From: Kees Cook <keescook@chromium.org> To: linux-kernel@vger.kernel.org Cc: Kees Cook <keescook@chromium.org>, Andy Lutomirski <luto@amacapital.net>, "H. Peter Anvin" <hpa@zytor.com>, Michael Ellerman <mpe@ellerman.id.au>, Mathias Krause <minipli@googlemail.com>, Ingo Molnar <mingo@redhat.com>, Thomas Gleixner <tglx@linutronix.de>, x86@kernel.org, Arnd Bergmann <arnd@arndb.de>, PaX Team <pageexec@freemail.hu>, Emese Revfy <re.emese@gmail.com>, kernel-hardening@lists.openwall.com, linux-arch <linux-arch@vger.kernel.org> Subject: [kernel-hardening] [PATCH v2 0/4] introduce post-init read-only memory Date: Wed, 25 Nov 2015 15:31:22 -0800 Message-ID: <1448494286-16029-1-git-send-email-keescook@chromium.org> (raw) One of the easiest ways to protect the kernel from attack is to reduce the internal attack surface exposed when a "write" flaw is available. By making as much of the kernel read-only as possible, we reduce the attack surface. Many things are written to only during __init, and never changed again. These cannot be made "const" since the compiler will do the wrong thing (we do actually need to write to them). Instead, move these items into a memory region that will be made read-only during mark_rodata_ro() which happens after all kernel __init code has finished. This introduces __ro_after_init as a way to mark such memory, and uses it on the x86 vDSO to kill an extant kernel exploitation method. Also adds a new kernel parameter to help debug future use and adds an lkdtm test to check the results. -Kees
next reply index Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2015-11-25 23:31 Kees Cook [this message] 2015-11-25 23:31 ` [kernel-hardening] [PATCH v2 1/4] init: create cmdline param to disable readonly Kees Cook 2015-11-26 0:37 ` [kernel-hardening] " PaX Team 2015-11-26 0:44 ` [kernel-hardening] " Greg KH 2015-11-26 7:51 ` [kernel-hardening] " Ingo Molnar 2015-11-30 21:52 ` Kees Cook 2015-11-30 22:24 ` Russell King - ARM Linux 2015-11-30 22:34 ` Kees Cook 2015-12-01 7:24 ` Ingo Molnar 2015-12-01 7:19 ` Heiko Carstens 2015-11-25 23:31 ` [kernel-hardening] [PATCH v2 2/4] introduce post-init read-only memory Kees Cook 2015-11-26 0:15 ` [kernel-hardening] " PaX Team 2015-11-30 22:24 ` H. Peter Anvin 2015-12-09 19:35 ` Kees Cook 2015-11-25 23:31 ` [kernel-hardening] [PATCH v2 3/4] lkdtm: verify that __ro_after_init works correctly Kees Cook 2015-11-25 23:31 ` [kernel-hardening] [PATCH v2 4/4] x86, vdso: mark vDSO read-only after init Kees Cook
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1448494286-16029-1-git-send-email-keescook@chromium.org \ --to=keescook@chromium.org \ --cc=arnd@arndb.de \ --cc=hpa@zytor.com \ --cc=kernel-hardening@lists.openwall.com \ --cc=linux-arch@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=luto@amacapital.net \ --cc=mingo@redhat.com \ --cc=minipli@googlemail.com \ --cc=mpe@ellerman.id.au \ --cc=pageexec@freemail.hu \ --cc=re.emese@gmail.com \ --cc=tglx@linutronix.de \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Kernel-hardening Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/kernel-hardening/0 kernel-hardening/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 kernel-hardening kernel-hardening/ https://lore.kernel.org/kernel-hardening \ kernel-hardening@lists.openwall.com public-inbox-index kernel-hardening Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/com.openwall.lists.kernel-hardening AGPL code for this site: git clone https://public-inbox.org/public-inbox.git