Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp965647pxy; Thu, 22 Apr 2021 18:51:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxPwXd6SqdUJ6gZF2vVF7GpjI/UFu4PYfWIhgIZLFjnE172KyUiWZi12CyBpkxsgUCppb7y X-Received: by 2002:aa7:ca04:: with SMTP id y4mr1596237eds.72.1619142695499; Thu, 22 Apr 2021 18:51:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619142695; cv=none; d=google.com; s=arc-20160816; b=ocmen7Ld+/Q+zGy7kBh6om3BQUlbQy6uQmQ1yxLb4CDWNl6bBArLOhBuYcJUN1/LAx OqBy63HOozvTHjhxs6WVDlx1DKdLMIsCnx3p+7iySWbvCKbPTtWeoeamsDU559w1WFLY XlFrPi53fEkZnSzSnhWRMtLEx1CsDRuoFB/Oe/GaKvUsftda/j2pc7hT3sa/umswrOK4 7oBXeMRfHdnqlop/cEcVgnZGgsapKNSgrXTJJ1E0QyCqpeneuryDCy2jqRmmSfJijRls MX7jx+MkEVhnANKzB9mqHQAOdye8+XhE9dPusRkX7/6Zdxe9gC45qfDD3Z5WQyKqUva8 hqsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:to:from:cc:in-reply-to:subject:date:dkim-signature; bh=XajKNy6aoIfR9fbxhkyLjiEoAllUlrFjsDiP5vSV8KI=; b=cd2nLJa/EkG81FjUf+p7v/egbal4qcw7++EcL52+ls6g7Sic9jmHnU+raJRbl57PLR Oc/XOpjCfKKDutrOUlUPqXCMa1BbLxIZYmkeUFXVMB3VR+u82vj2OanVX31Jp5cOBkrK XNQOO0kcvvEMPea/Ow73KBQhAGqCjs6Hx6otr5srcj/nyuZTBnG8psgaF/FGQIB5PBt4 wvXl0A4IW8ot65jeIGdw7Md13ukaQVwBQvG2qe8jeXDMRZFI23pJUdqW6g1k/XfUt55a /h9kZ7VZQdLfaiaaYk/cXKrSgzcLzBT/hKMRDqJvweCdWZB5JxesraVP8ka4ehlG3bkM J1PA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dabbelt-com.20150623.gappssmtp.com header.s=20150623 header.b=16Qh8D3Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l25si3692096eds.452.2021.04.22.18.51.12; Thu, 22 Apr 2021 18:51:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@dabbelt-com.20150623.gappssmtp.com header.s=20150623 header.b=16Qh8D3Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240492AbhDWBtq (ORCPT + 99 others); Thu, 22 Apr 2021 21:49:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44840 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240440AbhDWBtH (ORCPT ); Thu, 22 Apr 2021 21:49:07 -0400 Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 274C9C061343 for ; Thu, 22 Apr 2021 18:48:32 -0700 (PDT) Received: by mail-pj1-x1034.google.com with SMTP id j6-20020a17090adc86b02900cbfe6f2c96so404520pjv.1 for ; Thu, 22 Apr 2021 18:48:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dabbelt-com.20150623.gappssmtp.com; s=20150623; h=date:subject:in-reply-to:cc:from:to:message-id:mime-version :content-transfer-encoding; bh=XajKNy6aoIfR9fbxhkyLjiEoAllUlrFjsDiP5vSV8KI=; b=16Qh8D3ZW09f+o41dGeMuO8jYxQStQWUf8WQAcJBxyGephSQEm1pixjYLvHT7hx7uG B5IH70i7Vf5dN6C+dPps5sR73nPC7Z0WiasfMoumBSvW9Zpxv1+t+4w6Uo+P5AgwvX3v aevwalaXJpmnDNJTZv/QFm88qjzZW+cy+mmV6iU/ZU4LCJYg/nlKj3zvLUmL1X9NOcyA 6KtO60xIcclIYBfhI4w/sN0j0fSsysXPJ5AB4PujGRXM2AObwsQudjLbhC0adIsHd5wO UnRvSk8Ii4bDHs/uYn5p9VHH94bGc5KWzLlhtlf9JptbVH/tc0vo/wFJnK/YyA/UOXwv HOYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:subject:in-reply-to:cc:from:to:message-id :mime-version:content-transfer-encoding; bh=XajKNy6aoIfR9fbxhkyLjiEoAllUlrFjsDiP5vSV8KI=; b=Prcb3ux0XXauy8wnu7YPVjSNuvIh6TQ9TFfNzx5QfXMPaZ10komZLgUdgZdD12H0hy