From: Mark Rutland <mark.rutland@arm.com>
To: Jinbum Park <jinb.park7@gmail.com>
Cc: linux@armlinux.org.uk, will.deacon@arm.com, mingo@kernel.org,
andy.gross@linaro.org, keescook@chromium.org,
vladimir.murzin@arm.com, f.fainelli@gmail.com,
pawel.moll@arm.com, jonathan.austin@arm.com,
ard.biesheuvel@linaro.org, labbott@redhat.com,
arjan@linux.intel.com, paul.gortmaker@windriver.com,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com,
kernel-janitors@vger.kernel.org
Subject: [kernel-hardening] Re: [PATCH] ARM: mm: add testcases for RODATA
Date: Wed, 18 Jan 2017 14:38:17 +0000 [thread overview]
Message-ID: <20170118143815.GG3231@leverpostej> (raw)
In-Reply-To: <20170118135310.GA4733@pjb1027-Latitude-E5410>
On Wed, Jan 18, 2017 at 10:53:10PM +0900, Jinbum Park wrote:
> This patch adds testcases for the CONFIG_DEBUG_RODATA option.
> It's similar to x86's testcases.
> It tests read-only mapped data and page-size aligned rodata section.
I note that LKDTM already has a similar test (though it just has a raw
write, and will crash the kernel).
> + asm volatile(
> + "0: str %[zero], [%[rodata_test]]\n"
> + " mov %[rslt], %[zero]\n"
> + "1:\n"
> + ".pushsection .text.fixup,\"ax\"\n"
> + ".align 2\n"
> + "2:\n"
> + "b 1b\n"
> + ".popsection\n"
> + ".pushsection __ex_table,\"a\"\n"
> + ".align 3\n"
> + ".long 0b, 2b\n"
> + ".popsection\n"
> + : [rslt] "=r" (result)
> + : [zero] "r" (0UL), [rodata_test] "r" (&rodata_test_data)
> + );
This is the only architecture-specific part of the file.
Rather than duplicating the logic from x86, can't we use generic
infrastructure for this part, and move the existing test into a shared
location?
e.g. could we change to KERNEL_DS and use put_user here?
> + if (!result) {
> + pr_err("rodata_test: test data was not read only\n");
> + return -ENODEV;
> + }
> +
> + /* test 3: check the value hasn't changed */
> + /* If this test fails, we managed to overwrite the data */
> + if (!rodata_test_data) {
> + pr_err("rodata_test: Test 3 fails (end data)\n");
> + return -ENODEV;
> + }
> +
> + /* test 4: check if the rodata section is 4Kb aligned */
> + start = (unsigned long)__start_rodata;
> + end = (unsigned long)__end_rodata;
> + if (start & (PAGE_SIZE - 1)) {
> + pr_err("rodata_test: .rodata is not 4k aligned\n");
> + return -ENODEV;
> + }
> + if (end & (PAGE_SIZE - 1)) {
> + pr_err("rodata_test: .rodata end is not 4k aligned\n");
> + return -ENODEV;
> + }
s/4k/page/ in the prints, if this becomes generic.
Thanks,
Mark.
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com>
To: Jinbum Park <jinb.park7@gmail.com>
Cc: linux@armlinux.org.uk, will.deacon@arm.com, mingo@kernel.org,
andy.gross@linaro.org, keescook@chromium.org,
vladimir.murzin@arm.com, f.fainelli@gmail.com,
pawel.moll@arm.com, jonathan.austin@arm.com,
ard.biesheuvel@linaro.org, labbott@redhat.com,
arjan@linux.intel.com, paul.gortmaker@windriver.com,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com,
kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] ARM: mm: add testcases for RODATA
Date: Wed, 18 Jan 2017 14:38:17 +0000 [thread overview]
Message-ID: <20170118143815.GG3231@leverpostej> (raw)
In-Reply-To: <20170118135310.GA4733@pjb1027-Latitude-E5410>
On Wed, Jan 18, 2017 at 10:53:10PM +0900, Jinbum Park wrote:
> This patch adds testcases for the CONFIG_DEBUG_RODATA option.
> It's similar to x86's testcases.
> It tests read-only mapped data and page-size aligned rodata section.
I note that LKDTM already has a similar test (though it just has a raw
write, and will crash the kernel).
> + asm volatile(
> + "0: str %[zero], [%[rodata_test]]\n"
> + " mov %[rslt], %[zero]\n"
> + "1:\n"
> + ".pushsection .text.fixup,\"ax\"\n"
> + ".align 2\n"
> + "2:\n"
> + "b 1b\n"
> + ".popsection\n"
> + ".pushsection __ex_table,\"a\"\n"
> + ".align 3\n"
> + ".long 0b, 2b\n"
> + ".popsection\n"
> + : [rslt] "=r" (result)
> + : [zero] "r" (0UL), [rodata_test] "r" (&rodata_test_data)
> + );
This is the only architecture-specific part of the file.
Rather than duplicating the logic from x86, can't we use generic
infrastructure for this part, and move the existing test into a shared
location?
e.g. could we change to KERNEL_DS and use put_user here?
