Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 17 Feb 2017 22:58:41 -0700
From: Eddie Kovsky <ewk@...ovsky.org>
To: jeyu@...hat.com,
	rusty@...tcorp.com.au,
	keescook@...omium.org,
	kys@...rosoft.com,
	haiyangz@...rosoft.com,
	sthemmin@...rosoft.com
Cc: linux-kernel@...r.kernel.org,
	kernel-hardening@...ts.openwall.com
Subject: [PATCH v2 0/3] provide check for ro_after_init memory sections

Provide a mechansim for other functions to verify that their arguments
are read-only. Use this mechansim in the vmbus register functions to
reject arguments that fail this test.

This implements a suggestion made by Kees Cook for the Kernel Self
Protection Project:

    * provide mechanism to check for ro_after_init memory areas, and
      reject structures not marked ro_after_init in vmbus_register()

      http://www.openwall.com/lists/kernel-hardening/2017/02/04/1

I have successfully compiled this series on next-20170215 for x86.

Eddie Kovsky (3):
  module: verify address is read-only
  extable: verify address is read-only
  Make vmbus register arguments read-only

 drivers/hv/vmbus_drv.c | 10 ++++++++++
 include/linux/kernel.h |  2 ++
 include/linux/module.h |  7 +++++++
 kernel/extable.c       | 29 +++++++++++++++++++++++++++++
 kernel/module.c        | 44 ++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 92 insertions(+)

--
2.11.1

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.