M+E2PE7fC6L3XSOw9qp4/oPdeEGpN73P40znQRgnsarZ33s/d8WFJS5TdV9tG3fzCqHA +/kzuI9moGfxDRUukAG7i7+0ovqnsXepfgINQQyrNmAO5MaNv75IgFBeO3opzzFFSOjA E9Rv5Cd8IRbtayUJBQsieTArqkShy5v9QC3pck7FQcuVm33LQQ2b1HKn6CfXlpQM8XKm AcyYGwr6+VVksmAsoBLagunG/8tSMaTl74WrNGH2eBpyCDAsEz4KxHJFpbg1dHF3xbuo sVIA== X-Gm-Message-State: AOAM530YB73D+dmMtNjBU/zfJbELHpXieVttRKUjC8Pj4AKdI9BEdgBE aNZCE0zuoGyFI891BGLwz6rWUQ== X-Received: by 2002:a17:90a:c3:: with SMTP id v3mr3158756pjd.55.1619142511541; Thu, 22 Apr 2021 18:48:31 -0700 (PDT) Received: from localhost (76-210-143-223.lightspeed.sntcca.sbcglobal.net. [76.210.143.223]) by smtp.gmail.com with ESMTPSA id w123sm3004405pfb.109.2021.04.22.18.48.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Apr 2021 18:48:30 -0700 (PDT) Date: Thu, 22 Apr 2021 18:48:30 -0700 (PDT) X-Google-Original-Date: Thu, 22 Apr 2021 18:48:29 PDT (-0700) Subject: Re: [PATCH 0/9] riscv: improve self-protection In-Reply-To: <20210330022144.150edc6e@xhacker> CC: Paul Walmsley , aou@eecs.berkeley.edu, ryabinin.a.a@gmail.com, glider@google.com, andreyknvl@gmail.com, dvyukov@google.com, bjorn@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, netdev@vger.kernel.org, bpf@vger.kernel.org From: Palmer Dabbelt To: jszhang3@mail.ustc.edu.cn Message-ID: Mime-Version: 1.0 (MHng) Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 29 Mar 2021 11:21:44 PDT (-0700), jszhang3@mail.ustc.edu.cn wrote: > From: Jisheng Zhang > > patch1 is a trivial improvement patch to move some functions to .init > section > > Then following patches improve self-protection by: > > Marking some variables __ro_after_init > Constifing some variables > Enabling ARCH_HAS_STRICT_MODULE_RWX > > Jisheng Zhang (9): > riscv: add __init section marker to some functions > riscv: Mark some global variables __ro_after_init > riscv: Constify sys_call_table > riscv: Constify sbi_ipi_ops > riscv: kprobes: Implement alloc_insn_page() > riscv: bpf: Move bpf_jit_alloc_exec() and bpf_jit_free_exec() to core > riscv: bpf: Avoid breaking W^X > riscv: module: Create module allocations without exec permissions > riscv: Set ARCH_HAS_STRICT_MODULE_RWX if MMU > > arch/riscv/Kconfig | 1 + > arch/riscv/include/asm/smp.h | 4 ++-- > arch/riscv/include/asm/syscall.h | 2 +- > arch/riscv/kernel/module.c | 2 +- > arch/riscv/kernel/probes/kprobes.c | 8 ++++++++ > arch/riscv/kernel/sbi.c | 10 +++++----- > arch/riscv/kernel/smp.c | 6 +++--- > arch/riscv/kernel/syscall_table.c | 2 +- > arch/riscv/kernel/time.c | 2 +- > arch/riscv/kernel/traps.c | 2 +- > arch/riscv/kernel/vdso.c | 4 ++-- > arch/riscv/mm/init.c | 12 ++++++------ > arch/riscv/mm/kasan_init.c | 6 +++--- > arch/riscv/mm/ptdump.c | 2 +- > arch/riscv/net/bpf_jit_comp64.c | 13 ------------- > arch/riscv/net/bpf_jit_core.c | 14 ++++++++++++++ > 16 files changed, 50 insertions(+), 40 deletions(-) Thanks. These are on for-next. I had to fix up a handful of merge conflicts, so LMK if I made any mistakes.