> + if (!result) {
> + pr_err("rodata_test: test data was not read only\n");
> + return -ENODEV;
> + }
> +
> + /* test 3: check the value hasn't changed */
> + /* If this test fails, we managed to overwrite the data */
> + if (!rodata_test_data) {
> + pr_err("rodata_test: Test 3 fails (end data)\n");
> + return -ENODEV;
> + }
> +
> + /* test 4: check if the rodata section is 4Kb aligned */
> + start = (unsigned long)__start_rodata;
> + end = (unsigned long)__end_rodata;
> + if (start & (PAGE_SIZE - 1)) {
> + pr_err("rodata_test: .rodata is not 4k aligned\n");
> + return -ENODEV;
> + }
> + if (end & (PAGE_SIZE - 1)) {
> + pr_err("rodata_test: .rodata end is not 4k aligned\n");
> + return -ENODEV;
> + }
s/4k/page/ in the prints, if this becomes generic.
Thanks,
Mark.
WARNING: multiple messages have this Message-ID (diff)
From: mark.rutland@arm.com (Mark Rutland)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] ARM: mm: add testcases for RODATA
Date: Wed, 18 Jan 2017 14:38:17 +0000 [thread overview]
Message-ID: <20170118143815.GG3231@leverpostej> (raw)
In-Reply-To: <20170118135310.GA4733@pjb1027-Latitude-E5410>
On Wed, Jan 18, 2017 at 10:53:10PM +0900, Jinbum Park wrote:
> This patch adds testcases for the CONFIG_DEBUG_RODATA option.
> It's similar to x86's testcases.
> It tests read-only mapped data and page-size aligned rodata section.
I note that LKDTM already has a similar test (though it just has a raw
write, and will crash the kernel).
> + asm volatile(
> + "0: str %[zero], [%[rodata_test]]\n"
> + " mov %[rslt], %[zero]\n"
> + "1:\n"
> + ".pushsection .text.fixup,\"ax\"\n"
> + ".align 2\n"
> + "2:\n"
> + "b 1b\n"
> + ".popsection\n"
> + ".pushsection __ex_table,\"a\"\n"
> + ".align 3\n"
> + ".long 0b, 2b\n"
> + ".popsection\n"
> + : [rslt] "=r" (result)
> + : [zero] "r" (0UL), [rodata_test] "r" (&rodata_test_data)
> + );
This is the only architecture-specific part of the file.
Rather than duplicating the logic from x86, can't we use generic
infrastructure for this part, and move the existing test into a shared
location?
e.g. could we change to KERNEL_DS and use put_user here?
> + if (!result) {
> + pr_err("rodata_test: test data was not read only\n");
> + return -ENODEV;
> + }
> +
> + /* test 3: check the value hasn't changed */
> + /* If this test fails, we managed to overwrite the data */
> + if (!rodata_test_data) {
> + pr_err("rodata_test: Test 3 fails (end data)\n");
> + return -ENODEV;
> + }
> +
> + /* test 4: check if the rodata section is 4Kb aligned */
> + start = (unsigned long)__start_rodata;
> + end = (unsigned long)__end_rodata;
> + if (start & (PAGE_SIZE - 1)) {
> + pr_err("rodata_test: .rodata is not 4k aligned\n");
> + return -ENODEV;
> + }
> + if (end & (PAGE_SIZE - 1)) {
> + pr_err("rodata_test: .rodata end is not 4k aligned\n");
> + return -ENODEV;
> + }
s/4k/page/ in the prints, if this becomes generic.
Thanks,
Mark.
next prev parent reply other threads:[~2017-01-18 14:38 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-18 13:53 [kernel-hardening] [PATCH] ARM: mm: add testcases for RODATA Jinbum Park
2017-01-18 13:53 ` Jinbum Park
2017-01-18 13:53 ` Jinbum Park
2017-01-18 13:53 ` Jinbum Park
2017-01-18 14:38 ` Mark Rutland [this message]
2017-01-18 14:38 ` Mark Rutland
2017-01-18 14:38 ` Mark Rutland
2017-01-18 17:21 ` [kernel-hardening] " Solar Designer
2017-01-18 17:30 ` Solar Designer
2017-01-18 19:20 ` [kernel-hardening] " Laura Abbott
2017-01-18 19:20 ` Laura Abbott
2017-01-18 19:20 ` Laura Abbott
2017-01-18 19:20 ` Laura Abbott
2017-01-18 21:20 ` [kernel-hardening] " Kees Cook
2017-01-18 21:20 ` Kees Cook
2017-01-18 21:20 ` Kees Cook
2017-01-18 21:20 ` Kees Cook
2017-01-18 22:36 ` [kernel-hardening] " Russell King - ARM Linux
2017-01-18 22:36 ` Russell King - ARM Linux
2017-01-18 22:36 ` Russell King - ARM Linux
2017-01-18 23:35 ` [kernel-hardening] " Kees Cook
2017-01-18 23:35 ` Kees Cook
2017-01-18 23:35 ` Kees Cook
2017-01-18 23:35 ` Kees Cook
2017-01-18 23:38 ` [kernel-hardening] " Laura Abbott
2017-01-18 23:38 ` Laura Abbott
2017-01-18 23:38 ` Laura Abbott
2017-01-18 23:45 ` Russell King - ARM Linux
2017-01-18 23:45 ` Russell King - ARM Linux
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170118143815.GG3231@leverpostej \
--to=mark.rutland@arm.com \
--cc=andy.gross@linaro.org \
--cc=ard.biesheuvel@linaro.org \
--cc=arjan@linux.intel.com \
--cc=f.fainelli@gmail.com \
--cc=jinb.park7@gmail.com \
--cc=jonathan.austin@arm.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=labbott@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=mingo@kernel.org \
--cc=paul.gortmaker@windriver.com \
--cc=pawel.moll@arm.com \
--cc=vladimir.murzin@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.