Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753840AbdCWC5J (ORCPT ); Wed, 22 Mar 2017 22:57:09 -0400 Received: from olympus.edkovsky.org ([72.14.187.238]:46824 "EHLO edkovsky.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751164AbdCWC5A (ORCPT ); Wed, 22 Mar 2017 22:57:00 -0400 From: Eddie Kovsky To: jeyu@redhat.com, rusty@rustcorp.com.au, keescook@chromium.org Cc: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH v3 0/2] provide check for ro_after_init memory sections Date: Wed, 22 Mar 2017 20:55:47 -0600 Message-Id: <20170323025549.19588-1-ewk@edkovsky.org> X-Mailer: git-send-email 2.12.1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1224 Lines: 34 Provide a mechanism for other functions to verify that their arguments are read-only. This implements the first half of a suggestion made by Kees Cook for the Kernel Self Protection Project: - provide mechanism to check for ro_after_init memory areas, and reject structures not marked ro_after_init in vmbus_register() http://www.openwall.com/lists/kernel-hardening/2017/02/04/1 The idea is to prevent structures (including modules) that are not read-only from being passed to functions. It builds upon the functions in kernel/extable.c that test if an address is in the text section. I have dropped the third patch that uses these features to check the arguments to vmbus_register() because the maintainers have not been receptive to using it. My goal right now is to get the API right. I have test compiled this series on next-20170321 for x86. Eddie Kovsky (2): module: verify address is read-only extable: verify address is read-only include/linux/kernel.h | 2 ++ include/linux/module.h | 12 ++++++++++++ kernel/extable.c | 29 +++++++++++++++++++++++++++ kernel/module.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 96 insertions(+) -- 2.12.0