linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed
From: Michael Ellerman <mpe@ellerman.id.au>
To: Jordan Niethe <jniethe5@gmail.com>, linuxppc-dev@lists.ozlabs.org
Cc: ajd@linux.ibm.com, Kees Cook <keescook@chromium.org>,
	Jordan Niethe <jniethe5@gmail.com>,
	cmr@codefail.de, npiggin@gmail.com, naveen.n.rao@linux.ibm.com,
	dja@axtens.net
Subject: Re: [PATCH v10 06/10] powerpc/mm/ptdump: debugfs handler for W+X checks at runtime
Date: Wed, 31 Mar 2021 22:24:40 +1100	[thread overview]
Message-ID: <87im577eh3.fsf@mpe.ellerman.id.au> (raw)
In-Reply-To: <20210330045132.722243-7-jniethe5@gmail.com>

Jordan Niethe <jniethe5@gmail.com> writes:
> From: Russell Currey <ruscur@russell.cc>
>
> Optionally run W+X checks when dumping pagetable information to
> debugfs' kernel_page_tables.
>
> To use:
>     $ echo 1 > /sys/kernel/debug/check_wx_pages
>     $ cat /sys/kernel/debug/kernel_page_tables
>
> and check the kernel log.  Useful for testing strict module RWX.
>
> To disable W+X checks:
> 	$ echo 0 > /sys/kernel/debug/check_wx_pages
>
> Update the Kconfig entry to reflect this.
>
> Also fix a typo.
>
> Reviewed-by: Kees Cook <keescook@chromium.org>
> Signed-off-by: Russell Currey <ruscur@russell.cc>
> [jpn: Change check_wx_pages to act as mode bit affecting
>       kernel_page_tables instead of triggering action on its own]
> Signed-off-by: Jordan Niethe <jniethe5@gmail.com>
> ---
> v10: check_wx_pages now affects kernel_page_tables rather then triggers
>      its own action.

Hmm. I liked the old version better :)

I think you changed it based on Christophe's comment:

  Why not just perform the test everytime someone dumps kernel_page_tables ?


But I think he meant *always* do the check when someone dumps
kernel_page_tables, not have another file to enable checking and then
require someone to dump kernel_page_tables to do the actual check.

Still I like the previous version where you can do the checks
separately, without having to dump the page tables, because dumping can
sometimes take quite a while.

What would be even better is if ptdump_check_wx() returned an error when
wx pages were found, and that was plumbed out to the debugs file. That
way you can script around it.

cheers

  reply	other threads:[~2021-03-31 11:25 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-30  4:51 [PATCH v10 00/10] powerpc: Further Strict RWX support Jordan Niethe
2021-03-30  4:51 ` [PATCH v10 01/10] powerpc/mm: Implement set_memory() routines Jordan Niethe
2021-03-30  5:16   ` Christophe Leroy
2021-04-21  2:51     ` Jordan Niethe
2021-03-31 11:16   ` Michael Ellerman
2021-03-31 12:03     ` Christophe Leroy
2021-04-21  5:03     ` Jordan Niethe
2021-04-01  4:37   ` Aneesh Kumar K.V
2021-04-21  5:19     ` Jordan Niethe
2021-03-30  4:51 ` [PATCH v10 02/10] powerpc/lib/code-patching: Set up Strict RWX patching earlier Jordan Niethe
2021-03-30  4:51 ` [PATCH v10 03/10] powerpc: Always define MODULES_{VADDR,END} Jordan Niethe
2021-03-30  5:00   ` Christophe Leroy
2021-04-01 13:36   ` Christophe Leroy
2021-04-21  2:46     ` Jordan Niethe
2021-04-21  5:14       ` Christophe Leroy
2021-04-21  5:22         ` Jordan Niethe
2021-03-30  4:51 ` [PATCH v10 04/10] powerpc/kprobes: Mark newly allocated probes as ROX Jordan Niethe
2021-03-30  5:05   ` Christophe Leroy
2021-04-21  2:39     ` Jordan Niethe
2021-03-30  4:51 ` [PATCH v10 05/10] powerpc/bpf: Write protect JIT code Jordan Niethe
2021-03-31 10:37   ` Michael Ellerman
2021-03-31 10:39     ` Christophe Leroy
2021-04-21  2:35     ` Jordan Niethe
2021-04-21  6:51       ` Michael Ellerman
2021-03-30  4:51 ` [PATCH v10 06/10] powerpc/mm/ptdump: debugfs handler for W+X checks at runtime Jordan Niethe
2021-03-31 11:24   ` Michael Ellerman [this message]
2021-04-21  2:23     ` Jordan Niethe
2021-04-21  5:16       ` Christophe Leroy
2021-03-30  4:51 ` [PATCH v10 07/10] powerpc: Set ARCH_HAS_STRICT_MODULE_RWX Jordan Niethe
2021-03-30  4:51 ` [PATCH v10 08/10] powerpc/configs: Enable STRICT_MODULE_RWX in skiroot_defconfig Jordan Niethe
2021-03-30  5:27   ` Christophe Leroy
2021-04-21  2:37     ` Jordan Niethe
2021-03-30  4:51 ` [PATCH v10 09/10] powerpc/mm: implement set_memory_attr() Jordan Niethe
2021-03-30  4:51 ` [PATCH v10 10/10] powerpc/32: use set_memory_attr() Jordan Niethe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87im577eh3.fsf@mpe.ellerman.id.au \
    --to=mpe@ellerman.id.au \
    --cc=ajd@linux.ibm.com \
    --cc=cmr@codefail.de \
    --cc=dja@axtens.net \
    --cc=jniethe5@gmail.com \
    --cc=keescook@chromium.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=naveen.n.rao@linux.ibm.com \
    --cc=npiggin@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).