Re: [PATCH 0/2] mm: tweaks for improving use of vmap_area

On 01/05/18 03:15, Andrew Morton wrote: On Fri, 27 Apr 2018 03:42:41 +0400 Igor Stoppa <igor.sto...@gmail.com> wrote: These two patches were written in preparation for the creation of protectable memory, however their use is not limited to pmalloc and can improve the use of vir

[PATCH 3/3] genalloc: selftest

troubleshooting a crash, it is recommended to compile the tests into the monolithic kernel. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- lib/Kconfig.debug | 23 +++ lib/Makefile| 1 + lib/test_genalloc.c | 419 3 files c

[PATCH 0/3 v2] linux-next: mm: Track genalloc allocations

enwall.com/lists/kernel-hardening/2018/04/29/1] * make the tester code a kernel module * turn selftest BUG() error exit paths into WARN() * add analysis of impact on current users of genalloc Igor Stoppa (3): genalloc: track beginning of allocations Add label and license to genalloc.rst

[PATCH 1/3] genalloc: track beginning of allocations

Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc.h | 112 +++ lib/genalloc.c | 742 ++- 2 files changed, 599 insertions(+), 255 deletions(-) diff --git a/include/linux/genalloc.h b/include/linux/genalloc.h

[PATCH 2/3] Add label and license to genalloc.rst

Add SPDX license to genalloc.rst, then a label, to allow cross-referencing. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- Documentation/core-api/genalloc.rst | 4 1 file changed, 4 insertions(+) diff --git a/Documentation/core-api/genalloc.rst b/Documentation/co

Re: [PATCH 0/3 v2] linux-next: mm: Track genalloc allocations

On 03/05/18 01:50, Andrew Morton wrote: On Wed, 2 May 2018 05:05:19 +0400 Igor Stoppa <igor.sto...@gmail.com> wrote: This patchset was created as part of an older version of pmalloc, however it has value per-se, as it hardens the memory management for the generic allocator ge

[PATCH 0/2] mm: tweaks for improving use of vmap_area

/Igor-security/linux/tree/preparations-for-mm Igor Stoppa (2): struct page: add field for vm_struct vmalloc: rename llist field in vmap_area include/linux/mm_types.h | 1 + include/linux/vmalloc.h | 2 +- mm/vmalloc.c | 8 +--- 3 files changed, 7 insertions(+), 4 deletions

[PATCH 2/2] vmalloc: rename llist field in vmap_area

tilization outside of the purging phase. Since the purging happens after the vmap_area is dismissed, its use is mutually exclusive with any use performed while the area is allocated. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/vmalloc.h | 2 +- mm/vmalloc.c

[PATCH 1/2] struct page: add field for vm_struct

arent area. This will avoid more expensive searches, later on. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> Reviewed-by: Jay Freyensee <why2jjj.li...@gmail.com> Reviewed-by: Matthew Wilcox <mawil...@microsoft.com> --- include/linux/mm_types.h | 1 + mm/vmalloc.c

Re: [PATCH 0/3] linux-next: mm: hardening: Track genalloc allocations

oops, sorry, I forgot the references :-( On 29/04/18 20:39, Igor Stoppa wrote: On 29/04/18 07:09, Matthew Wilcox wrote: On Sun, Apr 29, 2018 at 06:45:39AM +0400, Igor Stoppa wrote: This patchset was created as part of an older version of pmalloc, however it has value per-se, as it hardens

Re: [PATCH 0/3] linux-next: mm: hardening: Track genalloc allocations

On 29/04/18 07:09, Matthew Wilcox wrote: On Sun, Apr 29, 2018 at 06:45:39AM +0400, Igor Stoppa wrote: This patchset was created as part of an older version of pmalloc, however it has value per-se, as it hardens the memory management for the generic allocator genalloc. Genalloc does

Re: [PATCH 3/3] genalloc: selftest

On 29/04/18 07:36, Randy Dunlap wrote: On 04/28/2018 07:45 PM, Igor Stoppa wrote: [...] + test_genalloc(); Is there a stub for test_genalloc() when its config option is not enabled? I don't see it. I failed to add to the patch include/linux/test_genalloc.h :-/ That's where the stub

