From: Jisheng Zhang <jszhang3@mail.ustc.edu.cn>
To: "Paul Walmsley" <paul.walmsley@sifive.com>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Albert Ou" <aou@eecs.berkeley.edu>,
"Andrey Ryabinin" <ryabinin.a.a@gmail.com>,
"Alexander Potapenko" <glider@google.com>,
"Andrey Konovalov" <andreyknvl@gmail.com>,
"Dmitry Vyukov" <dvyukov@google.com>,
" Björn Töpel" <bjorn@kernel.org>,
"Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Martin KaFai Lau" <kafai@fb.com>,
"Song Liu" <songliubraving@fb.com>, "Yonghong Song" <yhs@fb.com>,
"John Fastabend" <john.fastabend@gmail.com>,
"KP Singh" <kpsingh@kernel.org>,
"Luke Nelson" <luke.r.nels@gmail.com>,
"Xi Wang" <xi.wang@gmail.com>, "Anup Patel" <anup@brainfault.org>
Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: [PATCH v3 00/10] riscv: improve self-protection
Date: Tue, 13 Apr 2021 00:11:10 +0800 [thread overview]
Message-ID: <20210413001110.7209bae6@xhacker> (raw)
From: Jisheng Zhang <jszhang@kernel.org>
patch1 removes the non-necessary setup_zero_page()
patch2 is a trivial improvement patch to move some functions to .init
section
Then following patches improve self-protection by:
Marking some variables __ro_after_init
Constifing some variables
Enabling ARCH_HAS_STRICT_MODULE_RWX
Hi Anup,
I kept the __init modification to trap_init(), I will cook a trivial
series to provide a __weak but NULL trap_init() implementation in
init/main.c then remove all NULL implementation from all arch.
Thanks
Since v2:
- collect Reviewed-by tag
- add one patch to remove unnecessary setup_zero_page()
Since v1:
- no need to move bpf_jit_alloc_exec() and bpf_jit_free_exec() to core
because RV32 uses the default module_alloc() for jit code which also
meets W^X after patch8
- fix a build error caused by local debug code clean up
Jisheng Zhang (10):
riscv: mm: Remove setup_zero_page()
riscv: add __init section marker to some functions
riscv: Mark some global variables __ro_after_init
riscv: Constify sys_call_table
riscv: Constify sbi_ipi_ops
riscv: kprobes: Implement alloc_insn_page()
riscv: bpf: Write protect JIT code
riscv: bpf: Avoid breaking W^X on RV64
riscv: module: Create module allocations without exec permissions
riscv: Set ARCH_HAS_STRICT_MODULE_RWX if MMU
arch/riscv/Kconfig | 1 +
arch/riscv/include/asm/smp.h | 4 ++--
arch/riscv/include/asm/syscall.h | 2 +-
arch/riscv/kernel/cpufeature.c | 2 +-
arch/riscv/kernel/module.c | 10 ++++++++--
arch/riscv/kernel/probes/kprobes.c | 8 ++++++++
arch/riscv/kernel/sbi.c | 10 +++++-----
arch/riscv/kernel/smp.c | 6 +++---
arch/riscv/kernel/syscall_table.c | 2 +-
arch/riscv/kernel/time.c | 2 +-
arch/riscv/kernel/traps.c | 2 +-
arch/riscv/kernel/vdso.c | 4 ++--
arch/riscv/mm/init.c | 16 +++++-----------
arch/riscv/mm/kasan_init.c | 6 +++---
arch/riscv/mm/ptdump.c | 2 +-
arch/riscv/net/bpf_jit_comp64.c | 2 +-
arch/riscv/net/bpf_jit_core.c | 1 +
17 files changed, 45 insertions(+), 35 deletions(-)
--
2.31.0
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
WARNING: multiple messages have this Message-ID (diff)
From: Jisheng Zhang <jszhang3@mail.ustc.edu.cn>
To: "Paul Walmsley" <paul.walmsley@sifive.com>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Albert Ou" <aou@eecs.berkeley.edu>,
"Andrey Ryabinin" <ryabinin.a.a@gmail.com>,
"Alexander Potapenko" <glider@google.com>,
"Andrey Konovalov" <andreyknvl@gmail.com>,
"Dmitry Vyukov" <dvyukov@google.com>,
" Björn Töpel" <bjorn@kernel.org>,
"Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Martin KaFai Lau" <kafai@fb.com>,
"Song Liu" <songliubraving@fb.com>, "Yonghong Song" <yhs@fb.com>,
"John Fastabend" <john.fastabend@gmail.com>,
"KP Singh" <kpsingh@kernel.org>,
"Luke Nelson" <luke.r.nels@gmail.com>,
"Xi Wang" <xi.wang@gmail.com>, "Anup Patel" <anup@brainfault.org>
Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: [PATCH v3 00/10] riscv: improve self-protection
Date: Tue, 13 Apr 2021 00:11:10 +0800 [thread overview]
Message-ID: <20210413001110.7209bae6@xhacker> (raw)
From: Jisheng Zhang <jszhang@kernel.org>
patch1 removes the non-necessary setup_zero_page()
patch2 is a trivial improvement patch to move some functions to .init
section
Then following patches improve self-protection by:
Marking some variables __ro_after_init
Constifing some variables
Enabling ARCH_HAS_STRICT_MODULE_RWX
Hi Anup,
I kept the __init modification to trap_init(), I will cook a trivial
series to provide a __weak but NULL trap_init() implementation in
init/main.c then remove all NULL implementation from all arch.
