From: Jisheng Zhang <jszhang3@mail.ustc.edu.cn>
To: "Paul Walmsley" <paul.walmsley@sifive.com>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Albert Ou" <aou@eecs.berkeley.edu>,
"Andrey Ryabinin" <ryabinin.a.a@gmail.com>,
"Alexander Potapenko" <glider@google.com>,
"Andrey Konovalov" <andreyknvl@gmail.com>,
"Dmitry Vyukov" <dvyukov@google.com>,
" Björn Töpel" <bjorn@kernel.org>,
"Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Song Liu" <songliubraving@fb.com>, "Yonghong Song" <yhs@fb.com>,
"John Fastabend" <john.fastabend@gmail.com>,
"KP Singh" <kpsingh@kernel.org>,
"Luke Nelson" <luke.r.nels@gmail.com>,
"Xi Wang" <xi.wang@gmail.com>
Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
kasan-dev@googlegroups.com, netdev@vger.kernel.org,
bpf@vger.kernel.org
Subject: [PATCH v2 0/9] riscv: improve self-protection
Date: Thu, 1 Apr 2021 00:24:42 +0800 [thread overview]
Message-ID: <20210401002442.2fe56b88@xhacker> (raw)
From: Jisheng Zhang <jszhang@kernel.org>
patch1 is a trivial improvement patch to move some functions to .init
section
Then following patches improve self-protection by:
Marking some variables __ro_after_init
Constifing some variables
Enabling ARCH_HAS_STRICT_MODULE_RWX
Since v1:
- no need to move bpf_jit_alloc_exec() and bpf_jit_free_exec() to core
because RV32 uses the default module_alloc() for jit code which also
meets W^X after patch8
- fix a build error caused by local debug code clean up
Jisheng Zhang (9):
riscv: add __init section marker to some functions
riscv: Mark some global variables __ro_after_init
riscv: Constify sys_call_table
riscv: Constify sbi_ipi_ops
riscv: kprobes: Implement alloc_insn_page()
riscv: bpf: Write protect JIT code
riscv: bpf: Avoid breaking W^X on RV64
riscv: module: Create module allocations without exec permissions
riscv: Set ARCH_HAS_STRICT_MODULE_RWX if MMU
arch/riscv/Kconfig | 1 +
arch/riscv/include/asm/smp.h | 4 ++--
arch/riscv/include/asm/syscall.h | 2 +-
arch/riscv/kernel/module.c | 10 ++++++++--
arch/riscv/kernel/probes/kprobes.c | 8 ++++++++
arch/riscv/kernel/sbi.c | 10 +++++-----
arch/riscv/kernel/smp.c | 6 +++---
arch/riscv/kernel/syscall_table.c | 2 +-
arch/riscv/kernel/time.c | 2 +-
arch/riscv/kernel/traps.c | 2 +-
arch/riscv/kernel/vdso.c | 4 ++--
arch/riscv/mm/init.c | 12 ++++++------
arch/riscv/mm/kasan_init.c | 6 +++---
arch/riscv/mm/ptdump.c | 2 +-
arch/riscv/net/bpf_jit_comp64.c | 2 +-
arch/riscv/net/bpf_jit_core.c | 1 +
16 files changed, 45 insertions(+), 29 deletions(-)
--
2.31.0
WARNING: multiple messages have this Message-ID (diff)
From: Jisheng Zhang <jszhang3@mail.ustc.edu.cn>
To: "Paul Walmsley" <paul.walmsley@sifive.com>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Albert Ou" <aou@eecs.berkeley.edu>,
"Andrey Ryabinin" <ryabinin.a.a@gmail.com>,
"Alexander Potapenko" <glider@google.com>,
"Andrey Konovalov" <andreyknvl@gmail.com>,
"Dmitry Vyukov" <dvyukov@google.com>,
" Björn Töpel" <bjorn@kernel.org>,
"Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Song Liu" <songliubraving@fb.com>, "Yonghong Song" <yhs@fb.com>,
"John Fastabend" <john.fastabend@gmail.com>,
"KP Singh" <kpsingh@kernel.org>,
"Luke Nelson" <luke.r.nels@gmail.com>,
"Xi Wang" <xi.wang@gmail.com>
Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
kasan-dev@googlegroups.com, netdev@vger.kernel.org,
bpf@vger.kernel.org
Subject: [PATCH v2 0/9] riscv: improve self-protection
Date: Thu, 1 Apr 2021 00:24:42 +0800 [thread overview]
Message-ID: <20210401002442.2fe56b88@xhacker> (raw)
From: Jisheng Zhang <jszhang@kernel.org>
patch1 is a trivial improvement patch to move some functions to .init
section
Then following patches improve self-protection by:
Marking some variables __ro_after_init
Constifing some variables
Enabling ARCH_HAS_STRICT_MODULE_RWX
