From: Kees Cook <keescook@chromium.org>
To: Kevin Hilman <khilman@kernel.org>
Cc: info@kernelci.org,
Russell King - ARM Linux <linux@arm.linux.org.uk>,
Laura Abbott <labbott@fedoraproject.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
LKML <linux-kernel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>, Laura Abbott <labbott@redhat.com>,
Shuah Khan <shuahkh@osg.samsung.com>,
Tyler Baker <tyler.baker@linaro.org>
Subject: Re: [PATCH] arm: Use kernel mm when updating section permissions
Date: Fri, 6 Nov 2015 12:28:58 -0800 [thread overview]
Message-ID: <CAGXu5j+U-Q2R1Hw4qSPpFUKz3xyYrASGc5buMJTSy0K-3mWHBA@mail.gmail.com> (raw)
In-Reply-To: <CAMAWPa9XvdS+dF78c7Fgs4ekRy7wVnfFT=0A5NLpu0UYaqV7fA@mail.gmail.com>
On Fri, Nov 6, 2015 at 12:11 PM, Kevin Hilman <khilman@kernel.org> wrote:
> On Fri, Nov 6, 2015 at 11:12 AM, Kees Cook <keescook@chromium.org> wrote:
>
> [...]
>
>> Hi Kevin and Kernel CI folks,
>>
>> Could lkdtm get added to the kernel-CI workflows? Extracting and
>> validating Oops details when poking lkdtm would be extremely valuable
>> for these cases. :)
>
> Yeah, we can add that.
>
> What arches should we expect this to be working on? For starters
This is a great question. ;) They're a mix of CONFIG and hardware
feature specific, so probably they should be run on all architectures
and we can figure out what's missing in each case.
Everything built with CONFIG_DEBUG_RODATA should pass these:
WRITE_RO
WRITE_KERN
EXEC_DATA
EXEC_STACK
EXEC_KMALLOC
EXEC_VMALLOC
But architectures without CONFIG_DEBUG_RODATA should be shamed. ;)
Passing EXEC_USERSPACE requires SMEP on x86, and PXN on arm64.
Passing ACCESS_USERSPACE rquires SMAP on x86, and PAN on arm64.
The recent PAN emulation CONFIG_CPU_SW_DOMAIN_PAN on non-LPAE arm
should cover ACCESS_USERSPACE too, and maybe EXEC_USERSPACE, but I
haven't taken a close look.
It might be useful, frankly, to test everything in lkdtm.
> we'll get builds going with CONFIG_LKDTM=y, and then start looking at
> adding the tests on arches that should work.
>
> Thes will be an interesting failure modes to catch because a kernel
> panic is actually a PASS, and a failure to panic is a FAIL. :)
Yup! :) And extracting the Oops message can become important too. As
recently shown with CONFIG_CPU_SW_DOMAIN_PAN, the test was wrong, and
the Oops showed it:
http://www.gossamer-threads.com/lists/linux/kernel/2293320
Thanks for looking into it!
-Kees
--
Kees Cook
Chrome OS Security
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Kevin Hilman <khilman@kernel.org>
Cc: info@kernelci.org,
Russell King - ARM Linux <linux@arm.linux.org.uk>,
Laura Abbott <labbott@fedoraproject.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
LKML <linux-kernel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>, Laura Abbott <labbott@redhat.com>,
Shuah Khan <shuahkh@osg.samsung.com>,
Tyler Baker <tyler.baker@linaro.org>
Subject: Re: [PATCH] arm: Use kernel mm when updating section permissions
Date: Fri, 6 Nov 2015 12:28:58 -0800 [thread overview]
Message-ID: <CAGXu5j+U-Q2R1Hw4qSPpFUKz3xyYrASGc5buMJTSy0K-3mWHBA@mail.gmail.com> (raw)
In-Reply-To: <CAMAWPa9XvdS+dF78c7Fgs4ekRy7wVnfFT=0A5NLpu0UYaqV7fA@mail.gmail.com>
On Fri, Nov 6, 2015 at 12:11 PM, Kevin Hilman <khilman@kernel.org> wrote:
> On Fri, Nov 6, 2015 at 11:12 AM, Kees Cook <keescook@chromium.org> wrote:
>
> [...]
