From: Coywolf Qi Hunt <coywolf@gmail.com>
To: "linux-os (Dick Johnson)" <linux-os@analogic.com>
Cc: Coywolf Qi Hunt <coywolf@sosdg.org>,
Linux kernel <linux-kernel@vger.kernel.org>,
Arjan van de Ven <arjan@infradead.org>,
Josh Boyer <jdub@us.ibm.com>,
ak@suse.de, akpm@osdl.org
Subject: Re: [patch] mark text section read-only
Date: Sat, 12 Nov 2005 22:01:27 +0800 [thread overview]
Message-ID: <2cd57c900511120601y3461f4c4i@mail.gmail.com> (raw)
In-Reply-To: <Pine.LNX.4.61.0511111425500.4991@chaos.analogic.com>
2005/11/12, linux-os (Dick Johnson) <linux-os@analogic.com>:
>
> On Fri, 11 Nov 2005, Coywolf Qi Hunt wrote:
>
> > On Sat, Nov 12, 2005 at 02:57:02AM +0800, Coywolf Qi Hunt wrote:
> >> And we could also mark text section read-only and data/stack section
> >> noexec if NX is supported. But I doubt the whole thing would really
> >> help much. Kill the kernel thread? We can't. We only run into a panic.
> >> Anyway I'd attach a quick patch to mark text section read only in the
> >> next mail.
> >>
> >> If it's ok, I'd add Kconfig support. Comments?
> >
> >
> > Signed-off-by: Coywolf Qi Hunt <qiyong@fc-cn.com>
> > ---
> >
> > diff -pruN 2.6.14-mm2/init/main.c 2.6.14-mm2-cy/init/main.c
> > --- 2.6.14-mm2/init/main.c 2005-11-11 22:34:21.000000000 +0800
> > +++ 2.6.14-mm2-cy/init/main.c 2005-11-12 02:50:45.000000000 +0800
> > @@ -660,6 +660,18 @@ static inline void fixup_cpu_present_map
> > #endif
> > }
> >
> > +void mark_text_ro(void)
> > +{
> > + unsigned long addr = (unsigned long)&_text;
> > +
> > + for (; addr < (unsigned long)&_etext; addr += PAGE_SIZE)
> > + change_page_attr(virt_to_page(addr), 1, PAGE_KERNEL_RO);
> > +
> > + printk ("Write protecting the kernel text data: %luk\n",
> > + (unsigned long)(_etext - _text) >> 10);
> > + global_flush_tlb();
> > +}
> > +
> > static int init(void * unused)
> > {
> > lock_kernel();
> > @@ -716,6 +728,7 @@ static int init(void * unused)
> > */
> > free_initmem();
> > unlock_kernel();
> > + mark_text_ro();
> > mark_rodata_ro();
> > system_state = SYSTEM_RUNNING;
> > numa_default_policy();
> > -
>
>
> Assuming ix86, what is read-only? Certainly the text section needs
> to be marked execute!
>
> So is it:
> Execute-Only
> Execute-Only, accessed
> Execute/Read
> Execute/Read, accessed
> Execute-only, conforming
> Execute-only, conforming, accessed
> Execute/Read-Only, conforming
> Execute/Read-Only, conforming, accessed.
> (all from page 5-12 of ix484 programmer's reference)
>
> ????
>
> You need to WRITE to the text segment to be able to load executables
> (modules) and kernel threads. The user-mode code, children of `init`
> need to have writable .text segments to be able to exec().
Ah, thanks, Mr Wrong.
>
> Cheers,
> Dick Johnson
> Penguin : Linux version 2.6.13.4 on an i686 machine (5589.48 BogoMips).
> Warning : 98.36% of all statistics are fiction.
> .
>
> ****************************************************************
> The information transmitted in this message is confidential and may be privileged. Any review, retransmission, dissemination, or other use of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please notify Analogic Corporation immediately - by replying to this message or by sending an email to DeliveryErrors@analogic.com - and destroy all copies of this information, including any attachments, without reading or disclosing them.
>
> Thank you.
>
--
Coywolf Qi Hunt
http://sosdg.org/~coywolf/
next prev parent reply other threads:[~2005-11-12 14:01 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-07 10:56 [patch 01/02] Debug option to write-protect rodata: change_page_attr fixes arjan
2005-11-07 10:58 ` [patch 02/02] Debug option to write-protect rodata: the write protect logic and config option arjan
2005-11-07 14:06 ` Josh Boyer
2005-11-07 14:20 ` Arjan van de Ven
2005-11-11 9:39 ` Coywolf Qi Hunt
2005-11-11 9:47 ` Arjan van de Ven
2005-11-11 18:57 ` Coywolf Qi Hunt
2005-11-11 19:04 ` [patch] mark text section read-only Coywolf Qi Hunt
2005-11-11 19:09 ` Arjan van de Ven
2005-11-11 19:34 ` linux-os (Dick Johnson)
2005-11-12 14:01 ` Coywolf Qi Hunt [this message]
2005-11-11 21:43 ` Andi Kleen
2005-11-11 23:30 ` Nikita Danilov
2005-11-12 17:26 ` Andi Kleen
2005-11-12 14:32 ` Coywolf Qi Hunt
2005-11-12 16:34 ` Coywolf Qi Hunt
2005-11-13 4:50 ` Keith Owens
2005-11-14 13:34 ` Linh Dang
[not found] <56cTZ-2PF-5@gated-at.bofh.it>
[not found] ` <56cTZ-2PF-3@gated-at.bofh.it>
[not found] ` <56fRE-7wr-21@gated-at.bofh.it>
[not found] ` <56gaT-7Un-17@gated-at.bofh.it>
[not found] ` <57DHW-jb-21@gated-at.bofh.it>
[not found] ` <57DHW-jb-19@gated-at.bofh.it>
[not found] ` <57Mia-4BG-5@gated-at.bofh.it>
[not found] ` <57MrY-50s-39@gated-at.bofh.it>
2005-11-11 23:03 ` Bodo Eggert
2005-11-12 4:42 ` Coywolf Qi Hunt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2cd57c900511120601y3461f4c4i@mail.gmail.com \
--to=coywolf@gmail.com \
--cc=ak@suse.de \
--cc=akpm@osdl.org \
--cc=arjan@infradead.org \
--cc=coywolf@sosdg.org \
--cc=jdub@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-os@analogic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox