From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christian Borntraeger Subject: Re: [RFC][PATCH] s390, postinit-readonly: implement post-init RO Date: Tue, 8 Mar 2016 09:51:05 +0100 Message-ID: <56DE9279.6040805@de.ibm.com> References: <20160308002035.GA13606@www.outflux.net> Reply-To: kernel-hardening@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Return-path: List-Post: List-Help: List-Unsubscribe: List-Subscribe: In-Reply-To: To: Kees Cook Cc: Heiko Carstens , Martin Schwidefsky , Ingo Molnar , David Brown , Andy Lutomirski , "H. Peter Anvin" , Michael Ellerman , Mathias Krause , Thomas Gleixner , "x86@kernel.org" , Arnd Bergmann , PaX Team , Emese Revfy , "kernel-hardening@lists.openwall.com" , LKML , linux-arch , linux-s390 List-Id: linux-arch.vger.kernel.org On 03/08/2016 01:41 AM, Kees Cook wrote: >> --- a/arch/s390/kernel/vmlinux.lds.S >> +++ b/arch/s390/kernel/vmlinux.lds.S >> @@ -52,6 +52,12 @@ SECTIONS >> >> RW_DATA_SECTION(0x100, PAGE_SIZE, THREAD_SIZE) >> >> + . = ALIGN(PAGE_SIZE) missing ";" ? With that and your fixes, this function claims to mark 0kB and lkdtm can still write. Reason is that _edata is 0xc11008 and start is 0x0c11000. making _edata page aligned as well, does now try to mark one page, but then we run into the next issue, that static void change_page_attr(unsigned long addr, int numpages, pte_t (*set) (pte_t)) { pte_t *ptep; int i; for (i = 0; i < numpages; i++) { ptep = walk_page_table(addr); triggers this if (WARN_ON_ONCE(!ptep)) break; because the kernel decided to map this with a large page. So we need to fix this function to then break the large page into a smaller chunk.... Christian From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from e06smtp16.uk.ibm.com ([195.75.94.112]:55864 "EHLO e06smtp16.uk.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753703AbcCHIvN (ORCPT ); Tue, 8 Mar 2016 03:51:13 -0500 Received: from localhost by e06smtp16.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 8 Mar 2016 08:51:11 -0000 Subject: Re: [RFC][PATCH] s390, postinit-readonly: implement post-init RO References: <20160308002035.GA13606@www.outflux.net> From: Christian Borntraeger Message-ID: <56DE9279.6040805@de.ibm.com> Date: Tue, 8 Mar 2016 09:51:05 +0100 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-arch-owner@vger.kernel.org List-ID: To: Kees Cook Cc: Heiko Carstens , Martin Schwidefsky , Ingo Molnar , David Brown , Andy Lutomirski , "H. Peter Anvin" , Michael Ellerman , Mathias Krause , Thomas Gleixner , "x86@kernel.org" , Arnd Bergmann , PaX Team , Emese Revfy , "kernel-hardening@lists.openwall.com" , LKML , linux-arch , linux-s390 Message-ID: <20160308085105.kt1eyARP-e4zfn6hOObujlPwr4txzVDHQxIW5rvfU1M@z> On 03/08/2016 01:41 AM, Kees Cook wrote: >> --- a/arch/s390/kernel/vmlinux.lds.S >> +++ b/arch/s390/kernel/vmlinux.lds.S >> @@ -52,6 +52,12 @@ SECTIONS >> >> RW_DATA_SECTION(0x100, PAGE_SIZE, THREAD_SIZE) >> >> + . = ALIGN(PAGE_SIZE) missing ";" ? With that and your fixes, this function claims to mark 0kB and lkdtm can still write. Reason is that _edata is 0xc11008 and start is 0x0c11000. making _edata page aligned as well, does now try to mark one page, but then we run into the next issue, that static void change_page_attr(unsigned long addr, int numpages, pte_t (*set) (pte_t)) { pte_t *ptep; int i; for (i = 0; i < numpages; i++) { ptep = walk_page_table(addr); triggers this if (WARN_ON_ONCE(!ptep)) break; because the kernel decided to map this with a large page. So we need to fix this function to then break the large page into a smaller chunk.... Christian