From: keescook@chromium.org (Kees Cook)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 0/7] arm: support CONFIG_RODATA
Date: Tue, 12 Aug 2014 11:24:22 -0700 [thread overview]
Message-ID: <1407867869-5194-1-git-send-email-keescook@chromium.org> (raw)
This is a series of patches to support CONFIG_RODATA on ARM, so that
the kernel text is RO, and non-text sections default to NX. To support
on-the-fly kernel text patching (via ftrace, kprobes, etc), fixmap
support has been finalized based on several versions of various patches
that are floating around on the mailing list. This series attempts to
include the least intrusive version, so that others can build on it for
future fixmap work.
The series has been heavily tested, and appears to be working correctly:
With CONFIG_ARM_PTDUMP, expected page table permissions are seen in
/sys/kernel/debug/kernel_page_tables.
Using CONFIG_LKDTM, the kernel now correctly detects bad accesses for
for the following lkdtm tests via /sys/kernel/debug/provoke-crash/DIRECT:
EXEC_DATA
WRITE_RO
WRITE_KERN
ftrace works:
CONFIG_FTRACE_STARTUP_TEST passes
Enabling tracing works:
echo function > /sys/kernel/debug/tracing/current_tracer
kprobes works:
CONFIG_ARM_KPROBES_TEST passes
kexec works:
kexec will load and start a new kernel
Built with and without CONFIG_HIGHMEM. Current limitation on fixmap is
that builds do not support 32 CPUs (max 31). This will be addressed by
additional patches to expand the fixmap to 3MB.
Thanks to everyone who has been testing this series and working on its
various pieces!
-Kees
v3:
- more cleanups in switch to generic fixmap (lauraa, robh)
- fixed kexec merge hunk glitch (will.deacon)
- added tested-by tags where appropriate from v2 testing
v2:
- fix typo in kexec merge (buildbot)
- flip index order for highmem pte access (lauraa)
- added kgdb updates (dianders)
next reply other threads:[~2014-08-12 18:24 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-12 18:24 Kees Cook [this message]
2014-08-12 18:24 ` [PATCH v3 1/7] arm: use generic fixmap.h Kees Cook
2014-08-12 19:38 ` Kees Cook
2014-08-12 18:24 ` [PATCH v3 2/7] arm: fixmap: implement __set_fixmap() Kees Cook
2014-08-12 18:24 ` [PATCH v3 3/7] arm: use fixmap for text patching when text is RO Kees Cook
2014-08-12 21:39 ` Stephen Boyd
2014-08-12 21:47 ` Kees Cook
2014-08-13 0:27 ` Stephen Boyd
2014-08-13 2:39 ` Kees Cook
2014-08-12 18:24 ` [PATCH v3 4/7] ARM: kexec: Make .text R/W in machine_kexec Kees Cook
2014-08-12 18:24 ` [PATCH v3 5/7] arm: kgdb: Handle read-only text / modules Kees Cook
2014-08-12 19:38 ` Stephen Boyd
2014-08-12 19:40 ` Kees Cook
2014-08-12 18:24 ` [PATCH v3 6/7] ARM: mm: allow non-text sections to be non-executable Kees Cook
2014-08-12 18:24 ` [PATCH v3 7/7] ARM: mm: allow text and rodata sections to be read-only Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1407867869-5194-1-git-send-email-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).