[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200421173557.10817-1-tranmanphong@gmail.com>
Date: Wed, 22 Apr 2020 00:35:58 +0700
From: Phong Tran <tranmanphong@...il.com>
To: mark.rutland@....com,
steve.capper@....com,
steven.price@....com,
will@...nel.org,
keescook@...omium.org,
greg@...ah.com
Cc: akpm@...ux-foundation.org,
alexios.zavras@...el.com,
broonie@...nel.org,
kernel-hardening@...ts.openwall.com,
linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org,
tglx@...utronix.de,
Phong Tran <tranmanphong@...il.com>
Subject: [PATCH v2] arm64: add check_wx_pages debugfs for CHECK_WX
follow the suggestion from
https://github.com/KSPP/linux/issues/35
Signed-off-by: Phong Tran <tranmanphong@...il.com>
---
Change since v1:
- Update the Kconfig help text
- Don't check the return value of debugfs_create_file()
- Tested on QEMU aarch64
root@...uarm64:~# zcat /proc/config.gz | grep PTDUMP
CONFIG_GENERIC_PTDUMP=y
CONFIG_PTDUMP_CORE=y
CONFIG_PTDUMP_DEBUGFS=y
root@...uarm64:~# uname -a
Linux qemuarm64 5.7.0-rc2-00001-g20ddb383c313 #3 SMP PREEMPT Tue Apr 21 23:18:56 +07 2020 aarch64 GNU/Linux
root@...uarm64:~# echo 1 > /sys/kernel/debug/check_wx_pages
[ 63.261868] Checked W+X mappings: passed, no W+X pages found
---
arch/arm64/Kconfig.debug | 5 ++++-
arch/arm64/include/asm/ptdump.h | 2 ++
arch/arm64/mm/dump.c | 1 +
arch/arm64/mm/ptdump_debugfs.c | 18 ++++++++++++++++++
4 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug
index a1efa246c9ed..cd82c9d3664a 100644
--- a/arch/arm64/Kconfig.debug
+++ b/arch/arm64/Kconfig.debug
@@ -48,7 +48,10 @@ config DEBUG_WX
of other unfixed kernel bugs easier.
There is no runtime or memory usage effect of this option
- once the kernel has booted up - it's a one time check.
+ once the kernel has booted up - it's a one time check at
+ boot, and can also be triggered at runtime by echo "1" to
+ "check_wx_pages". The "check_wx_pages" is available only with
+ CONFIG_PTDUMP_DEBUGFS is enabled.
If in doubt, say "Y".
diff --git a/arch/arm64/include/asm/ptdump.h b/arch/arm64/include/asm/ptdump.h
index 38187f74e089..c90a6ec6f59b 100644
--- a/arch/arm64/include/asm/ptdump.h
+++ b/arch/arm64/include/asm/ptdump.h
@@ -24,9 +24,11 @@ struct ptdump_info {
void ptdump_walk(struct seq_file *s, struct ptdump_info *info);
#ifdef CONFIG_PTDUMP_DEBUGFS
void ptdump_debugfs_register(struct ptdump_info *info, const char *name);
+void ptdump_check_wx_init(void);
#else
static inline void ptdump_debugfs_register(struct ptdump_info *info,
const char *name) { }
+static inline void ptdump_check_wx_init(void) { }
#endif
void ptdump_check_wx(void);
#endif /* CONFIG_PTDUMP_CORE */
diff --git a/arch/arm64/mm/dump.c b/arch/arm64/mm/dump.c
index 860c00ec8bd3..60c99a047763 100644
--- a/arch/arm64/mm/dump.c
+++ b/arch/arm64/mm/dump.c
@@ -378,6 +378,7 @@ static int ptdump_init(void)
#endif
ptdump_initialize();
ptdump_debugfs_register(&kernel_ptdump_info, "kernel_page_tables");
+ ptdump_check_wx_init();
return 0;
}
device_initcall(ptdump_init);
diff --git a/arch/arm64/mm/ptdump_debugfs.c b/arch/arm64/mm/ptdump_debugfs.c
index d29d722ec3ec..6b0aa16cb17b 100644
--- a/arch/arm64/mm/ptdump_debugfs.c
+++ b/arch/arm64/mm/ptdump_debugfs.c
@@ -20,3 +20,21 @@ void ptdump_debugfs_register(struct ptdump_info *info, const char *name)
{
debugfs_create_file(name, 0400, NULL, info, &ptdump_fops);
}
+
+static int check_wx_debugfs_set(void *data, u64 val)
+{
+ if (val != 1ULL)
+ return -EINVAL;
+
+ ptdump_check_wx();
+
+ return 0;
+}
+
+DEFINE_SIMPLE_ATTRIBUTE(check_wx_fops, NULL, check_wx_debugfs_set, "%llu\n");
+
+void ptdump_check_wx_init(void)
+{
+ debugfs_create_file("check_wx_pages", 0200, NULL,
+ NULL, &check_wx_fops) ? 0 : -ENOMEM;
+}
--
2.20.1
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
