Kernel-hardening archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc
@ 2019-10-14  5:13 Russell Currey
  2019-10-14  5:13 ` [PATCH v4 1/4] powerpc/mm: Implement set_memory() routines Russell Currey
                   ` (4 more replies)
  0 siblings, 5 replies; 8+ messages in thread
From: Russell Currey @ 2019-10-14  5:13 UTC (permalink / raw)
  To: linuxppc-dev
  Cc: Russell Currey, christophe.leroy, joel, mpe, ajd, dja, npiggin,
	kernel-hardening

v3 cover letter here:
https://lists.ozlabs.org/pipermail/linuxppc-dev/2019-October/198023.html

Only minimal changes since then:

- patch 2/4 commit message update thanks to Andrew Donnellan
- patch 3/4 made neater thanks to Christophe Leroy
- patch 3/4 updated Kconfig description thanks to Daniel Axtens

Russell Currey (4):
  powerpc/mm: Implement set_memory() routines
  powerpc/kprobes: Mark newly allocated probes as RO
  powerpc/mm/ptdump: debugfs handler for W+X checks at runtime
  powerpc: Enable STRICT_MODULE_RWX

 arch/powerpc/Kconfig                   |  2 +
 arch/powerpc/Kconfig.debug             |  6 ++-
 arch/powerpc/configs/skiroot_defconfig |  1 +
 arch/powerpc/include/asm/set_memory.h  | 32 ++++++++++++++
 arch/powerpc/kernel/kprobes.c          |  3 ++
 arch/powerpc/mm/Makefile               |  1 +
 arch/powerpc/mm/pageattr.c             | 60 ++++++++++++++++++++++++++
 arch/powerpc/mm/ptdump/ptdump.c        | 21 ++++++++-
 8 files changed, 123 insertions(+), 3 deletions(-)
 create mode 100644 arch/powerpc/include/asm/set_memory.h
 create mode 100644 arch/powerpc/mm/pageattr.c

-- 
2.23.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH v4 1/4] powerpc/mm: Implement set_memory() routines
  2019-10-14  5:13 [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc Russell Currey
@ 2019-10-14  5:13 ` Russell Currey
  2019-10-14  5:13 ` [PATCH v4 2/4] powerpc/kprobes: Mark newly allocated probes as RO Russell Currey
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 8+ messages in thread
From: Russell Currey @ 2019-10-14  5:13 UTC (permalink / raw)
  To: linuxppc-dev
  Cc: Russell Currey, christophe.leroy, joel, mpe, ajd, dja, npiggin,
	kernel-hardening

The set_memory_{ro/rw/nx/x}() functions are required for STRICT_MODULE_RWX,
and are generally useful primitives to have.  This implementation is
designed to be completely generic across powerpc's many MMUs.

It's possible that this could be optimised to be faster for specific
MMUs, but the focus is on having a generic and safe implementation for
now.

Signed-off-by: Russell Currey <ruscur@russell.cc>
---
 arch/powerpc/Kconfig                  |  1 +
 arch/powerpc/include/asm/set_memory.h | 32 ++++++++++++++
 arch/powerpc/mm/Makefile              |  1 +
 arch/powerpc/mm/pageattr.c            | 60 +++++++++++++++++++++++++++
 4 files changed, 94 insertions(+)
 create mode 100644 arch/powerpc/include/asm/set_memory.h
 create mode 100644 arch/powerpc/mm/pageattr.c

diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 3e56c9c2f16e..8f7005f0d097 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -133,6 +133,7 @@ config PPC
 	select ARCH_HAS_PTE_SPECIAL
 	select ARCH_HAS_MEMBARRIER_CALLBACKS
 	select ARCH_HAS_SCALED_CPUTIME		if VIRT_CPU_ACCOUNTING_NATIVE && PPC_BOOK3S_64
+	select ARCH_HAS_SET_MEMORY
 	select ARCH_HAS_STRICT_KERNEL_RWX	if ((PPC_BOOK3S_64 || PPC32) && !RELOCATABLE && !HIBERNATION)
 	select ARCH_HAS_TICK_BROADCAST		if GENERIC_CLOCKEVENTS_BROADCAST
 	select ARCH_HAS_UACCESS_FLUSHCACHE
diff --git a/arch/powerpc/include/asm/set_memory.h b/arch/powerpc/include/asm/set_memory.h
new file mode 100644
index 000000000000..5230ddb2fefd
--- /dev/null
+++ b/arch/powerpc/include/asm/set_memory.h
@@ -0,0 +1,32 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_POWERPC_SET_MEMORY_H
+#define _ASM_POWERPC_SET_MEMORY_H
+
+#define SET_MEMORY_RO	1
+#define SET_MEMORY_RW	2
+#define SET_MEMORY_NX	3
+#define SET_MEMORY_X	4
+
+int change_memory_attr(unsigned long addr, int numpages, int action);
+
+static inline int set_memory_ro(unsigned long addr, int numpages)
+{
+	return change_memory_attr(addr, numpages, SET_MEMORY_RO);
+}
+
+static inline int set_memory_rw(unsigned long addr, int numpages)
+{
+	return change_memory_attr(addr, numpages, SET_MEMORY_RW);
+}
+
+static inline int set_memory_nx(unsigned long addr, int numpages)
+{
+	return change_memory_attr(addr, numpages, SET_MEMORY_NX);
+}
+
+static inline int set_memory_x(unsigned long addr, int numpages)
+{
+	return change_memory_attr(addr, numpages, SET_MEMORY_X);
+}
+
+#endif
diff --git a/arch/powerpc/mm/Makefile b/arch/powerpc/mm/Makefile
index 5e147986400d..d0a0bcbc9289 100644
--- a/arch/powerpc/mm/Makefile
+++ b/arch/powerpc/mm/Makefile
@@ -20,3 +20,4 @@ obj-$(CONFIG_HIGHMEM)		+= highmem.o
 obj-$(CONFIG_PPC_COPRO_BASE)	+= copro_fault.o
 obj-$(CONFIG_PPC_PTDUMP)	+= ptdump/
 obj-$(CONFIG_KASAN)		+= kasan/
+obj-$(CONFIG_ARCH_HAS_SET_MEMORY) += pageattr.o
diff --git a/arch/powerpc/mm/pageattr.c b/arch/powerpc/mm/pageattr.c
new file mode 100644
index 000000000000..fe3ecbfb8e10
--- /dev/null
+++ b/arch/powerpc/mm/pageattr.c
@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: GPL-2.0
+
+/*
+ * MMU-generic set_memory implementation for powerpc
+ *
+ * Author: Russell Currey <ruscur@russell.cc>
+ *
+ * Copyright 2019, IBM Corporation.
+ */
+
+#include <linux/mm.h>
+#include <linux/set_memory.h>
+
+#include <asm/mmu.h>
+#include <asm/page.h>
+#include <asm/pgtable.h>
+
+static int change_page_attr(pte_t *ptep, unsigned long addr, void *data)
+{
+	int action = *((int *)data);
+	pte_t pte_val;
+
+	// invalidate the PTE so it's safe to modify
+	pte_val = ptep_get_and_clear(&init_mm, addr, ptep);
+	flush_tlb_kernel_range(addr, addr + PAGE_SIZE);
+
+	// modify the PTE bits as desired, then apply
+	switch (action) {
+	case SET_MEMORY_RO:
+		pte_val = pte_wrprotect(pte_val);
+		break;
+	case SET_MEMORY_RW:
+		pte_val = pte_mkwrite(pte_val);
+		break;
+	case SET_MEMORY_NX:
+		pte_val = pte_exprotect(pte_val);
+		break;
+	case SET_MEMORY_X:
+		pte_val = pte_mkexec(pte_val);
+		break;
+	default:
+		WARN_ON(true);
+		return -EINVAL;
+	}
+
+	set_pte_at(&init_mm, addr, ptep, pte_val);
+
+	return 0;
+}
+
+int change_memory_attr(unsigned long addr, int numpages, int action)
+{
+	unsigned long start = ALIGN_DOWN(addr, PAGE_SIZE);
+	unsigned long size = numpages * PAGE_SIZE;
+
+	if (!numpages)
+		return 0;
+
+	return apply_to_page_range(&init_mm, start, size, change_page_attr, &action);
+}
-- 
2.23.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH v4 2/4] powerpc/kprobes: Mark newly allocated probes as RO
  2019-10-14  5:13 [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc Russell Currey
  2019-10-14  5:13 ` [PATCH v4 1/4] powerpc/mm: Implement set_memory() routines Russell Currey
@ 2019-10-14  5:13 ` Russell Currey
  2019-10-14  5:13 ` [PATCH v4 3/4] powerpc/mm/ptdump: debugfs handler for W+X checks at runtime Russell Currey
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 8+ messages in thread
From: Russell Currey @ 2019-10-14  5:13 UTC (permalink / raw)
  To: linuxppc-dev
  Cc: Russell Currey, christophe.leroy, joel, mpe, ajd, dja, npiggin,
	kernel-hardening

