kernel-hardening - Re: [PATCH v5 8/8] powerpc/mm: Disable set_memory() routines when strict RWX isn't enabled

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-Id: <c560b6bb-1a42-bf50-5122-7912771e1481@linux.ibm.com>
Date: Wed, 26 Feb 2020 17:38:29 +1100
From: Andrew Donnellan <ajd@...ux.ibm.com>
To: Russell Currey <ruscur@...sell.cc>, linuxppc-dev@...ts.ozlabs.org
Cc: jniethe5@...il.com, christophe.leroy@....fr, joel@....id.au,
        mpe@...erman.id.au, dja@...ens.net, npiggin@...il.com,
        kernel-hardening@...ts.openwall.com
Subject: Re: [PATCH v5 8/8] powerpc/mm: Disable set_memory() routines when
 strict RWX isn't enabled

On 26/2/20 5:35 pm, Russell Currey wrote:
> There are a couple of reasons that the set_memory() functions are
> problematic when STRICT_KERNEL_RWX isn't enabled:
> 
>   - The linear mapping is a different size and apply_to_page_range()
> 	may modify a giant section, breaking everything
>   - patch_instruction() doesn't know to work around a page being marked
>   	RO, and will subsequently crash
> 
> The latter can be replicated by building a kernel with the set_memory()
> patches but with STRICT_KERNEL_RWX off and running ftracetest.
> 
> Reported-by: Jordan Niethe <jniethe5@...il.com>
> Signed-off-by: Russell Currey <ruscur@...sell.cc>

Can we squash this in earlier in the series for the sake of bisectability?

-- 
Andrew Donnellan              OzLabs, ADL Canberra
ajd@...ux.ibm.com             IBM Australia Limited

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.