Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756563AbdDGUqP (ORCPT ); Fri, 7 Apr 2017 16:46:15 -0400 Received: from mail-it0-f44.google.com ([209.85.214.44]:35907 "EHLO mail-it0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756504AbdDGUqI (ORCPT ); Fri, 7 Apr 2017 16:46:08 -0400 MIME-Version: 1.0 In-Reply-To: <20170407015819.djxqzd2e5i3dd2dt@jeyu> References: <20170406033550.32525-1-ewk@edkovsky.org> <20170406033550.32525-2-ewk@edkovsky.org> <20170407015819.djxqzd2e5i3dd2dt@jeyu> From: Kees Cook Date: Fri, 7 Apr 2017 13:46:07 -0700 X-Google-Sender-Auth: b2nE3bYRYQaPeU4jkM_6wUqUgzE Message-ID: Subject: Re: [PATCH v5 1/2] module: verify address is read-only To: Jessica Yu Cc: Eddie Kovsky , Rusty Russell , LKML , "kernel-hardening@lists.openwall.com" Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1133 Lines: 33 On Thu, Apr 6, 2017 at 6:58 PM, Jessica Yu wrote: > +++ Eddie Kovsky [05/04/17 21:35 -0600]: >> >> Implement a mechanism to check if a module's address is in >> the rodata or ro_after_init sections. It mimics the existing functions >> that test if an address is inside a module's text section. >> >> Functions that take a module as an argument will be able to verify that >> the >> module address is in a read-only section. The idea is to prevent >> structures >> (including modules) that are not read-only from being passed to functions. >> >> This implements the first half of a suggestion made by Kees Cook for >> the Kernel Self Protection Project: >> >> - provide mechanism to check for ro_after_init memory areas, and >> reject structures not marked ro_after_init in vmbus_register() >> >> Suggested-by: Kees Cook >> Signed-off-by: Eddie Kovsky > > > Acked-by: Jessica Yu Thanks! I'll either get these into my kspp tree or ask akpm to carry these since they depend on the renaming in his tree already. -Kees -- Kees Cook Pixel Security