lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 21 Jan 2011 22:41:54 +0100
From:	matthieu castet <castet.matthieu@...e.fr>
To:	Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
CC:	Ian Campbell <Ian.Campbell@...citrix.com>,
	Kees Cook <kees.cook@...onical.com>,
	Jeremy Fitzhardinge <jeremy@...p.org>,
	"keir.fraser@...citrix.com" <keir.fraser@...citrix.com>,
	"mingo@...hat.com" <mingo@...hat.com>,
	"hpa@...or.com" <hpa@...or.com>,
	"sliakh.lkml@...il.com" <sliakh.lkml@...il.com>,
	"jmorris@...ei.org" <jmorris@...ei.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"rusty@...tcorp.com.au" <rusty@...tcorp.com.au>,
	"torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>,
	"ak@....de" <ak@....de>, "davej@...hat.com" <davej@...hat.com>,
	"jiang@...ncsu.edu" <jiang@...ncsu.edu>,
	"arjan@...radead.org" <arjan@...radead.org>,
	"tglx@...utronix.de" <tglx@...utronix.de>,
	"sfr@...b.auug.org.au" <sfr@...b.auug.org.au>,
	"mingo@...e.hu" <mingo@...e.hu>,
	Stefan Bader <stefan.bader@...onical.com>
Subject: Re: [tip:x86/security] x86: Add NX protection for kernel data

Konrad Rzeszutek Wilk a écrit :
>> -	 * .data and .bss should always be writable.
>> +	 * .data and .bss should always be writable, but xen won't like
>> +	 * if we make page table rw (that live in .data or .bss)
>>  	 */
>> +#ifdef CONFIG_X86_32
>>  	if (within(address, (unsigned long)_sdata, (unsigned long)_edata) ||
>> -	    within(address, (unsigned long)__bss_start, (unsigned long)__bss_stop))
>> -		pgprot_val(required) |= _PAGE_RW;
>> +	    within(address, (unsigned long)__bss_start, (unsigned long)__bss_stop)) {
>> +		unsigned int level;
>> +		if (lookup_address(address, &level) && (level != PG_LEVEL_4K))
>> +			pgprot_val(forbidden) |= _PAGE_RW;
>> +	}
>> +#endif
>>  
>>  #if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA)
>>
>> fyi, it does make it boot.
> 
> Hold it.. ccache is a wonderful tool but I think I've just "rebuilt" the
> binaries with the .bss HPAGE_ALIGN aligment by mistake, so this path got never
> taken.
> 
> 
Ok,

ATM I saw the following solution to solve the problem :
1) remove the data/bss check in static_protections, it was introduced by NX patches (64edc8ed). But I am not sure it
is really needed anymore.
2) add ". = ALIGN(HPAGE_SIZE)" somewhere after init section. But if we want not to be allocated in image we
should put it before bss. And if we want to be freed after init, we should put before .init.end.
This mean moving .smp_locks (and .data_nosave when x86 will be added) before init section. I have no idea of the impact.
3) add some logic in arch/x86/xen/mmu.c, that will ignore RW page setting for the page table marked RO.
4) make static_protections take and old_prot argument, and only apply RW .data/.bss requirement if page is already RW.

If possible I will go for 1).

Matthieu
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