With CONFIG_STRICT_KERNEL_RWX=y and CONFIG_KPROBES=y, there will be one
W+X page at boot by default.  This can be tested with
CONFIG_PPC_PTDUMP=y and CONFIG_PPC_DEBUG_WX=y set, and checking the
kernel log during boot.

powerpc doesn't implement its own alloc() for kprobes like other
architectures do, but we couldn't immediately mark RO anyway since we do
a memcpy to the page we allocate later.  After that, nothing should be
allowed to modify the page, and write permissions are removed well
before the kprobe is armed.

Thus mark newly allocated probes as read-only once it's safe to do so.

Signed-off-by: Russell Currey <ruscur@russell.cc>
---
 arch/powerpc/kernel/kprobes.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/powerpc/kernel/kprobes.c b/arch/powerpc/kernel/kprobes.c
index 2d27ec4feee4..2610496de7c7 100644
--- a/arch/powerpc/kernel/kprobes.c
+++ b/arch/powerpc/kernel/kprobes.c
@@ -24,6 +24,7 @@
 #include <asm/sstep.h>
 #include <asm/sections.h>
 #include <linux/uaccess.h>
+#include <linux/set_memory.h>
 
 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
@@ -131,6 +132,8 @@ int arch_prepare_kprobe(struct kprobe *p)
 			(unsigned long)p->ainsn.insn + sizeof(kprobe_opcode_t));
 	}
 
+	set_memory_ro((unsigned long)p->ainsn.insn, 1);
+
 	p->ainsn.boostable = 0;
 	return ret;
 }
-- 
2.23.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH v4 3/4] powerpc/mm/ptdump: debugfs handler for W+X checks at runtime
  2019-10-14  5:13 [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc Russell Currey
  2019-10-14  5:13 ` [PATCH v4 1/4] powerpc/mm: Implement set_memory() routines Russell Currey
  2019-10-14  5:13 ` [PATCH v4 2/4] powerpc/kprobes: Mark newly allocated probes as RO Russell Currey
@ 2019-10-14  5:13 ` Russell Currey
  2019-10-14  5:13 ` [PATCH v4 4/4] powerpc: Enable STRICT_MODULE_RWX Russell Currey
  2019-10-29 23:02 ` [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc Kees Cook
  4 siblings, 0 replies; 8+ messages in thread
From: Russell Currey @ 2019-10-14  5:13 UTC (permalink / raw)
  To: linuxppc-dev
  Cc: Russell Currey, christophe.leroy, joel, mpe, ajd, dja, npiggin,
	kernel-hardening

Very rudimentary, just

	echo 1 > [debugfs]/check_wx_pages

and check the kernel log.  Useful for testing strict module RWX.

Updated the Kconfig entry to reflect this.

Also fixed a typo.