>
>> Hi Kevin and Kernel CI folks,
>>
>> Could lkdtm get added to the kernel-CI workflows? Extracting and
>> validating Oops details when poking lkdtm would be extremely valuable
>> for these cases. :)
>
> Yeah, we can add that.
>
> What arches should we expect this to be working on? For starters
This is a great question. ;) They're a mix of CONFIG and hardware
feature specific, so probably they should be run on all architectures
and we can figure out what's missing in each case.
Everything built with CONFIG_DEBUG_RODATA should pass these:
WRITE_RO
WRITE_KERN
EXEC_DATA
EXEC_STACK
EXEC_KMALLOC
EXEC_VMALLOC
But architectures without CONFIG_DEBUG_RODATA should be shamed. ;)
Passing EXEC_USERSPACE requires SMEP on x86, and PXN on arm64.
Passing ACCESS_USERSPACE rquires SMAP on x86, and PAN on arm64.
The recent PAN emulation CONFIG_CPU_SW_DOMAIN_PAN on non-LPAE arm
should cover ACCESS_USERSPACE too, and maybe EXEC_USERSPACE, but I
haven't taken a close look.
It might be useful, frankly, to test everything in lkdtm.
> we'll get builds going with CONFIG_LKDTM=y, and then start looking at
> adding the tests on arches that should work.
>
> Thes will be an interesting failure modes to catch because a kernel
> panic is actually a PASS, and a failure to panic is a FAIL. :)
Yup! :) And extracting the Oops message can become important too. As
recently shown with CONFIG_CPU_SW_DOMAIN_PAN, the test was wrong, and
the Oops showed it:
http://www.gossamer-threads.com/lists/linux/kernel/2293320
Thanks for looking into it!
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: keescook@chromium.org (Kees Cook)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm: Use kernel mm when updating section permissions
Date: Fri, 6 Nov 2015 12:28:58 -0800 [thread overview]
Message-ID: <CAGXu5j+U-Q2R1Hw4qSPpFUKz3xyYrASGc5buMJTSy0K-3mWHBA@mail.gmail.com> (raw)
In-Reply-To: <CAMAWPa9XvdS+dF78c7Fgs4ekRy7wVnfFT=0A5NLpu0UYaqV7fA@mail.gmail.com>
On Fri, Nov 6, 2015 at 12:11 PM, Kevin Hilman <khilman@kernel.org> wrote:
> On Fri, Nov 6, 2015 at 11:12 AM, Kees Cook <keescook@chromium.org> wrote:
>
> [...]
>
>> Hi Kevin and Kernel CI folks,
>>
>> Could lkdtm get added to the kernel-CI workflows? Extracting and
>> validating Oops details when poking lkdtm would be extremely valuable
>> for these cases. :)
>
> Yeah, we can add that.
>
> What arches should we expect this to be working on? For starters
This is a great question. ;) They're a mix of CONFIG and hardware
feature specific, so probably they should be run on all architectures
and we can figure out what's missing in each case.
Everything built with CONFIG_DEBUG_RODATA should pass these:
WRITE_RO
WRITE_KERN
EXEC_DATA
EXEC_STACK
EXEC_KMALLOC
EXEC_VMALLOC
But architectures without CONFIG_DEBUG_RODATA should be shamed. ;)
Passing EXEC_USERSPACE requires SMEP on x86, and PXN on arm64.
Passing ACCESS_USERSPACE rquires SMAP on x86, and PAN on arm64.
The recent PAN emulation CONFIG_CPU_SW_DOMAIN_PAN on non-LPAE arm
should cover ACCESS_USERSPACE too, and maybe EXEC_USERSPACE, but I
haven't taken a close look.
It might be useful, frankly, to test everything in lkdtm.
> we'll get builds going with CONFIG_LKDTM=y, and then start looking at
> adding the tests on arches that should work.
>
> Thes will be an interesting failure modes to catch because a kernel
> panic is actually a PASS, and a failure to panic is a FAIL. :)
Yup! :) And extracting the Oops message can become important too. As
recently shown with CONFIG_CPU_SW_DOMAIN_PAN, the test was wrong, and
the Oops showed it:
http://www.gossamer-threads.com/lists/linux/kernel/2293320
Thanks for looking into it!
