From: lauraa@codeaurora.org (Laura Abbott)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCHv5 0/7] Better page protections for arm64
Date: Wed, 19 Nov 2014 14:37:54 -0800 [thread overview]
Message-ID: <546D1BC2.3050503@codeaurora.org> (raw)
In-Reply-To: <CAGXu5jKBkuUde7DK2NdFTycJkB=9Dyou+b2oo0aC-y85XN_Kng@mail.gmail.com>
On 11/19/2014 2:33 PM, Kees Cook wrote:
> On Mon, Nov 17, 2014 at 4:54 PM, Laura Abbott <lauraa@codeaurora.org> wrote:
>> Hi,
>>
>> This is v5 of the series to add stricter page protections for arm64.
>> The goal is to have text be RO/NX and everything else be RW/NX.
>> I finally got my hands on a Juno board so I was able to do more
>> testing with both 4K and 64K pages although I still haven't tested
>> with EFI. This is based off of 3.18-rc5.
>>
>> Thanks,
>> Laura
>>
>> Laura Abbott (7):
>> arm64: Treat handle_arch_irq as a function pointer
>> arm64: Switch to adrp for loading the stub vectors
>> arm64: Move cpu_resume into the text section
>> arm64: Move some head.text functions to executable section
>> arm64: Factor out fixmap initialiation from ioremap
>> arm64: use fixmap for text patching when text is RO
>> arm64: add better page protections to arm64
>>
>> arch/arm64/Kconfig.debug | 23 ++
>> arch/arm64/include/asm/cacheflush.h | 4 +
>> arch/arm64/include/asm/fixmap.h | 8 +-
>> arch/arm64/include/asm/insn.h | 2 +
>> arch/arm64/include/asm/irq.h | 1 -
>> arch/arm64/kernel/entry.S | 6 +-
>> arch/arm64/kernel/head.S | 409 +++++++++++++++++-----------------
>> arch/arm64/kernel/insn.c | 72 +++++-
>> arch/arm64/kernel/irq.c | 2 +
>> arch/arm64/kernel/jump_label.c | 2 +-
>> arch/arm64/kernel/setup.c | 1 +
>> arch/arm64/kernel/sleep.S | 29 +--
>> arch/arm64/kernel/suspend.c | 4 +-
>> arch/arm64/kernel/vmlinux.lds.S | 21 ++
>> arch/arm64/mm/init.c | 1 +
>> arch/arm64/mm/ioremap.c | 93 +-------
>> arch/arm64/mm/mm.h | 2 +
>> arch/arm64/mm/mmu.c | 429 ++++++++++++++++++++++++++++++++----
>> 18 files changed, 743 insertions(+), 366 deletions(-)
>
> Thanks for working on this series! I've tested this on my aarch64
> hardware, and it worked nicely. :) Consider the whole series as:
>
> Tested-by: Kees Cook <keescook@chromium.org>
>
> Has anyone looked at getting an arm64 version of CONFIG_ARM_PTDUMP
> built? It'd be really nice to be able to check page table layout at a
> glace.
>
Yep, I have a version of that
http://lists.infradead.org/pipermail/linux-arm-kernel/2014-November/303418.html
Testing appreciated as always :)
> In the meantime, with this patch series, the "WRITE_RO" and
> "WRITE_KERN" tests from lkdtm correctly Oops the kernel.
>
> Thanks!
>
> -Kees
>
Thanks,
Laura
--
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
prev parent reply other threads:[~2014-11-19 22:37 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-18 0:54 [PATCHv5 0/7] Better page protections for arm64 Laura Abbott
2014-11-18 0:54 ` [PATCHv5 1/7] arm64: Treat handle_arch_irq as a function pointer Laura Abbott
2014-11-18 0:55 ` [PATCHv5 2/7] arm64: Switch to adrp for loading the stub vectors Laura Abbott
2014-11-18 0:55 ` [PATCHv5 3/7] arm64: Move cpu_resume into the text section Laura Abbott
2014-11-18 10:35 ` Lorenzo Pieralisi
2014-11-18 10:49 ` Mark Rutland
2014-11-18 21:20 ` Laura Abbott
2014-11-18 0:55 ` [PATCHv5 4/7] arm64: Move some head.text functions to executable section Laura Abbott
2014-11-18 11:41 ` Mark Rutland
2014-11-18 21:27 ` Laura Abbott
2014-11-18 0:55 ` [PATCHv5 5/7] arm64: Factor out fixmap initialiation from ioremap Laura Abbott
2014-11-18 0:55 ` [PATCHv5 6/7] arm64: use fixmap for text patching when text is RO Laura Abbott
2014-11-18 0:55 ` [PATCHv5 7/7] arm64: add better page protections to arm64 Laura Abbott
2014-11-19 16:31 ` Mark Rutland
2014-11-19 17:38 ` Ard Biesheuvel
2014-11-19 18:06 ` Ard Biesheuvel
2014-11-19 18:46 ` Mark Rutland
2014-11-19 18:56 ` Ard Biesheuvel
2014-11-19 19:20 ` Laura Abbott
2014-11-21 1:08 ` Laura Abbott
2014-11-20 12:04 ` Steve Capper
2014-11-21 1:02 ` Laura Abbott
2014-11-19 22:33 ` [PATCHv5 0/7] Better page protections for arm64 Kees Cook
2014-11-19 22:37 ` Laura Abbott [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=546D1BC2.3050503@codeaurora.org \
--to=lauraa@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).