Re: Correct way to access the physmap? - Was: Re: [PATCH 7/9] Pmalloc Rare Write: modify selected pools

On 04/05/18 01:55, Dave Hansen wrote: On 05/03/2018 02:52 PM, Igor Stoppa wrote: At the end of the summit, we agreed that I would go through the physmap. Do you mean the kernel linear map? Apparently I did mean it. It was confusing, because I couldn't find a single place stating

Correct way to access the physmap? - Was: Re: [PATCH 7/9] Pmalloc Rare Write: modify selected pools

On 24/04/18 15:50, Matthew Wilcox wrote: On Mon, Apr 23, 2018 at 04:54:56PM +0400, Igor Stoppa wrote: While the vanilla version of pmalloc provides support for permanently transitioning between writable and read-only of a memory pool, this patch seeks to support a separate class of data

[PATCH 2/3] Add label and license to genalloc.rst

Add SPDX license to genalloc.rst, then a label, to allow cross-referencing. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- Documentation/core-api/genalloc.rst | 4 1 file changed, 4 insertions(+) diff --git a/Documentation/core-api/genalloc.rst b/Documentation/co

[PATCH 1/3] genalloc: track beginning of allocations

that the patch works correctly. Eventually, the extra parameter (and the corresponding verification) could be dropped, in favor of a simplified API. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc.h | 112 +++ lib/genalloc.c

[PATCH 3/3] genalloc: selftest

it as module. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- init/main.c | 2 + lib/Kconfig | 15 ++ lib/Makefile| 1 + lib/test_genalloc.c | 410 4 files changed, 428 insertions(+) create mode 1006

[PATCH 0/3] linux-next: mm: hardening: Track genalloc allocations

the callers of the free function with the internal tracking. Later on, the "size" parameter can be dropped, and each caller can be adjusted accordingly. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> Igor Stoppa (3): genalloc: track beginning of allocations Add l

[PATCH 5/6] Documentation for Pmalloc

Detailed documentation about the protectable memory allocator. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- Documentation/core-api/pmalloc.txt | 104 + 1 file changed, 104 insertions(+) create mode 100644 Documentation/core-api/pmalloc.txt

[PATCH 6/6] Pmalloc: self-test

Add basic self-test functionality for pmalloc. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- mm/Kconfig| 7 ++ mm/Makefile | 1 + mm/pmalloc-selftest.c | 65 +++ mm/pmalloc-selftest.

[PATCH 4/6] Protectable Memory

as needed, for example to support the protection of data that is initialized in sufficiently distinct phases. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc.h | 3 + include/linux/pmalloc.h | 215 include/linux/vmalloc.h | 1

Re: [kernel-hardening] [PATCH 4/6] Protectable Memory

On 26/01/18 07:35, Matthew Wilcox wrote: > On Wed, Jan 24, 2018 at 08:10:53PM +0100, Jann Horn wrote: >> I'm not entirely convinced by the approach of marking small parts of >> kernel memory as readonly for hardening. > > It depends how significant the data stored in there are. For example, >

Re: [kernel-hardening] [PATCH 4/6] Protectable Memory

On 25/01/18 17:38, Jerome Glisse wrote: > On Thu, Jan 25, 2018 at 10:14:28AM -0500, Boris Lukashev wrote: >> On Thu, Jan 25, 2018 at 6:59 AM, Igor Stoppa <igor.sto...@huawei.com> wrote: > > [...] > >> DMA/physmap access coupled with a knowledge of which virtual m

Re: [PATCH 4/6] Protectable Memory

On 24/01/18 19:56, Igor Stoppa wrote: [...] > +bool pmalloc_prealloc(struct gen_pool *pool, size_t size) > +{ [...] > +abort: > + vfree(chunk); this should be vfree_atomic() [...] > +void *pmalloc(struct gen_pool *pool, size_t size, gfp_t gfp) > +{ [...] > +free

