> - Mark Rutland <mark.rutland@arm.com> - Ard Biesheuvel <ard.biesheuvel@linaro.org> - Laura Abbott <lauraa@codeaurora.org> - Suzuki K. Poulose <suzuki.poulose@arm.com> - Steve Capper <steve.capper@linaro.org> - Jeremy Linton <jeremy.linton@arm.com> - Mark Salter <msalter@redhat.com> - " linux-arm-kernel@lists.infradead.org\0" + "To\0linux-arm-kernel@lists.infradead.org\0" "\00:1\0" "b\0" ">From 2efef8aa0f8f7f6277ffebe4ea6744fc93d54644 Mon Sep 17 00:00:00 2001\n" @@ -182,4 +155,4 @@ "-- \n" 2.7.0 -75cabe25d410b262511f1b669267b3327ca0bd00d23421e5f3ace7117460169b +2a332dc4227056087d91a4449d3284b7247cdd6e9c8a49457a66cb3b4df88ef0
diff --git a/a/content_digest b/N4/content_digest index b06c785..ba64f2c 100644 --- a/a/content_digest +++ b/N4/content_digest @@ -3,7 +3,7 @@ "ref\020160127211105.GA41450@davidb.org\0" "ref\0CAGXu5j+DLRoVE88a9++jVfEkN90HDiAaDAMnT2TrKqtMZ_yOww@mail.gmail.com\0" "From\0David Brown <david.brown@linaro.org>\0" - "Subject\0[kernel-hardening] [PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional\0" + "Subject\0[PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional\0" "Date\0Wed, 27 Jan 2016 17:09:06 -0700\0" "To\0Kees Cook <keescook@chromium.org>\0" "Cc\0kernel-hardening@lists.openwall.com <kernel-hardening@lists.openwall.com>" @@ -182,4 +182,4 @@ "-- \n" 2.7.0 -75cabe25d410b262511f1b669267b3327ca0bd00d23421e5f3ace7117460169b +447625807aa77951b0ceced979e8e2150086f8b2ac079ee32a3df09a9e76ed8f
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.