Signed-off-by: Russell Currey <ruscur@russell.cc>
---
 arch/powerpc/Kconfig.debug      |  6 ++++--
 arch/powerpc/mm/ptdump/ptdump.c | 21 ++++++++++++++++++++-
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index c59920920ddc..dcfe83d4c211 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -370,7 +370,7 @@ config PPC_PTDUMP
 	  If you are unsure, say N.
 
 config PPC_DEBUG_WX
-	bool "Warn on W+X mappings at boot"
+	bool "Warn on W+X mappings at boot & enable manual checks at runtime"
 	depends on PPC_PTDUMP
 	help
 	  Generate a warning if any W+X mappings are found at boot.
@@ -384,7 +384,9 @@ config PPC_DEBUG_WX
 	  of other unfixed kernel bugs easier.
 
 	  There is no runtime or memory usage effect of this option
-	  once the kernel has booted up - it's a one time check.
+	  once the kernel has booted up, it only automatically checks once.
+
+	  Enables the "check_wx_pages" debugfs entry for checking at runtime.
 
 	  If in doubt, say "Y".
 
diff --git a/arch/powerpc/mm/ptdump/ptdump.c b/arch/powerpc/mm/ptdump/ptdump.c
index 2f9ddc29c535..b6cba29ae4a0 100644
--- a/arch/powerpc/mm/ptdump/ptdump.c
+++ b/arch/powerpc/mm/ptdump/ptdump.c
@@ -4,7 +4,7 @@
  *
  * This traverses the kernel pagetables and dumps the
  * information about the used sections of memory to
- * /sys/kernel/debug/kernel_pagetables.
+ * /sys/kernel/debug/kernel_page_tables.
  *
  * Derived from the arm64 implementation:
  * Copyright (c) 2014, The Linux Foundation, Laura Abbott.
@@ -409,6 +409,25 @@ void ptdump_check_wx(void)
 	else
 		pr_info("Checked W+X mappings: passed, no W+X pages found\n");
 }
+
+static int check_wx_debugfs_set(void *data, u64 val)
+{
+	if (val != 1ULL)
+		return -EINVAL;
+
+	ptdump_check_wx();
+
+	return 0;
+}
+
+DEFINE_SIMPLE_ATTRIBUTE(check_wx_fops, NULL, check_wx_debugfs_set, "%llu\n");
+
+static int ptdump_check_wx_init(void)
+{
+	return debugfs_create_file("check_wx_pages", 0200, NULL,
+				   NULL, &check_wx_fops) ? 0 : -ENOMEM;
+}
+device_initcall(ptdump_check_wx_init);
 #endif
 
 static int ptdump_init(void)
-- 
2.23.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH v4 4/4] powerpc: Enable STRICT_MODULE_RWX
  2019-10-14  5:13 [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc Russell Currey
                   ` (2 preceding siblings ...)
  2019-10-14  5:13 ` [PATCH v4 3/4] powerpc/mm/ptdump: debugfs handler for W+X checks at runtime Russell Currey
@ 2019-10-14  5:13 ` Russell Currey
  2019-10-29 23:02 ` [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc Kees Cook
  4 siblings, 0 replies; 8+ messages in thread
From: Russell Currey @ 2019-10-14  5:13 UTC (permalink / raw)
  To: linuxppc-dev
  Cc: Russell Currey, christophe.leroy, joel, mpe, ajd, dja, npiggin,
	kernel-hardening

Whether STRICT_MODULE_RWX is enabled by default depends on powerpc
platform - in arch/Kconfig, STRICT_MODULE_RWX depends on
ARCH_OPTIONAL_KERNEL_RWX, which in arch/powerpc/Kconfig is selected if
ARCH_HAS_STRICT_KERNEL_RWX is selected, which is only true with
CONFIG_RELOCATABLE *disabled*.

defconfigs like skiroot_defconfig which turn STRICT_KERNEL_RWX on when
it is not already on by default also do NOT enable STRICT_MODULE_RWX
automatically, so it is explicitly enabled there in this patch.

Thus, on by default for ppc32 only.  Module RWX doesn't provide a whole
lot of value with Kernel RWX off, but it doesn't hurt, either.  The next
step is to make STRICT_KERNEL_RWX compatible with RELOCATABLE so it can
be on by default.