Re: [PATCH 5/6] Documentation for Pmalloc

On 24/01/18 21:14, Ralph Campbell wrote: > 2 Minor typos inline below: thanks for proof-reading, will fix accordingly. -- igor

Re: [kernel-hardening] [PATCH 4/6] Protectable Memory

Hi, thanks for the review. My reply below. On 24/01/18 21:10, Jann Horn wrote: > I'm not entirely convinced by the approach of marking small parts of > kernel memory as readonly for hardening. Because of the physmap you mention later? Regarding small parts vs big parts (what is big enough?) I

[RFC PATCH v11 0/6] mm: security: ro protection for dynamic data

iew. Igor Stoppa (6): genalloc: track beginning of allocations genalloc: selftest struct page: add field for vm_struct Protectable Memory Documentation for Pmalloc Pmalloc: self-test Documentation/core-api/pmalloc.txt | 104 include/linux/genalloc-selftest.h | 30 +++ incl

[PATCH 1/6] genalloc: track beginning of allocations

being patched has a 1:1 mapping between allocation units and bits. This means that, now, the bitmap can be extended (by following powers of 2), to track also other properties of the allocations, if ever needed. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genall

[PATCH 2/6] genalloc: selftest

. The execution of the self testing is controlled through a Kconfig option. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc-selftest.h | 30 +++ init/main.c | 2 + lib/Kconfig | 15 ++ lib/Makefile | 1

[PATCH 3/6] struct page: add field for vm_struct

arent area. This will avoid more expensive searches. As example, the function find_vm_area is reimplemented, to take advantage of the newly introduced field. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/mm_types.h | 1 + mm/vmalloc.c | 18 +-

[PATCH 2/2] genalloc: selftest

. The execution of the self testing is controlled through a Kconfig option. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc-selftest.h | 30 +++ init/main.c | 2 + lib/Kconfig | 14 ++ lib/Makefile | 1

[RESEND PATCH v2 0/2] mm: genalloc - track beginning of allocations

missed someone, please include them to the recipients. Igor Stoppa (2): genalloc: track beginning of allocations genalloc: selftest include/linux/genalloc-selftest.h | 30 +++ include/linux/genalloc.h | 3 +- init/main.c | 2 + lib/Kconfig

[PATCH 1/2] genalloc: track beginning of allocations

being patched has a 1:1 mapping between allocation units and bits. This means that, now, the bitmap can be extended (by following powers of 2), to track also other properties of the allocations, if ever needed. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genall

[PATCH 1/6] genalloc: track beginning of allocations

being patched has a 1:1 mapping between allocation units and bits. This means that, now, the bitmap can be extended (by following powers of 2), to track also other properties of the allocations, if ever needed. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genall

[PATCH 2/6] genalloc: selftest

. The execution of the self testing is controlled through a Kconfig option. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc-selftest.h | 30 +++ init/main.c | 2 + lib/Kconfig | 15 ++ lib/Makefile | 1

[PATCH 4/6] Protectable Memory

as needed, for example to support the protection of data that is initialized in sufficiently distinct phases. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc.h | 3 + include/linux/pmalloc.h | 216 include/linux/vmalloc.h | 1

[PATCH 3/6] struct page: add field for vm_struct

arent area. This will avoid more expensive searches. As example, the function find_vm_area is reimplemented, to take advantage of the newly introduced field. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/mm_types.h | 1 + mm/vmalloc.c | 18 +-

[PATCH 5/6] Documentation for Pmalloc

Detailed documentation about the protectable memory allocator. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- Documentation/core-api/pmalloc.txt | 104 + 1 file changed, 104 insertions(+) create mode 100644 Documentation/core-api/pmalloc.txt

[RFC PATCH v12 0/6] mm: security: ro protection for dynamic data

. An example is provided, in the form of self-testing. Changes since the v11 version: [http://www.openwall.com/lists/kernel-hardening/2018/01/24/4] - restricted access to sysfs entries created (444 -> 400) - more explicit reference to documentation - couple of typos Igor Stoppa (6): genal

Re: [kernel-hardening] [PATCH 4/6] Protectable Memory

On 26/01/18 18:36, Boris Lukashev wrote: > I like the idea of making the verification call optional for consumers > allowing for fast/slow+hard paths depending on their needs. > Cant see any additional vectors for abuse (other than the original > ones effecting out-of-band modification) introduced

[PATCH 6/6] Pmalloc: self-test

Add basic self-test functionality for pmalloc. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- lib/genalloc.c| 2 +- mm/Kconfig| 7 ++ mm/Makefile | 1 + mm/pmalloc-selftest.c | 65 +++ mm/p

Re: [PATCH 3/6] struct page: add field for vm_struct

On 01/02/18 02:00, Christopher Lameter wrote: > On Tue, 30 Jan 2018, Igor Stoppa wrote: > >> @@ -1769,6 +1774,9 @@ void *__vmalloc_node_range(unsigned long size, >> unsigned long align, >> >> kmemleak_vmalloc(area, size, gfp_mask); >> >> +

Re: [PATCH v6] checkpatch.pl: Add SPDX license tag check

On 02/02/18 17:40, Rob Herring wrote: > Add SPDX license tag check based on the rules defined in Shouldn't it also check that the license is compatible? [...] > + } elsif ($realfile =~ /\.rst$/) { > + $comment = '..'; What is the

Re: [PATCH 3/6] struct page: add field for vm_struct

On 01/02/18 23:11, Kees Cook wrote: > IIUC, he means PageHead(), which is also hard to grep for, since it is > a constructed name, via Page##uname in include/linux/page-flags.h: > > __PAGEFLAG(Head, head, PF_ANY) CLEARPAGEFLAG(Head, head, PF_ANY) Thank you, I'll try to provide a meaningful

Re: [PATCH 5/6] Documentation for Pmalloc

Thanks for the review and apologies for the delay. Replies inlined below. On 30/01/18 19:08, Jonathan Corbet wrote: > On Tue, 30 Jan 2018 17:14:45 +0200 > Igor Stoppa <igor.sto...@huawei.com> wrote: [...] > Please don't put plain-text files into core-api - that's a directory fu

Re: [PATCH 3/6] struct page: add field for vm_struct

On 02/02/18 20:43, Christopher Lameter wrote: > On Thu, 1 Feb 2018, Igor Stoppa wrote: > >>> Would it not be better to use compound page allocations here? [...] > Ok its compound_head(). See also the use in the SLAB and SLUB allocator. > >> During hardened user co

Re: [PATCH v6] checkpatch.pl: Add SPDX license tag check

On 02/02/18 21:06, Joe Perches wrote: > On Fri, 2018-02-02 at 12:27 -0600, Rob Herring wrote: >> On Fri, Feb 2, 2018 at 9:49 AM, Igor Stoppa <igor.sto...@huawei.com> wrote: >>> On 02/02/18 17:40, Rob Herring wrote: >>>> Add SPDX license tag check based on th

Re: [kernel-hardening] [PATCH 4/6] Protectable Memory

On 04/02/18 00:29, Boris Lukashev wrote: > On Sat, Feb 3, 2018 at 3:32 PM, Igor Stoppa <igor.sto...@huawei.com> wrote: [...] >> What you are suggesting, if I have understood it correctly, is that, >> when the pool is protected, the addresses already given out, will bec

[PATCH 5/6] Pmalloc: self-test

Add basic self-test functionality for pmalloc. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- mm/Kconfig| 9 mm/Makefile | 1 + mm/pmalloc-selftest.c | 61 +++ mm/pmalloc-selftest.

