| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250108103250.3188419-12-kevin.brodsky@arm.com> Date: Wed, 8 Jan 2025 10:32:46 +0000 From: Kevin Brodsky <kevin.brodsky@....com> To: linux-hardening@...r.kernel.org Cc: linux-kernel@...r.kernel.org, Kevin Brodsky <kevin.brodsky@....com>, Andrew Morton <akpm@...ux-foundation.org>, Mark Brown <broonie@...nel.org>, Catalin Marinas <catalin.marinas@....com>, Dave Hansen <dave.hansen@...ux.intel.com>, Jann Horn <jannh@...gle.com>, Jeff Xu <jeffxu@...omium.org>, Joey Gouly <joey.gouly@....com>, Kees Cook <kees@...nel.org>, Linus Walleij <linus.walleij@...aro.org>, Andy Lutomirski <luto@...nel.org>, Marc Zyngier <maz@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Pierre Langlois <pierre.langlois@....com>, Quentin Perret <qperret@...gle.com>, "Mike Rapoport (IBM)" <rppt@...nel.org>, Ryan Roberts <ryan.roberts@....com>, Thomas Gleixner <tglx@...utronix.de>, Will Deacon <will@...nel.org>, Matthew Wilcox <willy@...radead.org>, Qi Zheng <zhengqi.arch@...edance.com>, linux-arm-kernel@...ts.infradead.org, x86@...nel.org Subject: [RFC PATCH v2 11/15] mm: Map page tables with privileged pkey If CONFIG_KPKEYS_HARDENED_PGTABLES is enabled, map allocated page table pages using a privileged pkey (KPKEYS_PKEY_PGTABLES), so that page tables can only be written under guard(kpkeys_hardened_pgtables). This patch is a no-op if CONFIG_KPKEYS_HARDENED_PGTABLES is disabled (default). Signed-off-by: Kevin Brodsky <kevin.brodsky@....com> --- include/linux/mm.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index e99040be477f..714e1af91752 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -33,6 +33,7 @@ #include <linux/slab.h> #include <linux/cacheinfo.h> #include <linux/rcuwait.h> +#include <linux/kpkeys.h> struct mempolicy; struct anon_vma; @@ -3082,6 +3083,8 @@ static inline bool __pagetable_ctor(struct ptdesc *ptdesc) __folio_set_pgtable(folio); lruvec_stat_add_folio(folio, NR_PAGETABLE); + if (kpkeys_protect_pgtable_memory(folio)) + return false; return true; } @@ -3092,6 +3095,7 @@ static inline void pagetable_dtor(struct ptdesc *ptdesc) ptlock_free(ptdesc); __folio_clear_pgtable(folio); lruvec_stat_sub_folio(folio, NR_PAGETABLE); + kpkeys_unprotect_pgtable_memory(folio); } static inline void pagetable_dtor_free(struct ptdesc *ptdesc) -- 2.47.0
Powered by blists - more mailing lists