Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160308002035.GA13606@www.outflux.net>
Date: Mon, 7 Mar 2016 16:20:35 -0800
From: Kees Cook <keescook@...omium.org>
To: Christian Borntraeger <borntraeger@...ibm.com>
Cc: Heiko Carstens <heiko.carstens@...ibm.com>,
	Martin Schwidefsky <schwidefsky@...ibm.com>,
	Ingo Molnar <mingo@...nel.org>,
	David Brown <david.brown@...aro.org>,
	Andy Lutomirski <luto@...capital.net>,
	"H. Peter Anvin" <hpa@...or.com>,
	Michael Ellerman <mpe@...erman.id.au>,
	Mathias Krause <minipli@...glemail.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	"x86@...nel.org" <x86@...nel.org>, Arnd Bergmann <arnd@...db.de>,
	PaX Team <pageexec@...email.hu>, Emese Revfy <re.emese@...il.com>,
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>,
	LKML <linux-kernel@...r.kernel.org>,
	linux-arch <linux-arch@...r.kernel.org>,
	linux-s390 <linux-s390@...r.kernel.org>
Subject: [RFC][PATCH] s390, postinit-readonly: implement post-init RO

Since s390 already sets its .rodata section RO from the start, the generic
.data..ro_after_init section is already RO before init runs. For s390,
split the post-init read-only section off separately and handle that
when the call to mark_rodata_ro() is made.

Signed-off-by: Kees Cook <keescook@...omium.org>
---
This is totally untested...
---
 arch/s390/Kconfig                |  3 +++
 arch/s390/include/asm/cache.h    |  2 ++
 arch/s390/include/asm/sections.h |  2 +-
 arch/s390/kernel/vmlinux.lds.S   |  6 ++++++
 arch/s390/mm/init.c              | 10 ++++++++++
 5 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index 3be9c832dec1..3f8b96f2cd2d 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -59,6 +59,9 @@ config PCI_QUIRKS
 config ARCH_SUPPORTS_UPROBES
 	def_bool y
 
+config DEBUG_RODATA
+	def_bool y
+
 config S390
 	def_bool y
 	select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE
diff --git a/arch/s390/include/asm/cache.h b/arch/s390/include/asm/cache.h
index 4d7ccac5fd1d..816c2964bbee 100644
--- a/arch/s390/include/asm/cache.h
+++ b/arch/s390/include/asm/cache.h
@@ -15,4 +15,6 @@
 
 #define __read_mostly __attribute__((__section__(".data..read_mostly")))
 
+#define __ro_after_init __attribute__((__section__(".arch_ro_after_init")))
+
 #endif
diff --git a/arch/s390/include/asm/sections.h b/arch/s390/include/asm/sections.h
index fbd9116eb17b..6cc6acf87416 100644
--- a/arch/s390/include/asm/sections.h
+++ b/arch/s390/include/asm/sections.h
@@ -3,6 +3,6 @@
 
 #include <asm-generic/sections.h>
 
-extern char _eshared[], _ehead[];
+extern char _eshared[], _ehead[], __ro_after_init[];
 
 #endif
diff --git a/arch/s390/kernel/vmlinux.lds.S b/arch/s390/kernel/vmlinux.lds.S
index 445657fe658c..39a2c7e4cdd2 100644
--- a/arch/s390/kernel/vmlinux.lds.S
+++ b/arch/s390/kernel/vmlinux.lds.S
@@ -52,6 +52,12 @@ SECTIONS
 
 	RW_DATA_SECTION(0x100, PAGE_SIZE, THREAD_SIZE)
 
+	. = ALIGN(PAGE_SIZE)
+	__ro_after_init = .;
+	.arch_ro_after_init : {
+		*(.arch_ro_after_init)	/* Read only after init */
+	}
+
 	_edata = .;		/* End of data section */
 
 	/* will be freed after init */
diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
index 73e290337092..6033d396b96c 100644
--- a/arch/s390/mm/init.c
+++ b/arch/s390/mm/init.c
@@ -136,6 +136,16 @@ void free_initmem(void)
 	free_initmem_default(POISON_FREE_INITMEM);
 }
 
+void mark_rodata_ro(void)
+{
+	unsigned long start = (unsigned long) &__ro_after_init;
+	unsigned long end = (unsigned long) &_edata;
+
+	printk(KERN_INFO "Write protecting post-init read-only data: %luk\n",
+	       (end - start) >> 10);
+	set_memory_ro(start, (end - start) >> PAGE_SHIFT);
+}
+
 #ifdef CONFIG_BLK_DEV_INITRD
 void __init free_initrd_mem(unsigned long start, unsigned long end)
 {
-- 
2.6.3


-- 
Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.