[PATCH 6/6] Documentation for Pmalloc

Detailed documentation about the protectable memory allocator. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- Documentation/core-api/index.rst | 1 + Documentation/core-api/pmalloc.rst | 114 + 2 files changed, 115 insertions(+) creat

[PATCH 1/6] genalloc: track beginning of allocations

being patched has a 1:1 mapping between allocation units and bits. This means that, now, the bitmap can be extended (by following powers of 2), to track also other properties of the allocations, if ever needed. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genall

[PATCH 2/6] genalloc: selftest

. The execution of the self testing is controlled through a Kconfig option. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc-selftest.h | 30 +++ init/main.c | 2 + lib/Kconfig | 15 ++ lib/Makefile | 1

[PATCH 3/6] struct page: add field for vm_struct

arent area. This will avoid more expensive searches. As example, the function find_vm_area is reimplemented, to take advantage of the newly introduced field. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/mm_types.h | 1 + mm/vmalloc.c | 18 +-

[PATCH 4/6] Protectable Memory

as needed, for example to support the protection of data that is initialized in sufficiently distinct phases. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc.h | 3 + include/linux/pmalloc.h | 213 include/linux/vmalloc.h | 1

[RFC PATCH v14 0/6] mm: security: ro protection for dynamic data

. An example is provided, in the form of self-testing. Changes since v13: [http://www.openwall.com/lists/kernel-hardening/2018/02/03/3] - fixed warnings from "make htmldocs" - added documentation to core-api index Igor Stoppa (6): genalloc: track beginning of allocations genalloc

Re: [kernel-hardening] [PATCH 4/6] Protectable Memory

+Boris Lukashev On 02/02/18 20:39, Christopher Lameter wrote: > On Thu, 25 Jan 2018, Matthew Wilcox wrote: > >> It's worth having a discussion about whether we want the pmalloc API >> or whether we want a slab-based API. We can have a separate discussion >> about an API to remove pages from the

[PATCH 4/6] Protectable Memory

as needed, for example to support the protection of data that is initialized in sufficiently distinct phases. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc.h | 3 + include/linux/pmalloc.h | 211 +++ include/linux/vmalloc.h | 1

[PATCH 2/6] genalloc: selftest

. The execution of the self testing is controlled through a Kconfig option. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc-selftest.h | 30 +++ init/main.c | 2 + lib/Kconfig | 15 ++ lib/Makefile | 1

[PATCH 1/6] genalloc: track beginning of allocations

being patched has a 1:1 mapping between allocation units and bits. This means that, now, the bitmap can be extended (by following powers of 2), to track also other properties of the allocations, if ever needed. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genall

[PATCH 3/6] struct page: add field for vm_struct

arent area. This will avoid more expensive searches. As example, the function find_vm_area is reimplemented, to take advantage of the newly introduced field. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/mm_types.h | 1 + mm/vmalloc.c | 18 +-

Re: [kernel-hardening] [PATCH 4/6] Protectable Memory

>> On Thu, 25 Jan 2018, Matthew Wilcox wrote: >>> It's worth having a discussion about whether we want the pmalloc API >>> or whether we want a slab-based API. I'd love to have some feedback specifically about the API. I have also some idea about userspace and how to extend the pmalloc concept

Re: [kernel-hardening] [PATCH 4/6] Protectable Memory

On 03/02/18 22:12, Boris Lukashev wrote: > Regarding the notion of validated protected memory, is there a method > by which the resulting checksum could be used in a lookup > table/function to resolve the location of the protected data? What I have in mind is a checksum at page/vmap_area

[RFC PATCH v13 0/6] mm: security: ro protection for dynamic data

. An example is provided, in the form of self-testing. Changes since v12 [https://lkml.org/lkml/2018/1/30/397] - fixed Kconfig dependency for pmalloc-test - fixed warning for size_t treated as %ul on i386 - moved to SPDX license reference - rewrote pmalloc docs Igor Stoppa (6): genalloc: track

Re: [PATCH 1/6] genalloc: track beginning of allocations

On 11/02/18 14:24, Mike Rapoport wrote: > On Sun, Feb 11, 2018 at 05:19:15AM +0200, Igor Stoppa wrote: [...] >> +/** >> + * mem_to_units - convert references to memory into orders of allocation > > Documentation/doc-guide/kernel-doc.rst recommends to to include brackets &g

