lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 07 Aug 2014 13:43:55 -0700
From:	Laura Abbott <lauraa@...eaurora.org>
To:	Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org
CC:	Liu hua <sdu.liu@...wei.com>, Mark Salter <msalter@...hat.com>,
	Rabin Vincent <rabin@....in>,
	Nikolay Borisov <Nikolay.Borisov@....com>,
	Nicolas Pitre <nicolas.pitre@...aro.org>,
	Leif Lindholm <leif.lindholm@...aro.org>,
	Tomasz Figa <t.figa@...sung.com>,
	Rob Herring <robh@...nel.org>,
	Doug Anderson <dianders@...gle.com>,
	Jason Wessel <jason.wessel@...driver.com>,
	Will Deacon <will.deacon@....com>,
	Catalin Marinas <catalin.marinas@....com>,
	Russell King - ARM Linux <linux@....linux.org.uk>,
	linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v2 0/8] arm: support CONFIG_RODATA

On 8/7/2014 8:01 AM, Kees Cook wrote:
> This is a series of patches to support CONFIG_RODATA on ARM, so that
> the kernel text is RO, and non-text sections default to NX. To support
> on-the-fly kernel text patching (via ftrace, kprobes, etc), fixmap
> support has been finalized based on several versions of various patches
> that are floating around on the mailing list. This series attempts to
> include the least intrusive version, so that others can build on it for
> future fixmap work.
> 
> The series has been heavily tested, and appears to be working correctly:
> 
> With CONFIG_ARM_PTDUMP, expected page table permissions are seen in
> /sys/kernel/debug/kernel_page_tables.
> 
> Using CONFIG_LKDTM, the kernel now correctly detects bad accesses for
> for the following lkdtm tests via /sys/kernel/debug/provoke-crash/DIRECT:
>         EXEC_DATA
>         WRITE_RO
>         WRITE_KERN
> 
> ftrace works:
>         CONFIG_FTRACE_STARTUP_TEST passes
>         Enabling tracing works:
>                 echo function > /sys/kernel/debug/tracing/current_tracer
> 
> kprobes works:
>         CONFIG_ARM_KPROBES_TEST passes
> 
> kexec works:
>         kexec will load and start a new kernel
> 
> Thanks to everyone who has been testing this series and working on its
> various pieces!
> 
> -Kees
> 
> v2:
> - fix typo in kexec merge (buildbot)
> - flip index order for highmem pte access (lauraa)
> - added kgdb updates (dianders)
> 

At least twice I managed to boot a build with CONFIG_DEBUG_RODATA where
both  cat /sys/kernel/debug/kernel_page_table and JTAG were showing no
sections marked as read only. I haven't been able to reproduce it though
so I'm tempted to account for it as incorrect testing on my part. I'll
play around with it some more but if you haven't heard anything more
you can add

Tested-by: Laura Abbott <lauraa@...eaurora.org>

For boot up test, kernel_page_table/JTAG page table verification and
simple kprobes test. 

Thanks,
Laura

-- 
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by The Linux Foundation
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