| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140814174652.GA2045@www.outflux.net>
Date: Thu, 14 Aug 2014 10:46:52 -0700
From: Kees Cook <keescook@...omium.org>
To: Russell King - ARM Linux <linux@....linux.org.uk>
Cc: linux-arm-kernel@...r.kernel.org, linux-kernel@...r.kernel.org,
Doug Anderson <dianders@...omium.org>,
Mark Salter <msalter@...hat.com>,
Nicolas Pitre <nico@...aro.org>,
Nikolay Borisov <Nikolay.Borisov@....com>,
Rabin Vincent <rabin@....in>, Rob Herring <robh@...nel.org>,
Will Deacon <will.deacon@....com>,
Laura Abbott <lauraa@...eaurora.org>
Subject: [PULL] ronx update (3.18)
Hi Russel,
Once the merge window for 3.17 closes, could you please pull these ARM
fixmap and RO/NX changes for 3.18?
Thanks!
-Kees
The following changes since commit e57e41931134e09fc6c03c8d4eb19d516cc6e59b:
ARM: wire up memfd_create syscall (2014-08-09 14:07:59 +0100)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/ronx-3.18
for you to fetch changes up to 41fc56ee0a0ea765236d86818523be55bca1eee2:
ARM: mm: allow text and rodata sections to be read-only (2014-08-14 10:36:36 -0700)
----------------------------------------------------------------
This is a series of patches to support CONFIG_RODATA on ARM, so that
the kernel text is RO, and non-text sections default to NX. To support
on-the-fly kernel text patching (via ftrace, kprobes, etc), fixmap
support has been finalized based on several versions of various patches
that are floating around on the mailing list. This series attempts to
include the least intrusive version, so that others can build on it for
future fixmap work.
The series has been heavily tested, and appears to be working correctly:
With CONFIG_ARM_PTDUMP, expected page table permissions are seen in
/sys/kernel/debug/kernel_page_tables.
Using CONFIG_LKDTM, the kernel now correctly detects bad accesses for
for the following lkdtm tests via /sys/kernel/debug/provoke-crash/DIRECT:
EXEC_DATA
WRITE_RO
WRITE_KERN
ftrace works:
CONFIG_FTRACE_STARTUP_TEST passes
Enabling tracing works:
echo function > /sys/kernel/debug/tracing/current_tracer
kprobes works:
CONFIG_ARM_KPROBES_TEST passes
kexec works:
kexec will load and start a new kernel
Built with and without CONFIG_HIGHMEM, CONFIG_HIGHMEM_DEBUG, and
CONFIG_NR_CPUS=32.
Thanks to everyone who has been testing this series and working on its
various pieces!
----------------------------------------------------------------
Doug Anderson (1):
arm: kgdb: Handle read-only text / modules
Kees Cook (3):
arm: fixmap: implement __set_fixmap()
ARM: mm: allow non-text sections to be non-executable
ARM: mm: allow text and rodata sections to be read-only
Mark Salter (1):
arm: use generic fixmap.h
Nikolay Borisov (1):
ARM: kexec: Make .text R/W in machine_kexec
Rabin Vincent (1):
arm: use fixmap for text patching when text is RO
Rob Herring (1):
ARM: expand fixmap region to 3MB
Documentation/arm/memory.txt | 2 +-
arch/arm/include/asm/cacheflush.h | 10 +++
arch/arm/include/asm/fixmap.h | 31 ++++----
arch/arm/kernel/Makefile | 2 +-
arch/arm/kernel/ftrace.c | 19 +++++
arch/arm/kernel/jump_label.c | 2 +-
arch/arm/kernel/kgdb.c | 29 +++++++
arch/arm/kernel/machine_kexec.c | 9 ++-
arch/arm/kernel/patch.c | 79 +++++++++++++++++--
arch/arm/kernel/patch.h | 12 ++-
arch/arm/kernel/vmlinux.lds.S | 20 +++++
arch/arm/mm/Kconfig | 21 ++++++
arch/arm/mm/highmem.c | 15 ++--
arch/arm/mm/init.c | 154 +++++++++++++++++++++++++++++++++++++-
arch/arm/mm/mmu.c | 38 +++++++++-
15 files changed, 399 insertions(+), 44 deletions(-)
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists