Le 17/05/2021 à 05:28, Jordan Niethe a écrit :
From: Russell Currey
To enable strict module RWX on powerpc, set:
CONFIG_STRICT_MODULE_RWX=y
You should also have CONFIG_STRICT_KERNEL_RWX=y set to have any real
security benefit.
ARCH_HAS_STRICT_MODULE_RWX is set to require ARCH_HAS_STR
On Mon, May 17, 2021 at 4:37 PM Christophe Leroy
wrote:
>
>
>
> Le 17/05/2021 à 05:28, Jordan Niethe a écrit :
> > Make module_alloc() use PAGE_KERNEL protections instead of
> > PAGE_KERNEL_EXEX if Strict Module RWX is enabled.
> >
> > Signed-off-by: Jordan Niethe
> > ---
> > v14: - Split out fro
On 5/14/21 5:17 PM, Peter Zijlstra wrote:
> On Thu, May 13, 2021 at 05:56:14PM +0530, kajoljain wrote:
>
>> But yes the current read/add/del functions are not adding value. We
>> could add an arch/platform specific function which could handle the
>> capturing of the counter data and do the res
Le 17/05/2021 à 05:28, Jordan Niethe a écrit :
Add the necessary call to bpf_jit_binary_lock_ro() to remove write and
add exec permissions to the JIT image after it has finished being
written.
Without CONFIG_STRICT_MODULE_RWX the image will be writable and
executable until the call to bpf_jit
Le 17/05/2021 à 05:28, Jordan Niethe a écrit :
Make module_alloc() use PAGE_KERNEL protections instead of
PAGE_KERNEL_EXEX if Strict Module RWX is enabled.
Signed-off-by: Jordan Niethe
---
v14: - Split out from powerpc: Set ARCH_HAS_STRICT_MODULE_RWX
- Add and use strict_module_rwx_ena
https://bugzilla.kernel.org/show_bug.cgi?id=213069
Christophe Leroy (christophe.le...@csgroup.eu) changed:
What|Removed |Added
CC||christoph
From: Christophe Leroy
This reuses the DEBUG_PAGEALLOC logic.
Tested with CONFIG_KFENCE + CONFIG_KUNIT + CONFIG_KFENCE_KUNIT_TEST on
radix and hash.
Signed-off-by: Christophe Leroy
[jpn: Handle radix]
Signed-off-by: Jordan Niethe
---
arch/powerpc/Kconfig | 2 +-
arch
From: Christophe Leroy
If the page is already mapped resp. already unmapped, bail out.
Signed-off-by: Christophe Leroy
Signed-off-by: Jordan Niethe
---
arch/powerpc/mm/book3s64/hash_utils.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/mm/book3s64/has
From: Christophe Leroy
debug_pagealloc_enabled() is always defined and constant folds to
'false' when CONFIG_DEBUG_PAGEALLOC is not enabled.
Remove the #ifdefs, the code and associated static variables will
be optimised out by the compiler when CONFIG_DEBUG_PAGEALLOC is
not defined.
Signed-off-
There is support for DEBUG_PAGEALLOC on hash but not on radix.
Add support on radix.
Signed-off-by: Jordan Niethe
---
arch/powerpc/include/asm/book3s/32/pgtable.h | 10
arch/powerpc/include/asm/book3s/64/hash.h| 2 ++
arch/powerpc/include/asm/book3s/64/pgtable.h | 19 ++
This adds support for radix to Christophe's series that enabled KFENCE on
powerpc/64s/hash:
https://lore.kernel.org/linuxppc-dev/8dfe1bd2abde26337c1d8c1ad0acfcc82185e0d5.1614868445.git.christophe.le...@csgroup.eu/
First implement DEBUG_PAGEALLOC for radix so KFENCE can reuse the same
infrastructur
Wan Jiabing writes:
> Fix coccicheck warning:
>
> ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:539:5-7:
> Unneeded variable: "rc". Return "0" on line 562
> ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:567:5-7:
> Unneeded variable: "rc". Return "0" on line 580
On 5/17/21 11:17 AM, Christophe Leroy wrote:
+aneesh
+linuxppc-dev list
Le 17/05/2021 à 07:44, Anshuman Khandual a écrit :
Hello Christophe,
DEBUG_VM_PGTABLE has now been re-enabled on powerpc recently ? was not
aware about this. From the error log, it failed explicitly on 4K page
size hash co
+aneesh
+linuxppc-dev list
Le 17/05/2021 à 07:44, Anshuman Khandual a écrit :
Hello Christophe,
DEBUG_VM_PGTABLE has now been re-enabled on powerpc recently ? was not
aware about this. From the error log, it failed explicitly on 4K page
size hash config.
static inline pmd_t hash__pmd_mkhuge(pm
From: Christophe Leroy
Use set_memory_attr() instead of the PPC32 specific change_page_attr()
change_page_attr() was checking that the address was not mapped by
blocks and was handling highmem, but that's unneeded because the
affected pages can't be in highmem and block mapping verification
is a
From: Christophe Leroy
In addition to the set_memory_xx() functions which allows to change
the memory attributes of not (yet) used memory regions, implement a
set_memory_attr() function to:
- set the final memory protection after init on currently used
kernel regions.
- enable/disable kernel memo
From: Russell Currey
To enable strict module RWX on powerpc, set:
CONFIG_STRICT_MODULE_RWX=y
You should also have CONFIG_STRICT_KERNEL_RWX=y set to have any real
security benefit.
ARCH_HAS_STRICT_MODULE_RWX is set to require ARCH_HAS_STRICT_KERNEL_RWX.
This is due to a quirk in arch/Kconfi
Add the necessary call to bpf_jit_binary_lock_ro() to remove write and
add exec permissions to the JIT image after it has finished being
written.
Without CONFIG_STRICT_MODULE_RWX the image will be writable and
executable until the call to bpf_jit_binary_lock_ro().
Reviewed-by: Christophe Leroy
S
Commit 74451e66d516 ("bpf: make jited programs visible in traces") added
a default bpf_jit_free() implementation. Powerpc did not use the default
bpf_jit_free() as powerpc did not set the images read-only. The default
bpf_jit_free() called bpf_jit_binary_unlock_ro() is why it could not be
used for
From: Russell Currey
Add the arch specific insn page allocator for powerpc. This allocates
ROX pages if STRICT_KERNEL_RWX is enabled. These pages are only written
to with patch_instruction() which is able to write RO pages.
Reviewed-by: Daniel Axtens
Signed-off-by: Russell Currey
Signed-off-by
Make module_alloc() use PAGE_KERNEL protections instead of
PAGE_KERNEL_EXEX if Strict Module RWX is enabled.
Signed-off-by: Jordan Niethe
---
v14: - Split out from powerpc: Set ARCH_HAS_STRICT_MODULE_RWX
- Add and use strict_module_rwx_enabled() helper
---
arch/powerpc/include/asm/mmu.h | 5
setup_text_poke_area() is a late init call so it runs before
mark_rodata_ro() and after the init calls. This lets all the init code
patching simply write to their locations. In the future, kprobes is
going to allocate its instruction pages RO which means they will need
setup_text__poke_area() to ha
From: Russell Currey
The set_memory_{ro/rw/nx/x}() functions are required for
STRICT_MODULE_RWX, and are generally useful primitives to have. This
implementation is designed to be generic across powerpc's many MMUs.
It's possible that this could be optimised to be faster for specific
MMUs.
This
Adding more Strict RWX support on powerpc, in particular Strict Module RWX.
Thanks for all of the feedback everyone.
It is now rebased on linux-next + powerpc/64s/radix: Enable huge vmalloc
mappings
(https://lore.kernel.org/linuxppc-dev/20210503091755.613393-1-npig...@gmail.com/)
For reference th
On 5/14/21 18:46, Segher Boessenkool wrote:
Hi!
On Fri, May 14, 2021 at 11:42:32AM +0900, Masahiro Yamada wrote:
In my best guess, the reason why powerpc adding the endian flag to CPP
is this line in arch/powerpc/kernel/vdso64/vdso64.lds.S
#ifdef __LITTLE_ENDIAN__
OUTPUT_FORMAT("elf64-power
Sorry I missed this :(
Excerpts from Athira Rajeev's message of April 20, 2021 1:01 pm:
> Running perf fuzzer showed below in dmesg logs:
> "Can't find PMC that caused IRQ"
>
> This means a PMU exception happened, but none of the PMC's (Performance
> Monitor Counter) were found to be overflown. T
On Fri, May 14, 2021 at 3:50 PM Christophe Leroy
wrote:
>
>
>
> Le 10/05/2021 à 03:18, Jordan Niethe a écrit :
> > From: Russell Currey
> >
> > To enable strict module RWX on powerpc, set:
> >
> > CONFIG_STRICT_MODULE_RWX=y
> >
> > You should also have CONFIG_STRICT_KERNEL_RWX=y set to have
ig
powerpc allmodconfig
powerpc allnoconfig
x86_64 randconfig-a004-20210516
x86_64 randconfig-a003-20210516
x86_64 randconfig-a001-20210516
x86_64 randconfig-a005-20210516
x86_64 randconfig-a00
allnoconfig
x86_64 randconfig-a004-20210516
x86_64 randconfig-a003-20210516
x86_64 randconfig-a001-20210516
x86_64 randconfig-a005-20210516
x86_64 randconfig-a002-20210516
x86_64 randconfig-a006
29 matches
Mail list logo
