Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964984AbdCWVOY (ORCPT ); Thu, 23 Mar 2017 17:14:24 -0400 Received: from mail-io0-f176.google.com ([209.85.223.176]:35800 "EHLO mail-io0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964932AbdCWVOW (ORCPT ); Thu, 23 Mar 2017 17:14:22 -0400 MIME-Version: 1.0 In-Reply-To: <20170323025549.19588-3-ewk@edkovsky.org> References: <20170323025549.19588-1-ewk@edkovsky.org> <20170323025549.19588-3-ewk@edkovsky.org> From: Kees Cook Date: Thu, 23 Mar 2017 14:14:20 -0700 X-Google-Sender-Auth: pbs1DUKqG0q7_PjZ18xBLhoGEHA Message-ID: Subject: Re: [PATCH v3 2/2] extable: verify address is read-only To: Eddie Kovsky Cc: Jessica Yu , Rusty Russell , LKML , "kernel-hardening@lists.openwall.com" Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2376 Lines: 82 On Wed, Mar 22, 2017 at 7:55 PM, Eddie Kovsky wrote: > Provide a mechanism to check if the address of a variable is > const or ro_after_init. It mimics the existing functions that test if an > address is inside the kernel's text section. > > Other functions inside the kernel could then use this capability to > verify that their arguments are read-only. > > Signed-off-by: Eddie Kovsky Looks great! Acked-by: Kees Cook -Kees > --- > Changes in v3: > - Fix missing declaration of is_module_rodata_address() > > include/linux/kernel.h | 2 ++ > kernel/extable.c | 29 +++++++++++++++++++++++++++++ > 2 files changed, 31 insertions(+) > > diff --git a/include/linux/kernel.h b/include/linux/kernel.h > index 4c26dc3a8295..51beea39e6c4 100644 > --- a/include/linux/kernel.h > +++ b/include/linux/kernel.h > @@ -444,6 +444,8 @@ extern int core_kernel_data(unsigned long addr); > extern int __kernel_text_address(unsigned long addr); > extern int kernel_text_address(unsigned long addr); > extern int func_ptr_is_kernel_text(void *ptr); > +extern int core_kernel_ro_data(unsigned long addr); > +extern int kernel_ro_address(unsigned long addr); > > unsigned long int_sqrt(unsigned long); > > diff --git a/kernel/extable.c b/kernel/extable.c > index 2676d7f8baf6..3c3a9f4e6250 100644 > --- a/kernel/extable.c > +++ b/kernel/extable.c > @@ -154,3 +154,32 @@ int func_ptr_is_kernel_text(void *ptr) > return 1; > return is_module_text_address(addr); > } > + > +/** > + * core_kernel_ro_data - Verify address points to read-only section > + * @addr: address to test > + * > + */ > +int core_kernel_ro_data(unsigned long addr) > +{ > + if (addr >= (unsigned long)__start_rodata && > + addr < (unsigned long)__end_rodata) > + return 1; > + > + if (addr >= (unsigned long)__start_data_ro_after_init && > + addr < (unsigned long)__end_data_ro_after_init) > + return 1; > + > + return 0; > +} > + > +/* Verify that address is const or ro_after_init. */ > +int kernel_ro_address(unsigned long addr) > +{ > + if (core_kernel_ro_data(addr)) > + return 1; > + if (is_module_rodata_address(addr)) > + return 1; > + > + return 0; > +} > -- > 2.12.0 -- Kees Cook Pixel Security