lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 7 Apr 2017 15:23:19 -0700
From:   Andrew Morton <akpm@...ux-foundation.org>
To:     Kees Cook <keescook@...omium.org>
Cc:     Jessica Yu <jeyu@...hat.com>,
        Rusty Russell <rusty@...tcorp.com.au>,
        LKML <linux-kernel@...r.kernel.org>,
        "kernel-hardening@...ts.openwall.com" 
        <kernel-hardening@...ts.openwall.com>,
        Eddie Kovsky <ewk@...ovsky.org>
Subject: Re: [PATCH v5 0/2] provide check for ro_after_init memory sections

On Fri, 7 Apr 2017 15:15:36 -0700 Kees Cook <keescook@...omium.org> wrote:

> On Fri, Apr 7, 2017 at 3:12 PM, Andrew Morton <akpm@...ux-foundation.org> wrote:
> > On Fri, 7 Apr 2017 14:53:23 -0700 Kees Cook <keescook@...omium.org> wrote:
> >
> >> > Eddie Kovsky (2):
> >> >   module: verify address is read-only
> >> >   extable: verify address is read-only
> >> >
> >> >  include/linux/kernel.h |  2 ++
> >> >  include/linux/module.h | 12 ++++++++++++
> >> >  kernel/extable.c       | 29 +++++++++++++++++++++++++++
> >> >  kernel/module.c        | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++
> >> >  4 files changed, 96 insertions(+)
> >>
> >> Andrew, do you have these in your mailbox (it went to lkml), or should
> >> I resend them directly to you? Since they depend on the
> >> __start_ro_after_init naming fixes in -mm, it seemed like it'd be best
> >> to carry these two patches there. If so, please consider them both:
> >>
> >> Acked-by: Kees Cook <keescook@...omium.org>
> >>
> >> (And, from the thread on the module patch, Jessica has Acked that one too.)
> >
> > Well I grabbed them, but the patches don't actually do anything - they
> > add interfaces with no users.  What's the plan here?
> 
> I'd like to have a way for interfaces (especially the various
> *_register()) to be able to check that a structure is either const or
> __ro_after_init. My expectation is to add those and similar
> sanity-checks now that we can do so.

OK.  But I'd rather sit on the patches until we have working, tested,
reviewed callers which are agreed to be useful.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