Tested-by: Daniel Axtens <dja@axtens.net> # e6500
Signed-off-by: Russell Currey <ruscur@russell.cc>
---
 arch/powerpc/Kconfig                   | 1 +
 arch/powerpc/configs/skiroot_defconfig | 1 +
 2 files changed, 2 insertions(+)

diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 8f7005f0d097..212c4d02be40 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -135,6 +135,7 @@ config PPC
 	select ARCH_HAS_SCALED_CPUTIME		if VIRT_CPU_ACCOUNTING_NATIVE && PPC_BOOK3S_64
 	select ARCH_HAS_SET_MEMORY
 	select ARCH_HAS_STRICT_KERNEL_RWX	if ((PPC_BOOK3S_64 || PPC32) && !RELOCATABLE && !HIBERNATION)
+	select ARCH_HAS_STRICT_MODULE_RWX
 	select ARCH_HAS_TICK_BROADCAST		if GENERIC_CLOCKEVENTS_BROADCAST
 	select ARCH_HAS_UACCESS_FLUSHCACHE
 	select ARCH_HAS_UACCESS_MCSAFE		if PPC64
diff --git a/arch/powerpc/configs/skiroot_defconfig b/arch/powerpc/configs/skiroot_defconfig
index 1253482a67c0..719d899081b3 100644
--- a/arch/powerpc/configs/skiroot_defconfig
+++ b/arch/powerpc/configs/skiroot_defconfig
@@ -31,6 +31,7 @@ CONFIG_PERF_EVENTS=y
 CONFIG_SLAB_FREELIST_HARDENED=y
 CONFIG_JUMP_LABEL=y
 CONFIG_STRICT_KERNEL_RWX=y
+CONFIG_STRICT_MODULE_RWX=y
 CONFIG_MODULES=y
 CONFIG_MODULE_UNLOAD=y
 CONFIG_MODULE_SIG=y
-- 
2.23.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc
  2019-10-14  5:13 [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc Russell Currey
                   ` (3 preceding siblings ...)
  2019-10-14  5:13 ` [PATCH v4 4/4] powerpc: Enable STRICT_MODULE_RWX Russell Currey
@ 2019-10-29 23:02 ` Kees Cook
  2019-10-30  0:16   ` Michael Ellerman
  4 siblings, 1 reply; 8+ messages in thread
From: Kees Cook @ 2019-10-29 23:02 UTC (permalink / raw)
  To: Russell Currey
  Cc: linuxppc-dev, christophe.leroy, joel, mpe, ajd, dja, npiggin,
	kernel-hardening

On Mon, Oct 14, 2019 at 04:13:16PM +1100, Russell Currey wrote:
> v3 cover letter here:
> https://lists.ozlabs.org/pipermail/linuxppc-dev/2019-October/198023.html
> 
> Only minimal changes since then:
> 
> - patch 2/4 commit message update thanks to Andrew Donnellan
> - patch 3/4 made neater thanks to Christophe Leroy
> - patch 3/4 updated Kconfig description thanks to Daniel Axtens

I continue to be excited about this work. :) Is there anything holding
it back from landing in linux-next?

-Kees

> 
> Russell Currey (4):
>   powerpc/mm: Implement set_memory() routines
>   powerpc/kprobes: Mark newly allocated probes as RO
>   powerpc/mm/ptdump: debugfs handler for W+X checks at runtime
>   powerpc: Enable STRICT_MODULE_RWX
> 
>  arch/powerpc/Kconfig                   |  2 +
>  arch/powerpc/Kconfig.debug             |  6 ++-
>  arch/powerpc/configs/skiroot_defconfig |  1 +
>  arch/powerpc/include/asm/set_memory.h  | 32 ++++++++++++++
>  arch/powerpc/kernel/kprobes.c          |  3 ++
>  arch/powerpc/mm/Makefile               |  1 +
>  arch/powerpc/mm/pageattr.c             | 60 ++++++++++++++++++++++++++
>  arch/powerpc/mm/ptdump/ptdump.c        | 21 ++++++++-
>  8 files changed, 123 insertions(+), 3 deletions(-)
>  create mode 100644 arch/powerpc/include/asm/set_memory.h
>  create mode 100644 arch/powerpc/mm/pageattr.c
> 
> -- 
> 2.23.0
> 

