Received: by 10.223.185.116 with SMTP id b49csp88522wrg; Mon, 19 Feb 2018 17:22:53 -0800 (PST) X-Google-Smtp-Source: AH8x225LiQ69n8Gs71K+Ry8cAAJpvEMEDc37i5IXLzswadg4XRLrWVrTg0n+5XsijJIbtR5GCeNY X-Received: by 10.101.91.78 with SMTP id y14mr5735383pgr.243.1519089773090; Mon, 19 Feb 2018 17:22:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519089773; cv=none; d=google.com; s=arc-20160816; b=TeCNUZ9hBhVt8QYn9B0k1g/6QaPboEBQb1l9KhA/5VFQtxZlhPPORVtIKzashkhVde hqzgqNL7kGahNLG0VW5sZx4Jm6WF96Nca4vMW2brP+eKufxaxL1H9+nVoWWsNaieGMlH JgmhSZyueSTcUU5YMsTtXNqJ9ZuGemtqdBwlqeL4hoCSKG1ZKuFVEM9YA8KcLX7sL0ag s3ebw+4nGLrIfXtE2Rdg27PQp0PKhnZHd81EFgRyrv6TUVpGW6bXp9fg5KogwndT2tW/ Jp20Hg8T0xF4ypK/DNVFfLbnt3jUoJuTaRNXAYba5F4rqM1NPOBYXsb+uq7Iz5zDc+83 WCuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=dgR6GHrEcMU3fH2+byquxfkKNM1fM3eOofwtpTI+dV8=; b=k0oM09FfAH/hxsMKPiPHo15xsGpPZwh8KMu1RPvkI3lypzEDV+5CF8aWKnB6K3CRDc B3TjKhkaV73u91DsO4PwkXTKAtZ8Z7MAVMygZGSvfam1gEo0+1S6L3qh61hUICQT2JMB PUpfG/jFVragGIuXSMwmqUt7bdpSVin5MnhUMcb4HgQyyYZc3zjxD2vivJvTvoT4B9Wx xo0Gy5qeyMnW0lI8S20fqMt3I1kw9IZ5L5NjbC+xcj0kYB0W/oFNCZbxpLN/L9AhD5F8 ePRA9Izu1CY/gaVCCbffRTPDiboxMpoN4iXCo0zCJb7GMvpXG+ga8lkPUo0lbdxHMSRV 4m3Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t2si424175pgo.685.2018.02.19.17.22.26; Mon, 19 Feb 2018 17:22:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932323AbeBTBVY (ORCPT + 99 others); Mon, 19 Feb 2018 20:21:24 -0500 Received: from mx1.redhat.com ([209.132.183.28]:53896 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932280AbeBTBVW (ORCPT ); Mon, 19 Feb 2018 20:21:22 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3DBDB4E334; Tue, 20 Feb 2018 01:21:22 +0000 (UTC) Received: from rh (ovpn-116-62.phx2.redhat.com [10.3.116.62]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ACFEA5D9C8; Tue, 20 Feb 2018 01:21:21 +0000 (UTC) Received: from [::1] (helo=rh) by rh with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1enwcM-00032B-Ed; Tue, 20 Feb 2018 12:21:14 +1100 Date: Tue, 20 Feb 2018 12:21:11 +1100 From: Dave Chinner To: Kees Cook Cc: Igor Stoppa , Matthew Wilcox , Randy Dunlap , Jonathan Corbet , Michal Hocko , Laura Abbott , Jerome Glisse , Christoph Hellwig , Christoph Lameter , linux-security-module , Linux-MM , LKML , Kernel Hardening Subject: Re: [RFC PATCH v16 0/6] mm: security: ro protection for dynamic data Message-ID: <20180220012111.GC3728@rh> References: <20180212165301.17933-1-igor.stoppa@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 20 Feb 2018 01:21:22 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 12, 2018 at 03:32:36PM -0800, Kees Cook wrote: > On Mon, Feb 12, 2018 at 8:52 AM, Igor Stoppa wrote: > > This patch-set introduces the possibility of protecting memory that has > > been allocated dynamically. > > > > The memory is managed in pools: when a memory pool is turned into R/O, > > all the memory that is part of it, will become R/O. > > > > A R/O pool can be destroyed, to recover its memory, but it cannot be > > turned back into R/W mode. > > > > This is intentional. This feature is meant for data that doesn't need > > further modifications after initialization. > > This series came up in discussions with Dave Chinner (and Matthew > Wilcox, already part of the discussion, and others) at LCA. I wonder > if XFS would make a good initial user of this, as it could allocate > all the function pointers and other const information about a > superblock in pmalloc(), keeping it separate from the R/W portions? > Could other filesystems do similar things? I wasn't cc'd on this patchset, (please use david@fromorbit.com for future postings) so I can't really say anything about it right now. My interest for XFS was that we have a fair amount of static data in XFS that we set up at mount time and it never gets modified after that. I'm not so worried about VFS level objects (that's a much more complex issue) but there is a lot of low hanging fruit in the XFS structures we could convert to write-once structures. Cheers, Dave. -- Dave Chinner dchinner@redhat.com