From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ingo Molnar Subject: Re: [PATCH v2 1/4] init: create cmdline param to disable readonly Date: Tue, 1 Dec 2015 08:24:03 +0100 Message-ID: <20151201072403.GA28270@gmail.com> References: <1448494286-16029-1-git-send-email-keescook@chromium.org> <1448494286-16029-2-git-send-email-keescook@chromium.org> <20151126075130.GB18742@gmail.com> <20151130222437.GT8644@n2100.arm.linux.org.uk> Reply-To: kernel-hardening@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: List-Post: List-Help: List-Unsubscribe: List-Subscribe: Sender: Ingo Molnar Content-Disposition: inline In-Reply-To: <20151130222437.GT8644@n2100.arm.linux.org.uk> To: Russell King - ARM Linux Cc: Kees Cook , Heiko Carstens , Michael Ellerman , "James E.J. Bottomley" , Catalin Marinas , LKML , Andy Lutomirski , "H. Peter Anvin" , Mathias Krause , Ingo Molnar , Thomas Gleixner , "x86@kernel.org" , Arnd Bergmann , PaX Team , Emese Revfy , "kernel-hardening@lists.openwall.com" , linux-arch List-Id: linux-arch.vger.kernel.org * Russell King - ARM Linux wrote: > On Mon, Nov 30, 2015 at 01:52:10PM -0800, Kees Cook wrote: > > On Wed, Nov 25, 2015 at 11:51 PM, Ingo Molnar wrote: > > > * Kees Cook wrote: > > >> +#ifdef CONFIG_DEBUG_RODATA > > > > > > Btw., could you please remove the Kconfig option altogether in an additional patch > > > and make read-only sections an always-on feature? It has been default-y for years > > > and all distros have it enabled. > > > > Yeah, this is something I've wanted to do for a while, but I would > > point out that only a few architectures have actually implemented it, > > and for arm and arm64 it was very recent: > > I don't think it can entirely be a kernel command line option. On ARM, > enabling DEBUG_RODATA has a substantial effect on the size of the kernel > image - we have to pad various sections to 1MB boundaries so we can > set the appropriate permissions. > > Forcing this layout on everyone won't work. Yeah, so I'd suggest to have it always-on on x86 (after adding the boot option), to simplify the x86 code and to make it more obvious that we rely on this. There's a moderate amount of #ifdeffery around this: triton:~/tip> git grep -w CONFIG_DEBUG_RODATA arch/x86/ | grep \# | wc -l 15 Thanks, Ingo From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f50.google.com ([74.125.82.50]:37863 "EHLO mail-wm0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751359AbbLAHYJ (ORCPT ); Tue, 1 Dec 2015 02:24:09 -0500 Date: Tue, 1 Dec 2015 08:24:03 +0100 From: Ingo Molnar Subject: Re: [PATCH v2 1/4] init: create cmdline param to disable readonly Message-ID: <20151201072403.GA28270@gmail.com> References: <1448494286-16029-1-git-send-email-keescook@chromium.org> <1448494286-16029-2-git-send-email-keescook@chromium.org> <20151126075130.GB18742@gmail.com> <20151130222437.GT8644@n2100.arm.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20151130222437.GT8644@n2100.arm.linux.org.uk> Sender: linux-arch-owner@vger.kernel.org List-ID: To: Russell King - ARM Linux Cc: Kees Cook , Heiko Carstens , Michael Ellerman , "James E.J. Bottomley" , Catalin Marinas , LKML , Andy Lutomirski , "H. Peter Anvin" , Mathias Krause , Ingo Molnar , Thomas Gleixner , "x86@kernel.org" , Arnd Bergmann , PaX Team , Emese Revfy , "kernel-hardening@lists.openwall.com" , linux-arch Message-ID: <20151201072403.d9YZw0oEAWUmF3W_4HIQv89UCynNEWxPWfHm-jxI9io@z> * Russell King - ARM Linux wrote: > On Mon, Nov 30, 2015 at 01:52:10PM -0800, Kees Cook wrote: > > On Wed, Nov 25, 2015 at 11:51 PM, Ingo Molnar wrote: > > > * Kees Cook wrote: > > >> +#ifdef CONFIG_DEBUG_RODATA > > > > > > Btw., could you please remove the Kconfig option altogether in an additional patch > > > and make read-only sections an always-on feature? It has been default-y for years > > > and all distros have it enabled. > > > > Yeah, this is something I've wanted to do for a while, but I would > > point out that only a few architectures have actually implemented it, > > and for arm and arm64 it was very recent: > > I don't think it can entirely be a kernel command line option. On ARM, > enabling DEBUG_RODATA has a substantial effect on the size of the kernel > image - we have to pad various sections to 1MB boundaries so we can > set the appropriate permissions. > > Forcing this layout on everyone won't work. Yeah, so I'd suggest to have it always-on on x86 (after adding the boot option), to simplify the x86 code and to make it more obvious that we rely on this. There's a moderate amount of #ifdeffery around this: triton:~/tip> git grep -w CONFIG_DEBUG_RODATA arch/x86/ | grep \# | wc -l 15 Thanks, Ingo