Date: Wed, 21 Feb 2018 14:24:42 -0800 From: Kees Cook <keescook@...omium.org> To: Igor Stoppa <igor.stoppa@...wei.com> Cc: Matthew Wilcox <willy@...radead.org>, Randy Dunlap <rdunlap@...radead.org>, Jonathan Corbet <corbet@....net>, Michal Hocko <mhocko@...nel.org>, Laura Abbott <labbott@...hat.com>, Jerome Glisse <jglisse@...hat.com>, Christoph Hellwig <hch@...radead.org>, Christoph Lameter <cl@...ux.com>, linux-security-module <linux-security-module@...r.kernel.org>, Linux-MM <linux-mm@...ck.org>, LKML <linux-kernel@...r.kernel.org>, Kernel Hardening <kernel-hardening@...ts.openwall.com> Subject: Re: [PATCH 5/6] Pmalloc: self-test On Tue, Feb 20, 2018 at 8:40 AM, Igor Stoppa <igor.stoppa@...wei.com> wrote: > > On 13/02/18 01:43, Kees Cook wrote: >> On Mon, Feb 12, 2018 at 8:53 AM, Igor Stoppa <igor.stoppa@...wei.com> wrote: > > [...] > >>> +obj-$(CONFIG_PROTECTABLE_MEMORY_SELFTEST) += pmalloc-selftest.o >> >> Nit: self-test modules are traditionally named "test_$thing.o" >> (outside of the tools/ directory). > > ok > > [...] > >> I wonder if lkdtm should grow a test too, to validate the RO-ness of >> the allocations at the right time in API usage? > > sorry for being dense ... are you proposing that I do something to > lkdtm_rodata.c ? An example would probably help me understand. It would likely live in lkdtm_perms.c (or maybe lkdtm_heap.c). Namely, use the pmalloc API and then attempt to write to a read-only variable in the pmalloc region (to prove that the permission adjustment actually happened). Likely a good example is lkdtm_WRITE_RO_AFTER_INIT(). -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.