Re: [PATCH 4/6] Protectable Memory

On 11/02/18 14:37, Mike Rapoport wrote: > On Sun, Feb 11, 2018 at 05:19:18AM +0200, Igor Stoppa wrote: >> + * Return: 0 if the object does not belong to pmalloc, 1 if it belongs to >> + * pmalloc, -1 if it partially overlaps pmalloc meory, but incore

Re: [PATCH 6/6] Documentation for Pmalloc

On 11/02/18 23:17, Matthew Wilcox wrote: > On Sun, Feb 11, 2018 at 05:19:20AM +0200, Igor Stoppa wrote: >> @@ -0,0 +1,114 @@ >> +SPDX-License-Identifier: CC-BY-SA-4.0 > > You need the '.. ' before the 'SPDX'. See > Documentation/process/license-rules.rst yes, sorry, I

Re: [PATCH 6/6] Documentation for Pmalloc

On 04/02/18 23:37, Randy Dunlap wrote: [...] >> +reason, could neither be declared as constant, nor it could take advantage > > nor could it ok [...] >> +Ex: A policy that is loaded from userspace. > > Either >Example: > or >E.g.: >

Re: [PATCH 4/6] Protectable Memory

On 12/02/18 17:31, Mike Rapoport wrote: [...] > Seems that kernel-doc does not consider () as a valid match for the > identifier :) > > Can you please check with the below patch? yes, it works now, than you! -- igor

Re: [PATCH 4/6] Protectable Memory

On 12/02/18 14:53, Mike Rapoport wrote: > 'scripts/kernel-doc -v -none That has a quite interesting behavior. I run it on genalloc.c while I am in the process of adding the brackets to the function names in the kernel-doc description. The brackets confuse the script and it fails to output

[PATCH 5/6] Pmalloc: self-test

Add basic self-test functionality for pmalloc. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- mm/Kconfig| 9 mm/Makefile | 1 + mm/pmalloc-selftest.c | 64 +++ mm/pmalloc-selftest.

[PATCH 6/6] Documentation for Pmalloc

Detailed documentation about the protectable memory allocator. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- Documentation/core-api/index.rst | 1 + Documentation/core-api/pmalloc.rst | 114 + 2 files changed, 115 insertions(+) creat

[PATCH 1/6] genalloc: track beginning of allocations

for a sufficiently long sequence of zeros, to identify zones available for allocation. This patch doubles the space reserved in the bitmap for each allocation, to track their beginning. For details, see the documentation inside lib/genalloc.c Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- i

[RFC PATCH v16 0/6] mm: security: ro protection for dynamic data

to lists - Fixed SPDX license statements Igor Stoppa (6): genalloc: track beginning of allocations genalloc: selftest struct page: add field for vm_struct Protectable Memory Pmalloc: self-test Documentation for Pmalloc Documentation/core-api/index.rst | 1 + Documentat

[PATCH 4/6] Protectable Memory

as needed, for example to support the protection of data that is initialized in sufficiently distinct phases. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc.h | 3 + include/linux/pmalloc.h | 242 +++ include/linux/vmalloc.h | 1

Re: [PATCH 3/6] struct page: add field for vm_struct

On 11/02/18 23:16, Matthew Wilcox wrote: > On Sun, Feb 11, 2018 at 05:19:17AM +0200, Igor Stoppa wrote: >> The struct page has a "mapping" field, which can be re-used, to store a >> pointer to the parent area. This will avoid more expensive searches. >> >>

[PATCH 2/6] genalloc: selftest

. The execution of the self testing is controlled through a Kconfig option. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc-selftest.h | 26 +++ init/main.c | 2 + lib/Kconfig | 15 ++ lib/Makefile | 1

[PATCH 3/6] struct page: add field for vm_struct

arent area. This will avoid more expensive searches. As example, the function find_vm_area is reimplemented, to take advantage of the newly introduced field. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/mm_types.h | 1 + mm/vmalloc.c | 18 +-

Re: [PATCH 1/6] genalloc: track beginning of allocations

On 05/02/18 00:34, Randy Dunlap wrote: > On 02/04/2018 08:47 AM, Igor Stoppa wrote: [...] > It would be good for a lot of this to be in a source file or the > pmalloc.rst documentation file instead of living only in the git repository. This is actually about genalloc. The

[RFC PATCH v15 0/6] mm: security: ro protection for dynamic data

ry include that was causing compilation failures - changed license of pmalloc documentation from GPL 2.0 to CC-BY-SA-4.0 Igor Stoppa (6): genalloc: track beginning of allocations genalloc: selftest struct page: add field for vm_struct Protectable Memory Pmalloc: self-test Documentation f

[PATCH 1/6] genalloc: track beginning of allocations

for a sufficiently long sequence of zeros, to identify zones available for allocation. This patch doubles the space reserved in the bitmap for each allocation, to track their beginning. For details, see the documentation inside lib/genalloc.c Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- i

[PATCH 4/6] Protectable Memory

as needed, for example to support the protection of data that is initialized in sufficiently distinct phases. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc.h | 3 + include/linux/pmalloc.h | 222 + include/linux/vmalloc.h | 1

[PATCH 6/6] Documentation for Pmalloc

Detailed documentation about the protectable memory allocator. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- Documentation/core-api/index.rst | 1 + Documentation/core-api/pmalloc.rst | 114 + 2 files changed, 115 insertions(+) creat

[PATCH 5/6] Pmalloc: self-test

Add basic self-test functionality for pmalloc. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- mm/Kconfig| 9 mm/Makefile | 1 + mm/pmalloc-selftest.c | 63 +++ mm/pmalloc-selftest.

[PATCH 2/6] genalloc: selftest

. The execution of the self testing is controlled through a Kconfig option. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/genalloc-selftest.h | 26 +++ init/main.c | 2 + lib/Kconfig | 15 ++ lib/Makefile | 1

[PATCH 3/6] struct page: add field for vm_struct

arent area. This will avoid more expensive searches. As example, the function find_vm_area is reimplemented, to take advantage of the newly introduced field. Signed-off-by: Igor Stoppa <igor.sto...@huawei.com> --- include/linux/mm_types.h | 1 + mm/vmalloc.c | 18 +-

Re: [PATCH 4/6] Protectable Memory

On 05/02/18 00:06, Randy Dunlap wrote: > On 02/04/2018 08:47 AM, Igor Stoppa wrote: [...] >> + * pmalloc_create_pool - create a new protectable memory pool - > > Drop trailing " -". yes >> + * @name: the name of the pool, must be unique > > Is that

Re: [PATCH 2/6] genalloc: selftest

On 07/02/18 22:25, kbuild test robot wrote: [...] >>> lib/genalloc-selftest.c:17:10: fatal error: asm/set_memory.h: No such file >>> or directory > #include This header is unnecessary and will be removed. -- igor

Re: [PATCH 2/6] genalloc: selftest

On 05/02/18 00:19, Randy Dunlap wrote: > On 02/04/2018 08:47 AM, Igor Stoppa wrote: [...] > Please use kernel multi-line comment style. ok for all of them [...] >> +BUG_ON(!locations[action->location]); >> +print_first_chunk_bitmap(pool); >> +BUG_ON(c

Re: [PATCH 5/6] Pmalloc: self-test

if your patch is applied to the wrong git tree, please drop us a note to > help improve the system] > > url: > https://github.com/0day-ci/linux/commits/Igor-Stoppa/mm-security-ro-protection-for-dynamic-data/20180207-171252 > base: https://git.kernel.org/pub/scm/linux/kernel/git/kee

Re: [kernel-hardening] [PATCH 4/6] Protectable Memory

On 05/02/18 17:40, Christopher Lameter wrote: > On Sat, 3 Feb 2018, Igor Stoppa wrote: > >>> We could even do this in a more thorough way. Can we use a ring 1 / 2 >>> distinction to create a hardened OS core that policies the rest of >>> the ever expa

