| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Apr 2021 09:33:58 -0700 (PDT)
From: Palmer Dabbelt <palmer@...belt.com>
To: alex@...ti.fr
CC: anup@...infault.org, corbet@....net,
Paul Walmsley <paul.walmsley@...ive.com>,
aou@...s.berkeley.edu, Arnd Bergmann <arnd@...db.de>,
aryabinin@...tuozzo.com, glider@...gle.com, dvyukov@...gle.com,
linux-doc@...r.kernel.org, linux-riscv@...ts.infradead.org,
linux-kernel@...r.kernel.org, kasan-dev@...glegroups.com,
linux-arch@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCH] riscv: Protect kernel linear mapping only if CONFIG_STRICT_KERNEL_RWX is set
On Fri, 16 Apr 2021 03:47:19 PDT (-0700), alex@...ti.fr wrote:
> Hi Anup,
>
> Le 4/16/21 à 6:41 AM, Anup Patel a écrit :
>> On Thu, Apr 15, 2021 at 4:34 PM Alexandre Ghiti <alex@...ti.fr> wrote:
>>>
>>> If CONFIG_STRICT_KERNEL_RWX is not set, we cannot set different permissions
>>> to the kernel data and text sections, so make sure it is defined before
>>> trying to protect the kernel linear mapping.
>>>
>>> Signed-off-by: Alexandre Ghiti <alex@...ti.fr>
>>
>> Maybe you should add "Fixes:" tag in commit tag ?
>
> Yes you're right I should have done that. Maybe Palmer will squash it as
> it just entered for-next?
Ya, I'll do it. My testing box was just tied up last night for the rc8
PR, so I threw this on for-next to get the buildbots to take a look.
It's a bit too late to take something for this week, as I try to be
pretty conservative this late in the cycle. There's another kprobes fix
on the list so if we end up with an rc8 I might send this along with
that, otherwise this'll just go onto for-next before the linear map
changes that exercise the bug.
You're more than welcome to just dig up the fixes tag and reply, my
scripts pull all tags from replies (just like Revieweb-by). Otherwise
I'll do it myself, most people don't really post Fixes tags that
accurately so I go through it for pretty much everything anyway.
Thanks for sorting this out so quickly!
>
>>
>> Otherwise it looks good.
>>
>> Reviewed-by: Anup Patel <anup@...infault.org>
>
> Thank you!
>
> Alex
>
>>
>> Regards,
>> Anup
>>
>>> ---
>>> arch/riscv/kernel/setup.c | 8 ++++----
>>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c
>>> index 626003bb5fca..ab394d173cd4 100644
>>> --- a/arch/riscv/kernel/setup.c
>>> +++ b/arch/riscv/kernel/setup.c
>>> @@ -264,12 +264,12 @@ void __init setup_arch(char **cmdline_p)
>>>
>>> sbi_init();
>>>
>>> - if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX))
>>> + if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) {
>>> protect_kernel_text_data();
>>> -
>>> -#if defined(CONFIG_64BIT) && defined(CONFIG_MMU)
>>> - protect_kernel_linear_mapping_text_rodata();
>>> +#ifdef CONFIG_64BIT
>>> + protect_kernel_linear_mapping_text_rodata();
>>> #endif
>>> + }
>>>
>>> #ifdef CONFIG_SWIOTLB
>>> swiotlb_init(1);
>>> --
>>> 2.20.1
>>>
>>
>> _______________________________________________
>> linux-riscv mailing list
>> linux-riscv@...ts.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-riscv
>>
Powered by blists - more mailing lists