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc
  2019-10-29 23:02 ` [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc Kees Cook
@ 2019-10-30  0:16   ` Michael Ellerman
  2019-10-30 18:43     ` Kees Cook
  0 siblings, 1 reply; 8+ messages in thread
From: Michael Ellerman @ 2019-10-30  0:16 UTC (permalink / raw)
  To: Kees Cook, Russell Currey
  Cc: linuxppc-dev, christophe.leroy, joel, ajd, dja, npiggin,
	kernel-hardening

Kees Cook <keescook@chromium.org> writes:
> On Mon, Oct 14, 2019 at 04:13:16PM +1100, Russell Currey wrote:
>> v3 cover letter here:
>> https://lists.ozlabs.org/pipermail/linuxppc-dev/2019-October/198023.html
>> 
>> Only minimal changes since then:
>> 
>> - patch 2/4 commit message update thanks to Andrew Donnellan
>> - patch 3/4 made neater thanks to Christophe Leroy
>> - patch 3/4 updated Kconfig description thanks to Daniel Axtens
>
> I continue to be excited about this work. :) Is there anything holding
> it back from landing in linux-next?

I had some concerns, which I stupidly posted in reply to v3:

  https://lore.kernel.org/linuxppc-dev/87pnio5fva.fsf@mpe.ellerman.id.au/

cheers

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc
  2019-10-30  0:16   ` Michael Ellerman
@ 2019-10-30 18:43     ` Kees Cook
  0 siblings, 0 replies; 8+ messages in thread
From: Kees Cook @ 2019-10-30 18:43 UTC (permalink / raw)
  To: Michael Ellerman
  Cc: Russell Currey, linuxppc-dev, christophe.leroy, joel, ajd, dja,
	npiggin, kernel-hardening

On Wed, Oct 30, 2019 at 11:16:22AM +1100, Michael Ellerman wrote:
> Kees Cook <keescook@chromium.org> writes:
> > On Mon, Oct 14, 2019 at 04:13:16PM +1100, Russell Currey wrote:
> >> v3 cover letter here:
> >> https://lists.ozlabs.org/pipermail/linuxppc-dev/2019-October/198023.html
> >> 
> >> Only minimal changes since then:
> >> 
> >> - patch 2/4 commit message update thanks to Andrew Donnellan
> >> - patch 3/4 made neater thanks to Christophe Leroy
> >> - patch 3/4 updated Kconfig description thanks to Daniel Axtens
> >
> > I continue to be excited about this work. :) Is there anything holding
> > it back from landing in linux-next?
> 
> I had some concerns, which I stupidly posted in reply to v3:
> 
>   https://lore.kernel.org/linuxppc-dev/87pnio5fva.fsf@mpe.ellerman.id.au/

Ah-ha! Thanks; I missed that. :)

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, back to index

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-14  5:13 [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc Russell Currey
2019-10-14  5:13 ` [PATCH v4 1/4] powerpc/mm: Implement set_memory() routines Russell Currey
2019-10-14  5:13 ` [PATCH v4 2/4] powerpc/kprobes: Mark newly allocated probes as RO Russell Currey
2019-10-14  5:13 ` [PATCH v4 3/4] powerpc/mm/ptdump: debugfs handler for W+X checks at runtime Russell Currey
2019-10-14  5:13 ` [PATCH v4 4/4] powerpc: Enable STRICT_MODULE_RWX Russell Currey
2019-10-29 23:02 ` [PATCH v4 0/4] Implement STRICT_MODULE_RWX for powerpc Kees Cook
2019-10-30  0:16   ` Michael Ellerman
2019-10-30 18:43     ` Kees Cook

Kernel-hardening archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernel-hardening/0 kernel-hardening/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernel-hardening kernel-hardening/ https://lore.kernel.org/kernel-hardening \
		kernel-hardening@lists.openwall.com
	public-inbox-index kernel-hardening

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.openwall.lists.kernel-hardening


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git