Since v1:
- no need to move bpf_jit_alloc_exec() and bpf_jit_free_exec() to core
because RV32 uses the default module_alloc() for jit code which also
meets W^X after patch8
- fix a build error caused by local debug code clean up
Jisheng Zhang (9):
riscv: add __init section marker to some functions
riscv: Mark some global variables __ro_after_init
riscv: Constify sys_call_table
riscv: Constify sbi_ipi_ops
riscv: kprobes: Implement alloc_insn_page()
riscv: bpf: Write protect JIT code
riscv: bpf: Avoid breaking W^X on RV64
riscv: module: Create module allocations without exec permissions
riscv: Set ARCH_HAS_STRICT_MODULE_RWX if MMU
arch/riscv/Kconfig | 1 +
arch/riscv/include/asm/smp.h | 4 ++--
arch/riscv/include/asm/syscall.h | 2 +-
arch/riscv/kernel/module.c | 10 ++++++++--
arch/riscv/kernel/probes/kprobes.c | 8 ++++++++
arch/riscv/kernel/sbi.c | 10 +++++-----
arch/riscv/kernel/smp.c | 6 +++---
arch/riscv/kernel/syscall_table.c | 2 +-
arch/riscv/kernel/time.c | 2 +-
arch/riscv/kernel/traps.c | 2 +-
arch/riscv/kernel/vdso.c | 4 ++--
arch/riscv/mm/init.c | 12 ++++++------
arch/riscv/mm/kasan_init.c | 6 +++---
arch/riscv/mm/ptdump.c | 2 +-
arch/riscv/net/bpf_jit_comp64.c | 2 +-
arch/riscv/net/bpf_jit_core.c | 1 +
16 files changed, 45 insertions(+), 29 deletions(-)
--
2.31.0
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next reply other threads:[~2021-03-31 16:31 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-31 16:24 Jisheng Zhang [this message]
2021-03-31 16:24 ` [PATCH v2 0/9] riscv: improve self-protection Jisheng Zhang
2021-03-31 16:25 ` [PATCH v2 1/9] riscv: add __init section marker to some functions Jisheng Zhang
2021-03-31 16:25 ` Jisheng Zhang
2021-04-02 4:08 ` Anup Patel
2021-04-02 4:08 ` Anup Patel
2021-04-12 5:37 ` Jisheng Zhang
2021-04-12 5:37 ` Jisheng Zhang
2021-03-31 16:25 ` [PATCH v2 2/9] riscv: Mark some global variables __ro_after_init Jisheng Zhang
2021-03-31 16:25 ` Jisheng Zhang
2021-04-02 4:09 ` Anup Patel
2021-04-02 4:09 ` Anup Patel
2021-03-31 16:26 ` [PATCH v2 3/9] riscv: Constify sys_call_table Jisheng Zhang
2021-03-31 16:26 ` Jisheng Zhang
2021-04-02 4:11 ` Anup Patel
2021-04-02 4:11 ` Anup Patel
2021-03-31 16:26 ` [PATCH v2 4/9] riscv: Constify sbi_ipi_ops Jisheng Zhang
2021-03-31 16:26 ` Jisheng Zhang
2021-04-02 4:12 ` Anup Patel
2021-04-02 4:12 ` Anup Patel
2021-03-31 16:27 ` [PATCH v2 5/9] riscv: kprobes: Implement alloc_insn_page() Jisheng Zhang
2021-03-31 16:27 ` Jisheng Zhang
2021-04-02 4:16 ` Anup Patel
2021-04-02 4:16 ` Anup Patel
2021-03-31 16:27 ` [PATCH v2 6/9] riscv: bpf: Write protect JIT code Jisheng Zhang
2021-03-31 16:27 ` Jisheng Zhang
2021-03-31 16:28 ` [PATCH v2 7/9] riscv: bpf: Avoid breaking W^X on RV64 Jisheng Zhang
2021-03-31 16:28 ` Jisheng Zhang
2021-03-31 16:29 ` [PATCH v2 8/9] riscv: module: Create module allocations without exec permissions Jisheng Zhang
2021-03-31 16:29 ` Jisheng Zhang
2021-04-02 4:18 ` Anup Patel
2021-04-02 4:18 ` Anup Patel
2021-03-31 16:29 ` [PATCH v2 9/9] riscv: Set ARCH_HAS_STRICT_MODULE_RWX if MMU Jisheng Zhang
2021-03-31 16:29 ` Jisheng Zhang
2021-04-02 4:14 ` Anup Patel
2021-04-02 4:14 ` Anup Patel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210401002442.2fe56b88@xhacker \
--to=jszhang3@mail.ustc.edu.cn \
--cc=andreyknvl@gmail.com \
--cc=andrii@kernel.org \
--cc=aou@eecs.berkeley.edu \
--cc=ast@kernel.org \
--cc=bjorn@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=john.fastabend@gmail.com \
--cc=kasan-dev@googlegroups.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=luke.r.nels@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=ryabinin.a.a@gmail.com \
--cc=songliubraving@fb.com \
--cc=xi.wang@gmail.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.