-Kees
--
Kees Cook
Chrome OS Security
next prev parent reply other threads:[~2015-11-06 20:29 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-05 1:00 [PATCH] arm: Use kernel mm when updating section permissions Laura Abbott
2015-11-05 1:00 ` Laura Abbott
2015-11-05 1:00 ` Laura Abbott
2015-11-05 1:06 ` Kees Cook
2015-11-05 1:06 ` Kees Cook
2015-11-05 1:06 ` Kees Cook
2015-11-05 1:13 ` Kees Cook
2015-11-05 1:13 ` Kees Cook
2015-11-05 1:13 ` Kees Cook
2015-11-05 9:46 ` Russell King - ARM Linux
2015-11-05 9:46 ` Russell King - ARM Linux
2015-11-05 9:46 ` Russell King - ARM Linux
2015-11-05 16:20 ` Laura Abbott
2015-11-05 16:20 ` Laura Abbott
2015-11-05 16:20 ` Laura Abbott
2015-11-05 16:27 ` Russell King - ARM Linux
2015-11-05 16:27 ` Russell King - ARM Linux
2015-11-05 16:27 ` Russell King - ARM Linux
2015-11-06 1:05 ` Laura Abbott
2015-11-06 1:05 ` Laura Abbott
2015-11-06 1:05 ` Laura Abbott
2015-11-06 1:15 ` Kees Cook
2015-11-06 1:15 ` Kees Cook
2015-11-06 1:15 ` Kees Cook
2015-11-06 18:44 ` Laura Abbott
2015-11-06 18:44 ` Laura Abbott
2015-11-06 18:44 ` Laura Abbott
2015-11-06 19:08 ` Kees Cook
2015-11-06 19:08 ` Kees Cook
2015-11-06 19:08 ` Kees Cook
2015-11-06 19:12 ` Kees Cook
2015-11-06 19:12 ` Kees Cook
2015-11-06 19:12 ` Kees Cook
2015-11-06 20:11 ` Kevin Hilman
2015-11-06 20:11 ` Kevin Hilman
2015-11-06 20:11 ` Kevin Hilman
2015-11-06 20:28 ` Kees Cook [this message]
2015-11-06 20:28 ` Kees Cook
2015-11-06 20:28 ` Kees Cook
2015-11-06 21:06 ` Kevin Hilman
2015-11-06 21:06 ` Kevin Hilman
2015-11-06 21:06 ` Kevin Hilman
2015-11-06 21:19 ` Kees Cook
2015-11-06 21:19 ` Kees Cook
2015-11-06 21:19 ` Kees Cook
2015-11-06 22:37 ` Kevin Hilman
2015-11-06 22:37 ` Kevin Hilman
2015-11-06 22:37 ` Kevin Hilman
2015-11-06 23:05 ` Kevin Hilman
2015-11-06 23:05 ` Kevin Hilman
2015-11-06 23:05 ` Kevin Hilman
2015-11-06 23:47 ` Kees Cook
2015-11-06 23:47 ` Kees Cook
2015-11-06 23:47 ` Kees Cook
2015-11-06 20:46 ` Russell King - ARM Linux
2015-11-06 20:46 ` Russell King - ARM Linux
2015-11-06 20:46 ` Russell King - ARM Linux
2015-11-06 23:41 ` Laura Abbott
2015-11-06 23:41 ` Laura Abbott
2015-11-06 23:41 ` Laura Abbott
2015-11-06 23:49 ` Kees Cook
2015-11-06 23:49 ` Kees Cook
2015-11-06 23:49 ` Kees Cook
2015-11-07 0:20 ` Laura Abbott
2015-11-07 0:20 ` Laura Abbott
2015-11-07 0:20 ` Laura Abbott
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGXu5j+U-Q2R1Hw4qSPpFUKz3xyYrASGc5buMJTSy0K-3mWHBA@mail.gmail.com \
--to=keescook@chromium.org \
--cc=catalin.marinas@arm.com \
--cc=info@kernelci.org \
--cc=khilman@kernel.org \
--cc=labbott@fedoraproject.org \
--cc=labbott@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@arm.linux.org.uk \
--cc=shuahkh@osg.samsung.com \
--cc=tyler.baker@linaro.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.