Received: by 10.213.65.68 with SMTP id h4csp781823imn; Tue, 27 Mar 2018 08:39:53 -0700 (PDT) X-Google-Smtp-Source: AG47ELuWVmhoF5GMWJdLaWN3R+JEw//nMNvhpUjEO1fgpBXIZqagB0sEYycDrzAAvmogN5RapuNL X-Received: by 2002:a17:902:4545:: with SMTP id m63-v6mr40271025pld.149.1522165193074; Tue, 27 Mar 2018 08:39:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522165193; cv=none; d=google.com; s=arc-20160816; b=lIu/ayXV0Wt8puwO4z0uih5f3HuiN6Pa1x0t0ZZTGJD6eFm/bX+MOszdjALws7VfsH 0sllEk99nBybfm/7iEw+zm/mcDK5lIi0w9JCu7mMZnwV5hXxONV/6inA2mnuFNF+w2h+ I9ejAiJ0z1FKnaOAD8JAyrM6qjtA+Rdme8zkSJgGu01Oxd6SegWRkrxil8qcqzksa2wW oHA6D2pLzt9Bj81CaJi7G7mRfizFnH72hyWNUFjQnshQDhFCHTnxj3ceVbSByRf/A7fs kCzTmWGnJgKJXUqp4sZnuqc01KDyNYN9YRrL3fRgIuH+HYmA2n2cJ1VN2LoUYhiFlZZz jQ6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:arc-authentication-results; bh=oPq+COxaiYMwEjctFPcEkc0a9Du0nzCPWUhSYTXvpXQ=; b=vpk+z7AqJuvKUHwcapBmCH3q+9gJdwhaxgy/FJMpl+vcgDS+Ots6QzmLyhMlrK+zH/ d0f2TaNc8Hq2A6k1rrjw1WwBBsr855yQAvhqxnUh5PSOyMP0Wg3sudjIT5xKgU4lCxwd 4Yv6aFF2jJpeFfaYRacVqF4DpvoxkbWmrDeJexYEURDVB8Lyey1Dg22Lu9bXewEW2lMz 5mNSthHGKILIAw3+FBSBUVp1SQrY4I9ep1+LjCr9zxXXMH8VJJHPgELxOKW5Dl/zf5g8 VHKdH4mBvXdvvd9BeY83vt8j2O1SP4vfxA73M3TpkVBDYCMNmdFK5j0G5na4tm8vvr0u fOjQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x12si1182641pfi.181.2018.03.27.08.39.37; Tue, 27 Mar 2018 08:39:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752682AbeC0PiV (ORCPT + 99 others); Tue, 27 Mar 2018 11:38:21 -0400 Received: from lhrrgout.huawei.com ([194.213.3.17]:30946 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752204AbeC0PiU (ORCPT ); Tue, 27 Mar 2018 11:38:20 -0400 Received: from LHREML713-CAH.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 811CBD03F9FA1; Tue, 27 Mar 2018 16:38:16 +0100 (IST) Received: from localhost.localdomain (10.122.225.51) by smtpsuk.huawei.com (10.201.108.36) with Microsoft SMTP Server (TLS) id 14.3.382.0; Tue, 27 Mar 2018 16:38:12 +0100 From: Igor Stoppa To: , , CC: , , , , , , , , Igor Stoppa Subject: [RFC PATCH v21 0/6] mm: security: ro protection for dynamic data Date: Tue, 27 Mar 2018 18:37:36 +0300 Message-ID: <20180327153742.17328-1-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.14.1 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.122.225.51] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch-set introduces the possibility of protecting memory that has been allocated dynamically. The memory is managed in pools: when a memory pool is protected, all the memory that is currently part of it, will become R/O. A R/O pool can be expanded (adding more protectable memory). It can also be destroyed, to recover its memory, but it cannot be turned back into R/W mode. This is intentional. This feature is meant for data that doesn't need further modifications after initialization. However the data might need to be released, for example as part of module unloading. The pool, therefore, can be destroyed. An example is provided, in the form of self-testing. Changes since v20: [http://www.openwall.com/lists/kernel-hardening/2018/03/27/2] * removed the align_order parameter from allocation functions * improved documentation with more explanation * fixed lkdt test * reworked the destroy function, removing a possible race with use-after-free code. Igor Stoppa (6): struct page: add field for vm_struct vmalloc: rename llist field in vmap_area Protectable Memory Pmalloc selftest lkdtm: crash on overwriting protected pmalloc var Documentation for Pmalloc Documentation/core-api/index.rst | 1 + Documentation/core-api/pmalloc.rst | 107 +++++++++++++++ drivers/misc/lkdtm.h | 1 + drivers/misc/lkdtm_core.c | 3 + drivers/misc/lkdtm_perms.c | 25 ++++ include/linux/mm_types.h | 1 + include/linux/pmalloc.h | 166 +++++++++++++++++++++++ include/linux/test_pmalloc.h | 24 ++++ include/linux/vmalloc.h | 5 +- init/main.c | 2 + mm/Kconfig | 16 +++ mm/Makefile | 2 + mm/pmalloc.c | 264 +++++++++++++++++++++++++++++++++++++ mm/test_pmalloc.c | 136 +++++++++++++++++++ mm/usercopy.c | 33 +++++ mm/vmalloc.c | 10 +- 16 files changed, 791 insertions(+), 5 deletions(-) create mode 100644 Documentation/core-api/pmalloc.rst create mode 100644 include/linux/pmalloc.h create mode 100644 include/linux/test_pmalloc.h create mode 100644 mm/pmalloc.c create mode 100644 mm/test_pmalloc.c -- 2.14.1