[0/8] Support strict kernel memory permissions for security

Message ID	20200217083223.2011-1-zong.li@sifive.com (mailing list archive)
Headers	show Return-Path: <SRS0=9PXa=4F=lists.infradead.org=linux-riscv-bounces+patchwork-linux-riscv=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 44AFB2072C From: Zong Li <zong.li@sifive.com> To: paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH 0/8] Support strict kernel memory permissions for security Date: Mon, 17 Feb 2020 16:32:15 +0800 Message-Id: <20200217083223.2011-1-zong.li@sifive.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:644 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Precedence: list Cc: Zong Li <zong.li@sifive.com> Sender: "linux-riscv" <linux-riscv-bounces@lists.infradead.org> Errors-To: linux-riscv-bounces+patchwork-linux-riscv=patchwork.kernel.org@lists.infradead.org
Series	Support strict kernel memory permissions for security \| expand [0/8] Support strict kernel memory permissions for security [1/8] riscv: add ARCH_HAS_SET_MEMORY support [2/8] riscv: add ARCH_HAS_SET_DIRECT_MAP support [3/8] riscv: add ARCH_SUPPORTS_DEBUG_PAGEALLOC support [4/8] riscv: move exception table immediately after RO_DATA [5/8] riscv: add alignment for text, rodata and data sections [6/8] riscv: add STRICT_KERNEL_RWX support [7/8] riscv: add DEBUG_WX support [8/8] riscv: add two hook functions of ftrace

Message ID

20200217083223.2011-1-zong.li@sifive.com (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 44AFB2072C
From: Zong Li <zong.li@sifive.com>
To: paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu,
 linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: [PATCH 0/8] Support strict kernel memory permissions for security
Date: Mon, 17 Feb 2020 16:32:15 +0800
Message-Id: <20200217083223.2011-1-zong.li@sifive.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Cc: Zong Li <zong.li@sifive.com>
Sender: "linux-riscv" <linux-riscv-bounces@lists.infradead.org>
Errors-To: 
 linux-riscv-bounces+patchwork-linux-riscv=patchwork.kernel.org@lists.infradead.org

Series

Support strict kernel memory permissions for security | expand

Message

Zong Li Feb. 17, 2020, 8:32 a.m. UTC

The main purpose of this patch series is changing the kernel mapping permission
, make sure that code is not writeable, data is not executable, and read-only
data is neither writable nor executable.

This patch series also supports the relevant implementations such as
ARCH_HAS_SET_MEMORY, ARCH_HAS_SET_DIRECT_MAP,
ARCH_SUPPORTS_DEBUG_PAGEALLOC and DEBUG_WX.

Zong Li (8):
  riscv: add ARCH_HAS_SET_MEMORY support
  riscv: add ARCH_HAS_SET_DIRECT_MAP support
  riscv: add ARCH_SUPPORTS_DEBUG_PAGEALLOC support
  riscv: move exception table immediately after RO_DATA
  riscv: add alignment for text, rodata and data sections
  riscv: add STRICT_KERNEL_RWX support
  riscv: add DEBUG_WX support
  riscv: add two hook functions of ftrace

 arch/riscv/Kconfig                  |   6 +
 arch/riscv/Kconfig.debug            |  30 +++++
 arch/riscv/include/asm/ptdump.h     |   6 +
 arch/riscv/include/asm/set_memory.h |  41 ++++++
 arch/riscv/kernel/ftrace.c          |  18 +++
 arch/riscv/kernel/vmlinux.lds.S     |  12 +-
 arch/riscv/mm/Makefile              |   1 +
 arch/riscv/mm/init.c                |  47 +++++++
 arch/riscv/mm/pageattr.c            | 187 ++++++++++++++++++++++++++++
 9 files changed, 344 insertions(+), 4 deletions(-)
 create mode 100644 arch/riscv/include/asm/set_memory.h
 create mode 100644 arch/riscv/mm/pageattr.c

Comments

Palmer Dabbelt March 5, 2020, 3:55 p.m. UTC | #1

On Mon, 17 Feb 2020 00:32:15 PST (-0800), zong.li@sifive.com wrote:
> The main purpose of this patch series is changing the kernel mapping permission
> , make sure that code is not writeable, data is not executable, and read-only
> data is neither writable nor executable.
>
> This patch series also supports the relevant implementations such as
> ARCH_HAS_SET_MEMORY, ARCH_HAS_SET_DIRECT_MAP,
> ARCH_SUPPORTS_DEBUG_PAGEALLOC and DEBUG_WX.
>
> Zong Li (8):
>   riscv: add ARCH_HAS_SET_MEMORY support
>   riscv: add ARCH_HAS_SET_DIRECT_MAP support
>   riscv: add ARCH_SUPPORTS_DEBUG_PAGEALLOC support
>   riscv: move exception table immediately after RO_DATA
>   riscv: add alignment for text, rodata and data sections
>   riscv: add STRICT_KERNEL_RWX support
>   riscv: add DEBUG_WX support
>   riscv: add two hook functions of ftrace
>
>  arch/riscv/Kconfig                  |   6 +
>  arch/riscv/Kconfig.debug            |  30 +++++
>  arch/riscv/include/asm/ptdump.h     |   6 +
>  arch/riscv/include/asm/set_memory.h |  41 ++++++
>  arch/riscv/kernel/ftrace.c          |  18 +++
>  arch/riscv/kernel/vmlinux.lds.S     |  12 +-
>  arch/riscv/mm/Makefile              |   1 +
>  arch/riscv/mm/init.c                |  47 +++++++
>  arch/riscv/mm/pageattr.c            | 187 ++++++++++++++++++++++++++++
>  9 files changed, 344 insertions(+), 4 deletions(-)
>  create mode 100644 arch/riscv/include/asm/set_memory.h
>  create mode 100644 arch/riscv/mm/pageattr.c

Sorry, I had to run last night without quite finishing the patch set.  Just so
we're on the same page: there's some issues with the patch set, I'm assuming
you're submitting a v2 so I'm dropping this from my inbox.

Thanks!