From: lauraa@codeaurora.org (Laura Abbott)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC] Stricter kernel memory permissions
Date: Tue, 8 Oct 2013 18:31:27 -0700 [thread overview]
Message-ID: <1381282292-25251-1-git-send-email-lauraa@codeaurora.org> (raw)
This is an RFC to add more page table protection to ARM. As has been alluded to
in the past[1], the ARM kernel unconditionally maps everything as RWX which
presents a security problem. This is a fairly straight port of what we've been
using for a while for mitigation and is mostly provided as an example. Some
notes:
1) The original design mapped regions with permissions (RX/RO/RW) as appropriate
and then mapped the rest of the memory RW. I couldn't find a way to do this
cleanly in all cases so I went for the alternate approach: map all memory as RW,
clear the mapping and the set up the new mapping. This has some increased trade
offs described in #2
2) Rather than lose the TLB bonus for section mappings, the regions to be mapped
RO/RX are aligned to at least section size. For the new method of
clearing/remapping, this bumps up the alignment requirement to PMD_SIZE. This
does result in losing a bit of memory which is unfortunate.
3) This has not been tested on LPAE based systems
4) kprobes is broken with this since the text section is now RO. We had some
patches to allow temporarily marking the text writeable, but those did not take
into account section restrictions on SMP systems. I can post the patches if
there is interest.
Credit for the original work goes to Larry Bassel. I reworked parts of the
patches and added some new code.
Thanks,
Laura
[1] http://lists.infradead.org/pipermail/linux-arm-kernel/2013-July/187822.html
next reply other threads:[~2013-10-09 1:31 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-09 1:31 Laura Abbott [this message]
2013-10-09 1:31 ` [RFC PATCH 1/5] arm: mm: add CONFIG_STRICT_MEMORY_RWX Laura Abbott
2013-10-09 16:47 ` Larry Bassel
2013-10-09 20:04 ` Kees Cook
2013-10-10 0:18 ` Laura Abbott
2013-10-09 1:31 ` [RFC PATCH 2/5] arm: mm: add new memory mapping types Laura Abbott
2013-10-09 1:31 ` [RFC PATCH 3/5] arm: align init, text, rodata to PMD_SIZE if CONFIG_STRICT_MEMORY_RWX is set Laura Abbott
2013-10-09 1:31 ` [RFC PATCH 4/5] arm: mm: restrict kernel memory permissions if CONFIG_STRICT_MEMORY_RWX set Laura Abbott
2013-10-09 1:31 ` [RFC PATCH 5/5] arm: Don't free init text if CONFIG_STRICT_MEMORY_RWX is enabled Laura Abbott
2013-10-17 21:15 ` [RFC] Stricter kernel memory permissions Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1381282292-25251-1-git-send-email-lauraa@codeaurora.org \
--to=lauraa@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).