Re: [PATCH 3/6] struct page: add field for vm_struct

On 05/02/18 17:33, Christopher Lameter wrote: > On Sat, 3 Feb 2018, Igor Stoppa wrote: > >> - the property of the compound page will affect the property of all the >> pages in the compound, so when one is write protected, it can generate a >> lot of wasted memory, if

Re: [PATCH 1/6] genalloc: track beginning of allocations

On 05/02/18 05:45, Matthew Wilcox wrote: > On Sun, Feb 04, 2018 at 02:34:08PM -0800, Randy Dunlap wrote: >>> +/** >>> + * cleart_bits_ll - according to the mask, clears the bits specified by >> >> clear_bits_ll > > 'make W=1' should catch this ... yes? > > (hint: building with 'make C=1

Re: [PATCH 2/6] genalloc: selftest

On 05/02/18 02:14, Randy Dunlap wrote: > On 02/04/2018 03:03 PM, Matthew Wilcox wrote: >> On Sun, Feb 04, 2018 at 02:19:22PM -0800, Randy Dunlap wrote: +#ifndef __GENALLOC_SELFTEST_H__ +#define __GENALLOC_SELFTEST_H__ >>> >>> Please use _LINUX_GENALLOC_SELFTEST_H_ >> >>

Re: [PATCH 3/6] struct page: add field for vm_struct

On 06/02/18 14:37, Matthew Wilcox wrote: [...] > LOCAL variable names should be short, and to the point. [...] > (Documentation/process/coding-style.rst) ok, will do, thanks for the pointer! -- igor

Re: [RFC PATCH v16 0/6] mm: security: ro protection for dynamic data

On 21/02/18 03:36, Dave Chinner wrote: > On Tue, Feb 20, 2018 at 03:56:00PM -0800, Matthew Wilcox wrote: >> On Wed, Feb 21, 2018 at 08:36:04AM +1100, Dave Chinner wrote: >>> FWIW, I'm not wanting to use it to replace static variables. All the >>> structures are dynamically allocated right now, and

Re: [PATCH 5/6] Pmalloc: self-test

On 22/02/18 00:24, Kees Cook wrote: > On Tue, Feb 20, 2018 at 8:40 AM, Igor Stoppa <igor.sto...@huawei.com> wrote: [...] >> sorry for being dense ... are you proposing that I do something to >> lkdtm_rodata.c ? An example would probably help me understand. >

Re: [RFC PATCH v16 0/6] mm: security: ro protection for dynamic data

On 21/02/18 23:36, Dave Chinner wrote: > On Wed, Feb 21, 2018 at 11:56:22AM +0200, Igor Stoppa wrote: [...] > It seems lots of people get confused when discussing concepts vs > implementation... :) IMHO, if possible, it's better to use unambiguous terms at every point. __ro_a

Re: [PATCH 2/6] genalloc: selftest

On 22/02/18 00:28, Kees Cook wrote: > On Tue, Feb 20, 2018 at 8:59 AM, Igor Stoppa <igor.sto...@huawei.com> wrote: >> >> >> On 13/02/18 01:50, Kees Cook wrote: >>> On Mon, Feb 12, 2018 at 8:52 AM, Igor Stoppa <igor.sto...@huawei.com> wrote: [...] &

Re: [PATCH 1/6] genalloc: track beginning of allocations

On 13/02/18 01:52, Kees Cook wrote: > On Mon, Feb 12, 2018 at 8:52 AM, Igor Stoppa <igor.sto...@huawei.com> wrote: >> @@ -738,14 +1031,16 @@ EXPORT_SYMBOL(devm_gen_pool_create); >> >> #ifdef CONFIG_OF >> /** >> - * of_gen_pool_get - find a pool by phandle p

Re: arm64 physmap (was Re: [kernel-hardening] [PATCH 4/6] Protectable Memory)

On 14/02/18 21:29, Kees Cook wrote: > On Wed, Feb 14, 2018 at 11:06 AM, Laura Abbott wrote: [...] >> Kernel code should be fine, if it isn't that is a bug that should be >> fixed. Modules yes are not fully protected. The conclusion from past > > I think that's a pretty

<    1   2   3   4   5   6   7   8   9   >