Thanks
Since v2:
- collect Reviewed-by tag
- add one patch to remove unnecessary setup_zero_page()
Since v1:
- no need to move bpf_jit_alloc_exec() and bpf_jit_free_exec() to core
because RV32 uses the default module_alloc() for jit code which also
meets W^X after patch8
- fix a build error caused by local debug code clean up
Jisheng Zhang (10):
riscv: mm: Remove setup_zero_page()
riscv: add __init section marker to some functions
riscv: Mark some global variables __ro_after_init
riscv: Constify sys_call_table
riscv: Constify sbi_ipi_ops
riscv: kprobes: Implement alloc_insn_page()
riscv: bpf: Write protect JIT code
riscv: bpf: Avoid breaking W^X on RV64
riscv: module: Create module allocations without exec permissions
riscv: Set ARCH_HAS_STRICT_MODULE_RWX if MMU
arch/riscv/Kconfig | 1 +
arch/riscv/include/asm/smp.h | 4 ++--
arch/riscv/include/asm/syscall.h | 2 +-
arch/riscv/kernel/cpufeature.c | 2 +-
arch/riscv/kernel/module.c | 10 ++++++++--
arch/riscv/kernel/probes/kprobes.c | 8 ++++++++
arch/riscv/kernel/sbi.c | 10 +++++-----
arch/riscv/kernel/smp.c | 6 +++---
arch/riscv/kernel/syscall_table.c | 2 +-
arch/riscv/kernel/time.c | 2 +-
arch/riscv/kernel/traps.c | 2 +-
arch/riscv/kernel/vdso.c | 4 ++--
arch/riscv/mm/init.c | 16 +++++-----------
arch/riscv/mm/kasan_init.c | 6 +++---
arch/riscv/mm/ptdump.c | 2 +-
arch/riscv/net/bpf_jit_comp64.c | 2 +-
arch/riscv/net/bpf_jit_core.c | 1 +
17 files changed, 45 insertions(+), 35 deletions(-)
--
2.31.0
next reply other threads:[~2021-04-12 16:17 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-12 16:11 Jisheng Zhang [this message]
2021-04-12 16:11 ` [PATCH v3 00/10] riscv: improve self-protection Jisheng Zhang
2021-04-12 16:11 ` [PATCH v3 01/10] riscv: mm: Remove setup_zero_page() Jisheng Zhang
2021-04-12 16:11 ` Jisheng Zhang
2021-04-13 3:49 ` Anup Patel
2021-04-13 3:49 ` Anup Patel
2021-04-12 16:12 ` [PATCH v3 02/10] riscv: add __init section marker to some functions Jisheng Zhang
2021-04-12 16:12 ` Jisheng Zhang
2021-04-13 3:51 ` Anup Patel
2021-04-13 3:51 ` Anup Patel
2021-04-12 16:12 ` [PATCH v3 03/10] riscv: Mark some global variables __ro_after_init Jisheng Zhang
2021-04-12 16:12 ` Jisheng Zhang
2021-04-12 16:13 ` [PATCH v3 04/10] riscv: Constify sys_call_table Jisheng Zhang
2021-04-12 16:13 ` Jisheng Zhang
2021-04-12 16:17 ` [PATCH v3 05/10] riscv: Constify sbi_ipi_ops Jisheng Zhang
2021-04-12 16:17 ` Jisheng Zhang
2021-04-12 16:17 ` [PATCH v3 06/10] riscv: kprobes: Implement alloc_insn_page() Jisheng Zhang
2021-04-12 16:17 ` Jisheng Zhang
2021-04-12 16:18 ` [PATCH v3 07/10] riscv: bpf: Write protect JIT code Jisheng Zhang
2021-04-12 16:18 ` Jisheng Zhang
2021-04-12 16:18 ` [PATCH v3 08/10] riscv: bpf: Avoid breaking W^X on RV64 Jisheng Zhang
2021-04-12 16:18 ` Jisheng Zhang
2021-04-12 16:19 ` [PATCH v3 09/10] riscv: module: Create module allocations without exec permissions Jisheng Zhang
2021-04-12 16:19 ` Jisheng Zhang
2021-04-12 16:19 ` [PATCH v3 10/10] riscv: Set ARCH_HAS_STRICT_MODULE_RWX if MMU Jisheng Zhang
2021-04-12 16:19 ` Jisheng Zhang
2021-04-13 3:52 ` [PATCH v3 00/10] riscv: improve self-protection Anup Patel
2021-04-13 3:52 ` Anup Patel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210413001110.7209bae6@xhacker \
--to=jszhang3@mail.ustc.edu.cn \
--cc=andreyknvl@gmail.com \
--cc=andrii@kernel.org \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=ast@kernel.org \
--cc=bjorn@kernel.org \
--cc=daniel@iogearbox.net \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=luke.r.nels@gmail.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=ryabinin.a.a@gmail.com \
--cc=songliubraving@fb.com \
--cc=xi.wang@gmail.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.