From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753652AbaHMRia (ORCPT ); Wed, 13 Aug 2014 13:38:30 -0400 Received: from mail-qg0-f49.google.com ([209.85.192.49]:49230 "EHLO mail-qg0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753255AbaHMRi2 (ORCPT ); Wed, 13 Aug 2014 13:38:28 -0400 Date: Wed, 13 Aug 2014 13:38:24 -0400 (EDT) From: Nicolas Pitre To: Kees Cook cc: linux-kernel@vger.kernel.org, Rob Herring , Laura Abbott , Leif Lindholm , Stephen Boyd , Mark Salter , Rabin Vincent , Liu hua , Nikolay Borisov , Tomasz Figa , Doug Anderson , Jason Wessel , Will Deacon , Catalin Marinas , Russell King - ARM Linux , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org Subject: Re: [PATCH v4 0/8] arm: support CONFIG_RODATA In-Reply-To: <1407949593-16121-1-git-send-email-keescook@chromium.org> Message-ID: References: <1407949593-16121-1-git-send-email-keescook@chromium.org> User-Agent: Alpine 2.11 (LFD 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 13 Aug 2014, Kees Cook wrote: > This is a series of patches to support CONFIG_RODATA on ARM, so that > the kernel text is RO, and non-text sections default to NX. To support > on-the-fly kernel text patching (via ftrace, kprobes, etc), fixmap > support has been finalized based on several versions of various patches > that are floating around on the mailing list. This series attempts to > include the least intrusive version, so that others can build on it for > future fixmap work. > > The series has been heavily tested, and appears to be working correctly: > > With CONFIG_ARM_PTDUMP, expected page table permissions are seen in > /sys/kernel/debug/kernel_page_tables. > > Using CONFIG_LKDTM, the kernel now correctly detects bad accesses for > for the following lkdtm tests via /sys/kernel/debug/provoke-crash/DIRECT: > EXEC_DATA > WRITE_RO > WRITE_KERN > > ftrace works: > CONFIG_FTRACE_STARTUP_TEST passes > Enabling tracing works: > echo function > /sys/kernel/debug/tracing/current_tracer > > kprobes works: > CONFIG_ARM_KPROBES_TEST passes > > kexec works: > kexec will load and start a new kernel > > Built with and without CONFIG_HIGHMEM, CONFIG_HIGHMEM_DEBUG, and > CONFIG_NR_CPUS=32. > > Thanks to everyone who has been testing this series and working on its > various pieces! For the whole series: Acked-by: Nicolas Pitre > > -Kees > > v4: > - expanded fixmap to 3MB to support 32 CPUs (robh) > - corrected pmd-finding via vaddr instead of FIXMAP_START (robh) > - switched structure size test to BUILD_BUG_ON (sboyd) > - added locking annotations to keep sparse happy (sboyd) > - adding missing "static" declarations noticed by sparse > - reorganized fixmap portion of patches > > v3: > - more cleanups in switch to generic fixmap (lauraa, robh) > - fixed kexec merge hunk glitch (will.deacon) > - added tested-by tags where appropriate from v2 testing > > v2: > - fix typo in kexec merge (buildbot) > - flip index order for highmem pte access (lauraa) > - added kgdb updates (dianders) > > From mboxrd@z Thu Jan 1 00:00:00 1970 From: nicolas.pitre@linaro.org (Nicolas Pitre) Date: Wed, 13 Aug 2014 13:38:24 -0400 (EDT) Subject: [PATCH v4 0/8] arm: support CONFIG_RODATA In-Reply-To: <1407949593-16121-1-git-send-email-keescook@chromium.org> References: <1407949593-16121-1-git-send-email-keescook@chromium.org> Message-ID: To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org On Wed, 13 Aug 2014, Kees Cook wrote: > This is a series of patches to support CONFIG_RODATA on ARM, so that > the kernel text is RO, and non-text sections default to NX. To support > on-the-fly kernel text patching (via ftrace, kprobes, etc), fixmap > support has been finalized based on several versions of various patches > that are floating around on the mailing list. This series attempts to > include the least intrusive version, so that others can build on it for > future fixmap work. > > The series has been heavily tested, and appears to be working correctly: > > With CONFIG_ARM_PTDUMP, expected page table permissions are seen in > /sys/kernel/debug/kernel_page_tables. > > Using CONFIG_LKDTM, the kernel now correctly detects bad accesses for > for the following lkdtm tests via /sys/kernel/debug/provoke-crash/DIRECT: > EXEC_DATA > WRITE_RO > WRITE_KERN > > ftrace works: > CONFIG_FTRACE_STARTUP_TEST passes > Enabling tracing works: > echo function > /sys/kernel/debug/tracing/current_tracer > > kprobes works: > CONFIG_ARM_KPROBES_TEST passes > > kexec works: > kexec will load and start a new kernel > > Built with and without CONFIG_HIGHMEM, CONFIG_HIGHMEM_DEBUG, and > CONFIG_NR_CPUS=32. > > Thanks to everyone who has been testing this series and working on its > various pieces! For the whole series: Acked-by: Nicolas Pitre > > -Kees > > v4: > - expanded fixmap to 3MB to support 32 CPUs (robh) > - corrected pmd-finding via vaddr instead of FIXMAP_START (robh) > - switched structure size test to BUILD_BUG_ON (sboyd) > - added locking annotations to keep sparse happy (sboyd) > - adding missing "static" declarations noticed by sparse > - reorganized fixmap portion of patches > > v3: > - more cleanups in switch to generic fixmap (lauraa, robh) > - fixed kexec merge hunk glitch (will.deacon) > - added tested-by tags where appropriate from v2 testing > > v2: > - fix typo in kexec merge (buildbot) > - flip index order for highmem pte access (lauraa) > - added kgdb updates (dianders) > >