Date: Thu, 2 Mar 2017 20:02:57 -0800 From: Kees Cook <keescook@...omium.org> To: Hoeun Ryu <hoeun.ryu@...il.com> Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, LKML <linux-kernel@...r.kernel.org>, Mark Rutland <mark.rutland@....com>, Andy Lutomirski <luto@...nel.org>, Emese Revfy <re.emese@...il.com>, Russell King <linux@...linux.org.uk>, PaX Team <pageexec@...email.hu>, "x86@...nel.org" <x86@...nel.org> Subject: Re: [RFC] arm64: support HAVE_ARCH_RARE_WRITE On Thu, Mar 2, 2017 at 7:00 AM, Hoeun Ryu <hoeun.ryu@...il.com> wrote: > This RFC is a quick and dirty arm64 implementation for Kees Cook's RFC for > rare_write infrastructure . Awesome! :) > This implementation is based on Mark Rutland's suggestions, which is that > a special userspace mm that maps only __start/end_rodata as RW permission > is prepared during early boot time (paging_init) and __arch_rare_write_map() > switches to the mm . > > Due to the limit of implementation (the mm having RW mapping is userspace > mm), we need a new arch-specific __arch_rare_write_ptr() to convert RO > address to RW address (CONFIG_HAVE_RARE_WRITE_PTR is added), which is > general for all architectures (__rare_write_ptr()) in Kees's RFC . So all > writes should be instrumented by __rare_write(). Cool, yeah, I'll get all this fixed up in my next version. > One caveat for arm64 is CONFIG_ARM64_SW_TTBR0_PAN. > Because __arch_rare_write_map() installes a special user mm to ttbr0, > usercopy inside __arch_rare_write_map/unmap() pair will break rare_write. > (uaccess_enable() replaces the special mm and RW alias is no longer valid.) That's totally fine constraint: this case should never happen for so many reasons. :) > A similar problem could rise in general usercopy inside > __arch_rare_write_map/unmap(). __arch_rare_write_map() replaces current->mm, > so we loose the address space of the `current` process. > > It passes LKDTM's rare write test. > >  : http://www.openwall.com/lists/kernel-hardening/2017/02/27/5 >  : https://lkml.org/lkml/2017/2/22/254 > > Signed-off-by: Hoeun Ryu <hoeun.ryu@...il.com> -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.