lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Fri, 6 Nov 2015 16:20:26 -0800
From:	Laura Abbott <labbott@...hat.com>
To:	Kees Cook <keescook@...omium.org>
Cc:	Russell King - ARM Linux <linux@....linux.org.uk>,
	Laura Abbott <labbott@...oraproject.org>,
	Catalin Marinas <catalin.marinas@....com>,
	Will Deacon <will.deacon@....com>,
	"linux-arm-kernel@...ts.infradead.org" 
	<linux-arm-kernel@...ts.infradead.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Linux-MM <linux-mm@...ck.org>
Subject: Re: [PATCH] arm: Use kernel mm when updating section permissions

On 11/06/2015 03:49 PM, Kees Cook wrote:
> On Fri, Nov 6, 2015 at 3:41 PM, Laura Abbott <labbott@...hat.com> wrote:
>> On 11/06/2015 12:46 PM, Russell King - ARM Linux wrote:
>>>
>>> On Fri, Nov 06, 2015 at 10:44:32AM -0800, Laura Abbott wrote:
>>>>
>>>> with my test patch. I think setting both current->active_mm and &init_mm
>>>> is sufficient. Maybe explicitly setting swapper_pg_dir would be cleaner?
>>>
>>>
>>> Please, stop thinking like this.  If you're trying to change the kernel
>>> section mappings after threads have been spawned, you need to change
>>> them for _all_ threads, which means you need to change them for every
>>> page table that's in existence at that time - you can't do just one
>>> table and hope everyone updates, it doesn't work like that.
>>>
>>
>> That's a bad assumption assumption on my part based on what I was
>> observing. At the time of mark_rodata_ro, the only threads present
>> are kernel threads which aren't going to have task->mm. Only the
>> running thread is going to have active_mm. None of those are init_mm.
>> To be complete we need:
>>
>> - Update every task->mm for every thread in every process
>> - Update current->active_mm
>> - Update &init_mm explicitly
>>
>> All this would need to be done under stop_machine as well. Does that cover
>> everything or am I still off?
>
> I still think we need to find an earlier place to do this. :(
>
> -Kees
>

The problem is still the initmem. That needs to be writable and executable
during inittime and then have the page tables adjusted afterwards if it is
going to be freed back. I'll give this some more thought to see if I can
come up with something or if anyone else has another idea.

Thanks,
Laura
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists