[PATCH v2] powerpc: Default to enabling STRICT_KERNEL_RWX

[PATCH v2] powerpc: Default to enabling STRICT_KERNEL_RWX

[Kees Cook]

When available, CONFIG_KERNEL_RWX should be default-enabled for PPC64.
On PPC32, there is a performance trade-off.

Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Christophe LEROY <christophe.leroy@c-s.fr>
Cc: Balbir Singh <bsingharora@gmail.com>
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
v2:
- depend on PPC64, as noted by Christophe.
---
 arch/powerpc/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 809c468edab1..4315c9b2db4f 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -178,6 +178,7 @@ config PPC
 	select HAVE_ARCH_TRACEHOOK
 	select ARCH_HAS_STRICT_KERNEL_RWX	if ((PPC_BOOK3S_64 || PPC32) && !RELOCATABLE && !HIBERNATION)
 	select ARCH_OPTIONAL_KERNEL_RWX		if ARCH_HAS_STRICT_KERNEL_RWX
+	select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT	if PPC64
 	select HAVE_CBPF_JIT			if !PPC64
 	select HAVE_CONTEXT_TRACKING		if PPC64
 	select HAVE_DEBUG_KMEMLEAK
-- 
2.7.4


-- 
Kees Cook
Pixel Security

Re: [PATCH v2] powerpc: Default to enabling STRICT_KERNEL_RWX

[Balbir Singh]

On Fri, Oct 6, 2017 at 6:03 AM, Kees Cook <keescook@chromium.org> wrote:
> When available, CONFIG_KERNEL_RWX should be default-enabled for PPC64.
> On PPC32, there is a performance trade-off.
>
> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
> Cc: Paul Mackerras <paulus@samba.org>
> Cc: Michael Ellerman <mpe@ellerman.id.au>
> Cc: Christophe LEROY <christophe.leroy@c-s.fr>
> Cc: Balbir Singh <bsingharora@gmail.com>
> Cc: linuxppc-dev@lists.ozlabs.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> v2:
> - depend on PPC64, as noted by Christophe.
> ---
>  arch/powerpc/Kconfig | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
> index 809c468edab1..4315c9b2db4f 100644
> --- a/arch/powerpc/Kconfig
> +++ b/arch/powerpc/Kconfig
> @@ -178,6 +178,7 @@ config PPC
>         select HAVE_ARCH_TRACEHOOK
>         select ARCH_HAS_STRICT_KERNEL_RWX       if ((PPC_BOOK3S_64 || PPC32) && !RELOCATABLE && !HIBERNATION)
>         select ARCH_OPTIONAL_KERNEL_RWX         if ARCH_HAS_STRICT_KERNEL_RWX
> +       select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT if PPC64

We usually have CONFIG_RELOCATABLE on - on most configs. Our STRICT
RWX depends on !RELOCATABLE as you've seen. I have patches to fix
STRICT_KERNEL_RWX on CONFIG_RELOCATABLE

https://patchwork.ozlabs.org/patch/795744/ (I need to rebase this to
use generic helpers we have to convert an mm,addr to pte)
Aside, I also have set_memory_xx at
https://patchwork.ozlabs.org/patch/796183/ (again I need to rebase
them)

I hope to get to them next week, hopefully

Balbir Singh.

Re: [PATCH v2] powerpc: Default to enabling STRICT_KERNEL_RWX

[Michael Ellerman]

Kees Cook <keescook@chromium.org> writes:

> When available, CONFIG_KERNEL_RWX should be default-enabled for PPC64.
> On PPC32, there is a performance trade-off.

Thanks for prodding us. But I think we need some more test cycles on
this before we make it the default.

As Balbir said it's currently not compatible with RELOCATABLE, which
means most folks aren't enabling it.

We also don't have good numbers on what the performance impact is on
64-bit. So although it almost certainly should be the default in future,
I'd still like us to have some idea of what it's costing us.

I'll try and get some perf numbers.

cheers