From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 999C7C35242 for ; Tue, 11 Feb 2020 19:26:09 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 019FB20637 for ; Tue, 11 Feb 2020 19:26:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="aBFZgI1b" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 019FB20637 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-17780-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 16112 invoked by uid 550); 11 Feb 2020 19:26:01 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 16077 invoked from network); 11 Feb 2020 19:26:00 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Fduhzb+WwBefc5G2IiZw7jkFkPhFvQRZKGxZZqFDo/E=; b=aBFZgI1bEVFMDfd8bvtXh9AZ1Mze2/1St6L/4BVij/mXj+0ZVWJe/BBz62kvdV/PUy KBlDmWnFixMHuEJ2x57jhZe2RZwo4KxOOAhGPDQppATODztQCUF1bGUHqwB2F+7dyFEs eKbWf5MArG16cSHqLbOgFxRg8G+4rPIDu1A8c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=Fduhzb+WwBefc5G2IiZw7jkFkPhFvQRZKGxZZqFDo/E=; b=RhMqGHGMNYw1ULsa6vRjDPm14o/Hr6gs3ZIsVD+O/eOvvO1a7QUn7gSH48bc9yr+R2 xYGU4b5wcT4lwrRjK10TivM8WsT/c+uxs71eCWj2bKCmcnwUpV+HQekXvfgMKW6OhW4F pjkkze48ccL1q5+vBJ1pJVKNXXhC0YF4AHBwtw/bqVNjugIi2hzDfe4/znft1Wc1e8Fx YnzSEt+ITpd1w6JjiwL7Ks8B+89w6wlPEUrgw/gOcOcJ2SoXiSgFQ2Zj+1HIIuzh/QrO sYw2HFliv8abjQfV6N67V+MdVT+xrkiDHBMehXK8pvdy7c/4fQ4qdgCkreMg+uxgerED HNqA== X-Gm-Message-State: APjAAAW3sjLs9qPPIYQ3UVenOlVoHmg9u1XhZsiddencbs7WYJp8KBVW QedJ7PzMIQiU7T6oSgW+g4Fk+g== X-Google-Smtp-Source: APXvYqzYyVOg7uqgSBmTXebLQ5IGOoof6bohkjL6i/HNSEw99SG6fXpTLlzi3kbK2a4VrLpxXNd1Pg== X-Received: by 2002:a17:90a:b30b:: with SMTP id d11mr6814381pjr.22.1581449148710; Tue, 11 Feb 2020 11:25:48 -0800 (PST) Date: Tue, 11 Feb 2020 11:25:46 -0800 From: Kees Cook To: shuah Cc: Ingo Molnar , Hector Marco-Gisbert , Catalin Marinas , Will Deacon , Jason Gunthorpe , Jann Horn , Russell King , x86@kernel.org, kernel-hardening@lists.openwall.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH v3 7/7] selftests/exec: Add READ_IMPLIES_EXEC tests Message-ID: <202002111124.0A334167@keescook> References: <20200210193049.64362-1-keescook@chromium.org> <20200210193049.64362-8-keescook@chromium.org> <4f8a5036-dc2a-90ad-5fc8-69560a5dd78e@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4f8a5036-dc2a-90ad-5fc8-69560a5dd78e@kernel.org> On Tue, Feb 11, 2020 at 11:11:21AM -0700, shuah wrote: > On 2/10/20 12:30 PM, Kees Cook wrote: > > In order to check the matrix of possible states for handling > > READ_IMPLIES_EXEC across native, compat, and the state of PT_GNU_STACK, > > add tests for these execution conditions. > > > > Signed-off-by: Kees Cook > > No issues for this to go through tip. > > A few problems to fix first. This fails to compile when 32-bit libraries > aren't installed. It should fail the 32-bit part and run other checks. Do you mean the Makefile should detect the missing compat build deps and avoid building them? Testing compat is pretty important to this test, so it seems like missing the build deps causing the build to fail is the correct action here. This is likely true for the x86/ selftests too. What would you like this to do? -- Kees Cook From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94C8EC35242 for ; Tue, 11 Feb 2020 19:26:06 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6F62120870 for ; Tue, 11 Feb 2020 19:26:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="kZesoX4G"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="aBFZgI1b" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6F62120870 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=o0Kt6J8PdbdrWdhaMUajJawWMFdjktfRJbkFUVU++tA=; b=kZesoX4GW5hwZP