Received: by 10.213.65.68 with SMTP id h4csp191483imn; Mon, 26 Mar 2018 18:57:18 -0700 (PDT) X-Google-Smtp-Source: AG47ELt9lh+WQxWJOyydiGMhbnDhmL7VH3YsE6Dyu9TvP12Fwv+6YF0udcWoOpAzV/T8wd42YOHY X-Received: by 10.98.12.140 with SMTP id 12mr28857741pfm.123.1522115837936; Mon, 26 Mar 2018 18:57:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522115837; cv=none; d=google.com; s=arc-20160816; b=sW/xhhU30LBsaWj8uy+nVrsldm1aQKMuHjrcvlLMJrGAy8ru87yIzlmDGaLJGs9SDw IsTHhm0xZ4LFGJ4YFmX5YMTYSsvN7d1LVL0ifBk9elxTAQhfMDiXuVjsCQIr/aJUuIVz nzw1tBoQ3dBla2jl9YVepynkbzGh7uideX/DSHh/QYN2sCgZjjm1/Hztrp6sCYu2VeQY xe4T/WukjBBeBZM0IjzIGRXB1iTYvlUNWuSjpswDAV/w1WQzkdtR8/RPSUTYVPTonwMq JDthsP/aIpHlGWolPJPNpf/MCzSeHyO4qZK0uoWihu9SaqtRGDu//7RB49Vi/Wtn9HV2 +LSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:arc-authentication-results; bh=8fA3U4MusqQItlxYQ8S3f+8kWLQAiQdGHvLh57zuolk=; b=UFcpu/JxPJmKHRP9AM7+MtqGgPKItAhg4Ey8LTs8fr70/yNeS5ycZZARwK3QDqCJhA VlJsk2v/KeDglA8OduV5mlE1deJZ0Mv/uOglTRFWilEVrqqImAKkpvAnb2V7iLqt/sBl 1sGSmTp2HaCg/e+HxskxUUfGPGWOWYswNS9CjzWlESVbiva7fpoYwymYz6AdjBzd1leY w71sXPVH7QGjdr8Bd8tLAnJO9VIErBtK6UwG+TKd8OSGQ96YKD+RSAef4OXUOOT+6d9O FartvGbqj13EeCkP9q8JvsTEtxA+c487Fgn7ZuKxHmMF6TPDsxaTdyVQJV8xlZpZE7H0 dl9A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a188si55906pfb.248.2018.03.26.18.57.03; Mon, 26 Mar 2018 18:57:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752133AbeC0B4K (ORCPT + 99 others); Mon, 26 Mar 2018 21:56:10 -0400 Received: from lhrrgout.huawei.com ([194.213.3.17]:30794 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751824AbeC0B4J (ORCPT ); Mon, 26 Mar 2018 21:56:09 -0400 Received: from LHREML713-CAH.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 44026A07BC649; Tue, 27 Mar 2018 02:56:06 +0100 (IST) Received: from localhost.localdomain (10.122.225.51) by smtpsuk.huawei.com (10.201.108.36) with Microsoft SMTP Server (TLS) id 14.3.382.0; Tue, 27 Mar 2018 02:56:01 +0100 From: Igor Stoppa To: , , CC: , , , , , , , , Igor Stoppa Subject: [RFC PATCH v20 0/6] mm: security: ro protection for dynamic data Date: Tue, 27 Mar 2018 04:55:18 +0300 Message-ID: <20180327015524.14318-1-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.14.1 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.122.225.51] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch-set introduces the possibility of protecting memory that has been allocated dynamically. The memory is managed in pools: when a memory pool is protected, all the memory that is currently part of it, will become R/O. A R/O pool can be expanded (adding more protectable memory). It can also be destroyed, to recover its memory, but it cannot be turned back into R/W mode. This is intentional. This feature is meant for data that doesn't need further modifications after initialization. However the data might need to be released, for example as part of module unloading. The pool, therefore, can be destroyed. An example is provided, in the form of self-testing. Changes since v19: [http://www.openwall.com/lists/kernel-hardening/2018/03/13/68] * dropped genalloc as allocator * first attempt at rewriting pmalloc, as discussed with Matthew Wilcox: [http://www.openwall.com/lists/kernel-hardening/2018/03/14/20] * removed free function from the API * removed distinction between protected and unprotected pools: a pool can contain both protectec and unprotected areas. * removed gpf parameter, as it didn't seem too useful (or not?) * added option to specify alignment of allocations * added parameter for specifying size of a refill * removed option to pre-allocate memory for a pool (is it a bad idea?) * changed vmap_area to allow chaining them, for tracking them in a pool * made public the previously private find_vmap_area function Igor Stoppa (6): struct page: add field for vm_struct vmalloc: rename llist field in vmap_area Protectable Memory Pmalloc selftest lkdtm: crash on overwriting protected pmalloc var Documentation for Pmalloc Documentation/core-api/index.rst | 1 + Documentation/core-api/pmalloc.rst | 101 ++++++++++++ drivers/misc/lkdtm.h | 1 + drivers/misc/lkdtm_core.c | 3 + drivers/misc/lkdtm_perms.c | 28 ++++ include/linux/mm_types.h | 1 + include/linux/pmalloc.h | 281 ++++++++++++++++++++++++++++++++ include/linux/test_pmalloc.h | 24 +++ include/linux/vmalloc.h | 5 +- init/main.c | 2 + mm/Kconfig | 16 ++ mm/Makefile | 2 + mm/pmalloc.c | 321 +++++++++++++++++++++++++++++++++++++ mm/test_pmalloc.c | 136 ++++++++++++++++ mm/usercopy.c | 33 ++++ mm/vmalloc.c | 10 +- 16 files changed, 960 insertions(+), 5 deletions(-) create mode 100644 Documentation/core-api/pmalloc.rst create mode 100644 include/linux/pmalloc.h create mode 100644 include/linux/test_pmalloc.h create mode 100644 mm/pmalloc.c create mode 100644 mm/test_pmalloc.c -- 2.14.1