From: lauraa@codeaurora.org (Laura Abbott)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCHv5 0/7] Better page protections for arm64
Date: Wed, 19 Nov 2014 14:37:54 -0800 [thread overview]
Message-ID: <546D1BC2.3050503@codeaurora.org> (raw)
In-Reply-To: <CAGXu5jKBkuUde7DK2NdFTycJkB=9Dyou+b2oo0aC-y85XN_Kng@mail.gmail.com>
On 11/19/2014 2:33 PM, Kees Cook wrote:
> On Mon, Nov 17, 2014 at 4:54 PM, Laura Abbott <lauraa@codeaurora.org> wrote:
>> Hi,
>>
>> This is v5 of the series to add stricter page protections for arm64.
>> The goal is to have text be RO/NX and everything else be RW/NX.
>> I finally got my hands on a Juno board so I was able to do more
>> testing with both 4K and 64K pages although I still haven't tested
>> with EFI. This is based off of 3.18-rc5.
>>
>> Thanks,
>> Laura
>>
>> Laura Abbott (7):
>> arm64: Treat handle_arch_irq as a function pointer
>> arm64: Switch to adrp for loading the stub vectors
>> arm64: Move cpu_resume into the text section
>> arm64: Move some head.text functions to executable section
>> arm64: Factor out fixmap initialiation from ioremap
>> arm64: use fixmap for text patching when text is RO
>> arm64: add better page protections to arm64
>>
>> arch/arm64/Kconfig.debug | 23 ++
>> arch/arm64/include/asm/cacheflush.h | 4 +
>> arch/arm64/include/asm/fixmap.h | 8 +-
>> arch/arm64/include/asm/insn.h | 2 +
>> arch/arm64/include/asm/irq.h | 1 -
>> arch/arm64/kernel/entry.S | 6 +-
>> arch/arm64/kernel/head.S | 409 +++++++++++++++++-----------------
>> arch/arm64/kernel/insn.c | 72 +++++-
>> arch/arm64/kernel/irq.c | 2 +
>> arch/arm64/kernel/jump_label.c | 2 +-
>> arch/arm64/kernel/setup.c | 1 +
>> arch/arm64/kernel/sleep.S | 29 +--
>> arch/arm64/kernel/suspend.c | 4 +-
>> arch/arm64/kernel/vmlinux.lds.S | 21 ++
>> arch/arm64/mm/init.c | 1 +
>> arch/arm64/mm/ioremap.c | 93 +-------
>> arch/arm64/mm/mm.h | 2 +
>> arch/arm64/mm/mmu.c | 429 ++++++++++++++++++++++++++++++++----
>> 18 files changed, 743 insertions(+), 366 deletions(-)
>
> Thanks for working on this series! I've tested this on my aarch64
> hardware, and it worked nicely. :) Consider the whole series as:
>
> Tested-by: Kees Cook <keescook@chromium.org>
>
> Has anyone looked at getting an arm64 version of CONFIG_ARM_PTDUMP
> built? It'd be really nice to be able to check page table layout at a
> glace.
>
Yep, I have a version of that
http://lists.infradead.org/pipermail/linux-arm-kernel/2014-November/303418.html
Testing appreciated as always :)
> In the meantime, with this patch series, the "WRITE_RO" and
> "WRITE_KERN" tests from lkdtm correctly Oops the kernel.
>
> Thanks!
>
> -Kees
>
Thanks,
Laura
--
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
prev parent reply other threads:[~2014-11-19 22:37 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-18 0:54 [PATCHv5 0/7] Better page protections for arm64 Laura Abbott
2014-11-18 0:54 ` [PATCHv5 1/7] arm64: Treat handle_arch_irq as a function pointer Laura Abbott
2014-11-18 0:55 ` [PATCHv5 2/7] arm64: Switch to adrp for loading the stub vectors Laura Abbott
2014-11-18 0:55 ` [PATCHv5 3/7] arm64: Move cpu_resume into the text section Laura Abbott
2014-11-18 10:35 ` Lorenzo Pieralisi
2014-11-18 10:49 ` Mark Rutland
2014-11-18 21:20 ` Laura Abbott
2014-11-18 0:55 ` [PATCHv5 4/7] arm64: Move some head.text functions to executable section Laura Abbott
2014-11-18 11:41 ` Mark Rutland
2014-11-18 21:27 ` Laura Abbott
2014-11-18 0:55 ` [PATCHv5 5/7] arm64: Factor out fixmap initialiation from ioremap Laura Abbott
2014-11-18 0:55 ` [PATCHv5 6/7] arm64: use fixmap for text patching when text is RO Laura Abbott
2014-11-18 0:55 ` [PATCHv5 7/7] arm64: add better page protections to arm64 Laura Abbott
2014-11-19 16:31 ` Mark Rutland
2014-11-19 17:38 ` Ard Biesheuvel
2014-11-19 18:06 ` Ard Biesheuvel
2014-11-19 18:46 ` Mark Rutland
2014-11-19 18:56 ` Ard Biesheuvel
2014-11-19 19:20 ` Laura Abbott
2014-11-21 1:08 ` Laura Abbott
2014-11-20 12:04 ` Steve Capper
2014-11-21 1:02 ` Laura Abbott
2014-11-19 22:33 ` [PATCHv5 0/7] Better page protections for arm64 Kees Cook
2014-11-19 22:37 ` Laura Abbott [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=546D1BC2.3050503@codeaurora.org \
--to=lauraa@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.