lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20070705195412.GA31780@Krystal>
Date:	Thu, 5 Jul 2007 15:54:13 -0400
From:	Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>
To:	"S. P. Prasanna" <prasanna@...ibm.com>
Cc:	akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
	ananth@...ibm.com, anil.s.keshavamurthy@...el.com,
	davem@...emloft.net, Ian McDonald <ian.mcdonald@...di.co.nz>,
	Ingo Molnar <mingo@...e.hu>, Andi Kleen <ak@...e.de>
Subject: Re: [patch 3/3] Text Edit Lock - kprobes i386

This suggestion looks more like a workaround to get rid of a bigger
issue.

If we do that, we have to use CONFIG_* exclusivity for either 
(ro-data protection) or (paravirt, kprobes, immediate values).

One big advantage of my patch is that we can remove weird exclusivity
cases involving paravirt and cpu hotplug, like this one:

-#ifndef CONFIG_KPROBES
-#ifdef CONFIG_HOTPLUG_CPU
-       /* It must still be possible to apply SMP alternatives. */
-       if (num_possible_cpus() <= 1)
-#endif
-       {
-               change_page_attr(virt_to_page(start),
-                                size >> PAGE_SHIFT, PAGE_KERNEL_RX);
-               printk("Write protecting the kernel text: %luk\n", size >> 10);
-               kernel_text_is_ro = 1;
-       }

Mathieu

* S. P. Prasanna (prasanna@...ibm.com) wrote:
> On Tue, Jul 03, 2007 at 12:38:22PM -0400, Mathieu Desnoyers wrote:
> > Kprobes can use the text edit lock to insure mutual exclusion when edition the
> > code and make sure the pages are writable.
> 
> Linus suggested for splitting ro-data and ro-text; And allow ro-text
> only if kprobes is not configured.
> Please see the discussion thread, URL given below
> http://lkml.org/lkml/2007/6/20/436
> 
> This patch below allows to configure and mark the kernel text and
> kernel data as read-only separately. Also kernel text
> is configured read-only if kprobes is not configured.
> 
> Thanks
> Prasanna
> 
> This patch allows to configure and mark the kernel text and
> kernel data as read-only separately.
> 
> Signed-off-by: Prasanna S P. <prasanna@...ibm.com>
> 
> 
>  arch/i386/Kconfig.debug |    8 ++++++++
>  arch/i386/mm/init.c     |   22 ++++++++++++++++------
>  2 files changed, 24 insertions(+), 6 deletions(-)
> 
> diff -puN arch/i386/Kconfig.debug~mark-kernel-text-data-ro-seperately-i386 arch/i386/Kconfig.debug
> --- linux-2.6.22-rc6/arch/i386/Kconfig.debug~mark-kernel-text-data-ro-seperately-i386	2007-07-04 13:45:24.000000000 +0530
> +++ linux-2.6.22-rc6-prasanna/arch/i386/Kconfig.debug	2007-07-04 13:52:31.000000000 +0530
> @@ -56,6 +56,14 @@ config DEBUG_RODATA
>  	  portion of the kernel code won't be covered by a 2MB TLB anymore.
>  	  If in doubt, say "N".
>  
> +config DEBUG_ROTEXT
> +	bool "Write protect kernel text"
> +	depends on DEBUG_RODATA && !KPROBES
> +	help
> +	  Mark the kernel text as write-protected in the pagetables.
> +	  Only allow this if kprobes is not configured.
> +	  If in doubt, say "N".
> +
>  config 4KSTACKS
>  	bool "Use 4Kb for kernel stacks instead of 8Kb"
>  	depends on DEBUG_KERNEL
> diff -puN arch/i386/mm/init.c~mark-kernel-text-data-ro-seperately-i386 arch/i386/mm/init.c
> --- linux-2.6.22-rc6/arch/i386/mm/init.c~mark-kernel-text-data-ro-seperately-i386	2007-07-04 13:45:24.000000000 +0530
> +++ linux-2.6.22-rc6-prasanna/arch/i386/mm/init.c	2007-07-04 13:51:39.000000000 +0530
> @@ -792,14 +792,11 @@ static int noinline do_test_wp_bit(void)
>  	return flag;
>  }
>  
> -#ifdef CONFIG_DEBUG_RODATA
> -
> -void mark_rodata_ro(void)
> +static inline void mark_rwtext_ro(void)
>  {
>  	unsigned long start = PFN_ALIGN(_text);
>  	unsigned long size = PFN_ALIGN(_etext) - start;
>  
> -#ifndef CONFIG_KPROBES
>  #ifdef CONFIG_HOTPLUG_CPU
>  	/* It must still be possible to apply SMP alternatives. */
>  	if (num_possible_cpus() <= 1)
> @@ -809,9 +806,22 @@ void mark_rodata_ro(void)
>  		                 size >> PAGE_SHIFT, PAGE_KERNEL_RX);
>  		printk("Write protecting the kernel text: %luk\n", size >> 10);
>  	}
> +
> +	/*
> +	 * global_flush_tlb() will be called after marking the data as readonly.
> +	 */
> +}
> +
> +#ifdef CONFIG_DEBUG_RODATA
> +
> +void mark_rodata_ro(void)
> +{
> +	unsigned long start = PFN_ALIGN(_etext);
> +	unsigned long size = (unsigned long)__end_rodata - start;
> +
> +#ifdef CONFIG_DEBUG_ROTEXT
> +	mark_rwtext_ro();
>  #endif
> -	start += size;
> -	size = (unsigned long)__end_rodata - start;
>  	change_page_attr(virt_to_page(start),
>  	                 size >> PAGE_SHIFT, PAGE_KERNEL_RO);
>  	printk("Write protecting the kernel read-only data: %luk\n",
> 
> _
> -- 
> Prasanna S.P.
> Linux Technology Center
> India Software Labs, IBM Bangalore
> Email: prasanna@...ibm.com
> Ph: 91-80-41776329

-- 
Mathieu Desnoyers
Computer Engineering Ph.D. Student, Ecole Polytechnique de Montreal
OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F  BA06 3F25 A8FE 3BAE 9A68
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