Received: by 10.223.185.116 with SMTP id b49csp1219903wrg; Wed, 21 Feb 2018 14:25:41 -0800 (PST) X-Google-Smtp-Source: AH8x226qsi2sM9yk/oTG0oVE3nSuMZvLKAgrlNJ6Sx2204qOrjlFyoMYdAXEA3L2qQ7wH9vMTmWa X-Received: by 2002:a17:902:a5c5:: with SMTP id t5-v6mr4610179plq.160.1519251941395; Wed, 21 Feb 2018 14:25:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519251941; cv=none; d=google.com; s=arc-20160816; b=PfsPErfDx+mJIgvrjJMrbEv7zHNnVBELm3Jq18prdYAU5ZIXE5f7wZ5QodF+YaydRN sTTxFFEtoCEzG0tzv0uScFEQczsA0Ye91xq9vPAuaYkMIAOTAkKW8IX5lRvQBZ42q7/r 6YjeRbRG/ln4C842iuvG8NT8LaXidGH2B9Z8bCneQvLhbg0oLUmOmscHg6AiI93NSmnW ESZ5ktwJ71hUMlDa8jDWf9IZM5SZ/XZ4+DgJRI0qnXmEy7BXkpxxJ6D6fNsCW2MaZ7QQ errlLRpmwIJWQjNtQHtwIMXUoKoejKP8YmvuePc+qKtRyCmufxUM/s+f1QH0Ist4NwbP cIEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=Wo+kXFYqhbdcohQqURSKyC3b9doTwKo1/7oUeciALDc=; b=LAumkVS8YCzzi4aBnd9ys0i7xdB4mVg22TEuX+OE0y9TrI2qqs1PfmVCeLsWX3mq27 Eo6jWa1oaLvSPsiPylGQ1b5dCFFfDa7Q6qZz0+HVcmGkYvINYmCFaqkCobIcT1Ahr5vb rqKnPxQXKTyNXg80qbZumz/aYg8qy9I44pw59n+qIwOqbh6SnbgsB2s8mNiHPeswIPb5 Iiy9Zb9Xm2fbQSxqz9gYgzVnh3EQ33G5YVZy+geLRewtpey2fRQDVkAYscN5Jbf00XZN 7EQ4oFm5qw0adrIyputR5JxDiiCDIUC3BOVF22tB/gkYrlwKjtawS0gAG4+ht+pxhUhT 2xgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=B70RrIaA; dkim=fail header.i=@chromium.org header.s=google header.b=TPdLN+J2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a12si11518358pgv.672.2018.02.21.14.25.26; Wed, 21 Feb 2018 14:25:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=B70RrIaA; dkim=fail header.i=@chromium.org header.s=google header.b=TPdLN+J2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751327AbeBUWYq (ORCPT + 99 others); Wed, 21 Feb 2018 17:24:46 -0500 Received: from mail-vk0-f43.google.com ([209.85.213.43]:42054 "EHLO mail-vk0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750811AbeBUWYn (ORCPT ); Wed, 21 Feb 2018 17:24:43 -0500 Received: by mail-vk0-f43.google.com with SMTP id y127so1958900vky.9 for ; Wed, 21 Feb 2018 14:24:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Wo+kXFYqhbdcohQqURSKyC3b9doTwKo1/7oUeciALDc=; b=B70RrIaAYlY60WijEHp+Fh/k9vwyrY+xu0V7swzTGM5d9zSIRrAIWfXMkIV8kJ/h2C Ldgz7FM5m7dlVTtsnULjNJDV+d0nwDyDoaeLNKIsJjvfKlWQJkltIQPFsPbtoq+B5UFu dwE4SsVNV2FD9VZzs4rpLXDFIuO90sxQuLkBHH7Lz/H1xzUcgb75rhDK3gZTI+edCcgt IEeOs9nr4iunminlb8ylBoaqUycylpGrSsYr13stum5oFQWCjEwP/resVYGc8Jx0QXjd DTHiOsiHLDBJZi0TNQ69gQNblXRbWPtzF3W3BlPVG5NRU7L2H/Ll+DuXljhHIvFAlmTz eorg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Wo+kXFYqhbdcohQqURSKyC3b9doTwKo1/7oUeciALDc=; b=TPdLN+J2ZVqsKP8K1Y0QNtidrFXbnEkv6mHtGa9pKSv5cxDvupM3mseLS0l8ElsTFR tPQnumpjo3B0ZXJPRSYlOm1lnii1rXjTgHOTG4q2ron60kWltOrRA2DS8hvrc6HqEbHr MJnlolBJ+Y3fV9Of/OMFkLYg/1ToS3734hVZ8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=Wo+kXFYqhbdcohQqURSKyC3b9doTwKo1/7oUeciALDc=; b=XT6FVRBvdrmex7Vw2yTiJiWnjbd55j8AXPnFMvNDgVNizmU1B3+wEwdFUzbOJ3w3vN vGD48cpicoU7FOHFg87MR99KP4VpL72mAFMp+Jpj8+krc+E/d+8Tu31FbQVyyb1a0yqI Ogs+WFrZFv7MttjM9J+R6j8TxhvogtZf8CPDEiSTRE/f7J3A7h1Utog4r56//otZ9+i9 z37PVPhi39urPTC9GHxgKsDFtds4qh8bmJgBav4KiW96KuyFKLLTuuHibcrTr8TCyYPZ wzgtWSWI2PLXVnvpsXUhXE46wxSngOgOTVaZdv10d0dwQ6+i7siDTES6RFEgoGGGDafc gcXw== X-Gm-Message-State: APf1xPDZ8+XhPV9wKPaZq5N7oP793pAeid46hHD0ps21aCe/24ybK2W5 hVnRMS/I4gybBy633GoiWXcWARn/duXyeWlDW6uS2w== X-Received: by 10.31.228.199 with SMTP id b190mr3542179vkh.84.1519251882881; Wed, 21 Feb 2018 14:24:42 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.242.140 with HTTP; Wed, 21 Feb 2018 14:24:42 -0800 (PST) In-Reply-To: References: <20180212165301.17933-1-igor.stoppa@huawei.com> <20180212165301.17933-6-igor.stoppa@huawei.com> From: Kees Cook Date: Wed, 21 Feb 2018 14:24:42 -0800 X-Google-Sender-Auth: LLnroS9k8MPf9ANkgEu23KSd2a8 Message-ID: Subject: Re: [PATCH 5/6] Pmalloc: self-test To: Igor Stoppa Cc: Matthew Wilcox , Randy Dunlap , Jonathan Corbet , Michal Hocko , Laura Abbott , Jerome Glisse , Christoph Hellwig , Christoph Lameter , linux-security-module , Linux-MM , LKML , Kernel Hardening Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 20, 2018 at 8:40 AM, Igor Stoppa wrote: > > On 13/02/18 01:43, Kees Cook wrote: >> On Mon, Feb 12, 2018 at 8:53 AM, Igor Stoppa wrote: > > [...] > >>> +obj-$(CONFIG_PROTECTABLE_MEMORY_SELFTEST) += pmalloc-selftest.o >> >> Nit: self-test modules are traditionally named "test_$thing.o" >> (outside of the tools/ directory). > > ok > > [...] > >> I wonder if lkdtm should grow a test too, to validate the RO-ness of >> the allocations at the right time in API usage? > > sorry for being dense ... are you proposing that I do something to > lkdtm_rodata.c ? An example would probably help me understand. It would likely live in lkdtm_perms.c (or maybe lkdtm_heap.c). Namely, use the pmalloc API and then attempt to write to a read-only variable in the pmalloc region (to prove that the permission adjustment actually happened). Likely a good example is lkdtm_WRITE_RO_AFTER_INIT(). -Kees -- Kees Cook Pixel Security