From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Brown Subject: Re: [PATCH v4 0/8] introduce post-init read-only memory Date: Fri, 22 Jan 2016 10:19:54 -0700 Message-ID: <20160122171954.GA3945@davidb.org> References: <1453226922-16831-1-git-send-email-keescook@chromium.org> Reply-To: kernel-hardening@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Return-path: List-Post: List-Help: List-Unsubscribe: List-Subscribe: Content-Disposition: inline In-Reply-To: <1453226922-16831-1-git-send-email-keescook@chromium.org> To: kernel-hardening@lists.openwall.com Cc: Ingo Molnar , Kees Cook , Andy Lutomirski , "H. Peter Anvin" , Michael Ellerman , Mathias Krause , Thomas Gleixner , x86@kernel.org, Arnd Bergmann , PaX Team , Emese Revfy , linux-kernel@vger.kernel.org, linux-arch , Laura Abbott List-Id: linux-arch.vger.kernel.org On Tue, Jan 19, 2016 at 10:08:34AM -0800, Kees Cook wrote: >This introduces __ro_after_init as a way to mark such memory, and uses >it on the x86 vDSO to kill an extant kernel exploitation method. Also >adds a new kernel parameter to help debug future use and adds an lkdtm >test to check the results. I've tested these patches on 32-bit ARM using the provoke-crashes test. However, they do require CONFIG_ARM_KERNMEM_PERMS to be enabled as well, which does incur additional memory usage. Do we want to consider making CONFIG_ARM_KERNMEM_PERMS default y for security reasons, and just document that memory-constrained systems may want to turn it off? I'll test the arm64 next. David From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-f50.google.com ([209.85.218.50]:34208 "EHLO mail-oi0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753938AbcAVRT6 (ORCPT ); Fri, 22 Jan 2016 12:19:58 -0500 Received: by mail-oi0-f50.google.com with SMTP id k206so52045625oia.1 for ; Fri, 22 Jan 2016 09:19:57 -0800 (PST) Date: Fri, 22 Jan 2016 10:19:54 -0700 From: David Brown Subject: Re: [kernel-hardening] [PATCH v4 0/8] introduce post-init read-only memory Message-ID: <20160122171954.GA3945@davidb.org> References: <1453226922-16831-1-git-send-email-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <1453226922-16831-1-git-send-email-keescook@chromium.org> Sender: linux-arch-owner@vger.kernel.org List-ID: To: kernel-hardening@lists.openwall.com Cc: Ingo Molnar , Kees Cook , Andy Lutomirski , "H. Peter Anvin" , Michael Ellerman , Mathias Krause , Thomas Gleixner , x86@kernel.org, Arnd Bergmann , PaX Team , Emese Revfy , linux-kernel@vger.kernel.org, linux-arch , Laura Abbott Message-ID: <20160122171954.EmocBYQDbfKoYyzYGi72GbRfe0b5WRYW5kcS0tlvvFg@z> On Tue, Jan 19, 2016 at 10:08:34AM -0800, Kees Cook wrote: >This introduces __ro_after_init as a way to mark such memory, and uses >it on the x86 vDSO to kill an extant kernel exploitation method. Also >adds a new kernel parameter to help debug future use and adds an lkdtm >test to check the results. I've tested these patches on 32-bit ARM using the provoke-crashes test. However, they do require CONFIG_ARM_KERNMEM_PERMS to be enabled as well, which does incur additional memory usage. Do we want to consider making CONFIG_ARM_KERNMEM_PERMS default y for security reasons, and just document that memory-constrained systems may want to turn it off? I'll test the arm64 next. David