N4B+x3PFihnn23/DKqpIUVHiNyDni9e8hhRMIbyNISNwTFgUFGlxaJmWrjGRfBaqLXytUk9xSGT7v kZFuA4xRrZo9o4Y0NCbuq/CCVbZ/OPxvthNTrkJZ3ot8N7kOelQYxhrWKfAO92FNHhvQ2Crfx5gQC 7ighKSnvRxVXT8LmUStQDTRBZMdnXNLZLtlGp6PmmtxX6ZH6MfLoK/llwZRu3aME8tFgnIMqFj/8M MTI2s3wqVNwyl87vdvRw1GlFXSeUI/ThK90CeKiRS7F+zQzQFUQw6BSQI6DUqEnE3GWH6/fYo1yu7 dIE6bBMYlz1iVwY4bmTA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j1bAP-0006Ob-8F; Tue, 11 Feb 2020 19:25:53 +0000 Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j1bAM-0006Nm-EN for linux-arm-kernel@lists.infradead.org; Tue, 11 Feb 2020 19:25:51 +0000 Received: by mail-pl1-x642.google.com with SMTP id e8so4654177plt.9 for ; Tue, 11 Feb 2020 11:25:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Fduhzb+WwBefc5G2IiZw7jkFkPhFvQRZKGxZZqFDo/E=; b=aBFZgI1bEVFMDfd8bvtXh9AZ1Mze2/1St6L/4BVij/mXj+0ZVWJe/BBz62kvdV/PUy KBlDmWnFixMHuEJ2x57jhZe2RZwo4KxOOAhGPDQppATODztQCUF1bGUHqwB2F+7dyFEs eKbWf5MArG16cSHqLbOgFxRg8G+4rPIDu1A8c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=Fduhzb+WwBefc5G2IiZw7jkFkPhFvQRZKGxZZqFDo/E=; b=QGzH7PUCu4dWwFhZZYNElH5OlqZ4VS43m7qnkieZXdGkcWLjfoE2C6UifhkcFK1AdY KSt6bFHUfsIdoX5JGg0kFtGbtt696CRgl2MK8778MZle3Jvzl9P+YVKMEOrUqvRJPp4r HVQstQYqXadfhA5O1iSC9GYTYvZZOz+HA709M2K/3gPAj9geAVf7vWhJVS+Xr99UsQU1 p4C8Hr7tZGkgC/+ieZSEflDjjtSfb4uofL2dgfv8hfNWdlbdApfSRPaLt1RDMxYMpJtE 73ogzL2RXnv4nOKNxyK6F7vGNCyIvEbcKeWhFHxXMSekFkA2bg9vSOjlnLEvUSkZBfoD AXUQ== X-Gm-Message-State: APjAAAUQ6sPv7r6h3PZS/BjiDFgICJTjLf16FhA5xAj0L/fHnR2rowpS lRUkq6yyDORhrr5hNLT6PkIh2g== X-Google-Smtp-Source: APXvYqzYyVOg7uqgSBmTXebLQ5IGOoof6bohkjL6i/HNSEw99SG6fXpTLlzi3kbK2a4VrLpxXNd1Pg== X-Received: by 2002:a17:90a:b30b:: with SMTP id d11mr6814381pjr.22.1581449148710; Tue, 11 Feb 2020 11:25:48 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id 3sm4285511pjg.27.2020.02.11.11.25.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Feb 2020 11:25:47 -0800 (PST) Date: Tue, 11 Feb 2020 11:25:46 -0800 From: Kees Cook To: shuah Subject: Re: [PATCH v3 7/7] selftests/exec: Add READ_IMPLIES_EXEC tests Message-ID: <202002111124.0A334167@keescook> References: <20200210193049.64362-1-keescook@chromium.org> <20200210193049.64362-8-keescook@chromium.org> <4f8a5036-dc2a-90ad-5fc8-69560a5dd78e@kernel.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <4f8a5036-dc2a-90ad-5fc8-69560a5dd78e@kernel.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200211_112550_483895_3DAA9535 X-CRM114-Status: GOOD ( 15.06 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jann Horn , Catalin Marinas , x86@kernel.org, Hector Marco-Gisbert , Russell King , Will Deacon , linux-kernel@vger.kernel.org, Jason Gunthorpe , linux-kselftest@vger.kernel.org, kernel-hardening@lists.openwall.com, Ingo Molnar , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Feb 11, 2020 at 11:11:21AM -0700, shuah wrote: > On 2/10/20 12:30 PM, Kees Cook wrote: > > In order to check the matrix of possible states for handling > > READ_IMPLIES_EXEC across native, compat, and the state of PT_GNU_STACK, > > add tests for these execution conditions. > > > > Signed-off-by: Kees Cook > > No issues for this to go through tip. > > A few problems to fix first. This fails to compile when 32-bit libraries > aren't installed. It should fail the 32-bit part and run other checks. Do you mean the Makefile should detect the missing compat build deps and avoid building them? Testing compat is pretty important to this test, so it seems like missing the build deps causing the build to fail is the correct action here. This is likely true for the x86/ selftests too. What would you like this to do? -- Kees Cook _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel