lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <trinity-0370530e-fe87-44e0-800c-660c1fc99eff-1397462591198@3capp-gmx-bs45>
Date:	Mon, 14 Apr 2014 10:03:11 +0200
From:	Alexander.Kleinsorge@....de
To:	"Andi Kleen" <andi@...stfloor.org>
Cc:	linux-kernel@...r.kernel.org
Subject: Aw: Re: new module to check constant memory for corruption

Hi Andi,

I would like to ask for your help.
Is there a central kernel function that enables/disables write-protection for kernel memory?
I only know the place, where its write protected at booting for x86/x64.
If there is one place, it would be much easier, as to hook into many places (e.g. ftrace, etc). 

My goal is to verify kernel memory (the constant part), not to rebuild memcheck as a process.
In my Ubuntu 12.04 system, this range has never changed during module-runtime (many hours).
I think in >90% of all systems is no ftrace (etc) changing this range.

So I need either a trigger when to update my reference sum, or to know when ftrace (etc) are really working.
ftrace_enabled = 1 (default) is no indicator, because it is typically on.

Thanks a lot,
Alexander


Gesendet: Sonntag, 13. April 2014 um 05:00 Uhr
Von: "Andi Kleen" <andi@...stfloor.org>
An: Alexander.Kleinsorge@....de
Cc: linux-kernel@...r.kernel.org
Betreff: Re: new module to check constant memory for corruption
Alexander.Kleinsorge@....de writes:

> ramcheck kernel module
> new module to check constant memory for corruption
>
> detect corruption of constant kernel memory (text and data) periodically.
> runtime costs about 1..2 ms per sec (about 10 mb with 5 mb/ms),
> which is distributed over 8 (BLOCKS) time partitions (less than half
> ms per sec).
> in case of checksum (xor) error, an kernel log is posted.
> manual trigger via /proc/ramcheck is possible.
> range: kallsyms_lookup_name("_text") .. kallsyms_lookup_name("__end_rodata")


Can you explain how this works? How does it handle legal writes?

If it just checks its own memory it could be done in user space.

-Andi

--
ak@...ux.intel.com -- Speaking for myself only
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