From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932514AbcCHIvV (ORCPT <rfc822;w@1wt.eu>);
	Tue, 8 Mar 2016 03:51:21 -0500
Received: from e06smtp16.uk.ibm.com ([195.75.94.112]:55865 "EHLO
	e06smtp16.uk.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753525AbcCHIvN (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 8 Mar 2016 03:51:13 -0500
X-IBM-Helo: d06dlp02.portsmouth.uk.ibm.com
X-IBM-MailFrom: borntraeger@de.ibm.com
X-IBM-RcptTo: linux-arch@vger.kernel.org;linux-kernel@vger.kernel.org;linux-s390@vger.kernel.org
Subject: Re: [RFC][PATCH] s390, postinit-readonly: implement post-init RO
To: Kees Cook <keescook@chromium.org>
References: <20160308002035.GA13606@www.outflux.net>
 <CAGXu5jLu5NFw=7xoJEYcAq7MFwGY1nuB8w-q+NVp2d2zpwRUyQ@mail.gmail.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>,
        Martin Schwidefsky <schwidefsky@de.ibm.com>,
        Ingo Molnar <mingo@kernel.org>, David Brown <david.brown@linaro.org>,
        Andy Lutomirski <luto@amacapital.net>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Mathias Krause <minipli@googlemail.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        "x86@kernel.org" <x86@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
        PaX Team <pageexec@freemail.hu>, Emese Revfy <re.emese@gmail.com>,
        "kernel-hardening@lists.openwall.com" 
	<kernel-hardening@lists.openwall.com>,
        LKML <linux-kernel@vger.kernel.org>,
        linux-arch <linux-arch@vger.kernel.org>,
        linux-s390 <linux-s390@vger.kernel.org>
From: Christian Borntraeger <borntraeger@de.ibm.com>
Message-ID: <56DE9279.6040805@de.ibm.com>
Date: Tue, 8 Mar 2016 09:51:05 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <CAGXu5jLu5NFw=7xoJEYcAq7MFwGY1nuB8w-q+NVp2d2zpwRUyQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16030808-0025-0000-0000-0000094A6580
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 03/08/2016 01:41 AM, Kees Cook wrote:

>> --- a/arch/s390/kernel/vmlinux.lds.S
>> +++ b/arch/s390/kernel/vmlinux.lds.S
>> @@ -52,6 +52,12 @@ SECTIONS
>>
>>         RW_DATA_SECTION(0x100, PAGE_SIZE, THREAD_SIZE)
>>
>> +       . = ALIGN(PAGE_SIZE)


missing ";" ?


With that  and your fixes, this function claims to mark 0kB and 
lkdtm can still write. Reason is that _edata is 0xc11008 and start is
0x0c11000.

making _edata page aligned as well, does now try to mark one page, but then
we run into the next issue, that 

static void change_page_attr(unsigned long addr, int numpages,
                             pte_t (*set) (pte_t))
{
        pte_t *ptep;
        int i;

        for (i = 0; i < numpages; i++) {
                ptep = walk_page_table(addr);

triggers this
                if (WARN_ON_ONCE(!ptep))
                        break;

because the kernel decided to map this with a large page. So we need
to fix this function to then break the large page into a smaller chunk....

Christian