[PATCH v3 10/29] vmlinux.lds.h: Move NOTES into RO_DATA

The .notes section should be non-executable read-only data. As such, move it to the RO_DATA macro instead of being per-architecture defined. Signed-off-by: Kees Cook Acked-by: Heiko Carstens # s390 --- arch/alpha/kernel/vmlinux.lds.S | 2 -- arch/arc/kernel/vmlinux.lds.S| 2

[PATCH v3 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro

In preparation for moving NOTES into RO_DATA, make the Program Header assignment restoration be part of the NOTES macro itself. Signed-off-by: Kees Cook Acked-by: Heiko Carstens # s390 --- arch/alpha/kernel/vmlinux.lds.S | 5 + arch/ia64/kernel/vmlinux.lds.S| 4 +--- arch/mips

[PATCH v3 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes

In preparation for moving NOTES into RO_DATA, provide a mechanism for architectures that want to emit a PT_NOTE Program Header to do so. Signed-off-by: Kees Cook Acked-by: Heiko Carstens # s390 --- arch/alpha/kernel/vmlinux.lds.S | 3 +++ arch/ia64/kernel/vmlinux.lds.S| 2 ++ arch/mips

[PATCH v3 07/29] x86: Restore "text" Program Header with dummy section

t assignment use a dummy section (as done by other architectures). Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index e2feacf921a0..788e78978030 100644 --- a/a

[PATCH v3 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header

In preparation for moving NOTES into RO_DATA, move RO_DATA back into the "text" PT_LOAD Program Header, as done with other architectures. The "data" PT_LOAD now starts with the writable data section. Signed-off-by: Kees Cook Acked-by: Heiko Carstens --- arch/s390/kern

[PATCH v3 05/29] ia64: Rename PT_LOAD identifier "code" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "code" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 14 +++--- 1 file changed

[PATCH v3 02/29] powerpc: Remove PT_NOTE workaround

In preparation for moving NOTES into RO_DATA, remove the PT_NOTE workaround since the kernel requires at least gcc 4.6 now. Signed-off-by: Kees Cook Acked-by: Michael Ellerman --- arch/powerpc/kernel/vmlinux.lds.S | 24 ++-- 1 file changed, 2 insertions(+), 22 deletions

[PATCH v3 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook Acked-by: Michael Ellerman --- arch/powerpc/kernel/vmlinux.lds.S | 12

[PATCH v3 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

chitectures where this is clear - clean up some x86-specific reporting of kernel memory resources - switch x86 linker fill byte from x90 (NOP) to 0xcc (INT3), just because I finally realized what that trailing ": 0x9090" meant -- and we should trap, not slide, if execution lands in sec

[PATCH v3 04/29] alpha: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 8 1 file changed, 4 insert

[PATCH v3 01/29] powerpc: Rename "notes" PT_NOTE to "note"

n it, this is just an internal identifier. It matches the ELF "PT_NOTE", and is 4 characters (like "text", and "data") for pretty alignment. The more exposed macro, "NOTES", use the more sensible plural wording. Signed-off-by: Kees Cook Acked-by: Michael Ellerm

Re: [PATCH RFC v1 02/12] mm/usercopy.c: Prepare check_page_span() for PG_reserved changes

. Once we no > > longer set these pages to reserved, we can rework this function to > > perform separate checks for ZONE_DEVICE (split from PG_reserved checks). > > > > Cc: Kees Cook > > Cc: Andrew Morton > > Cc: Kate Stewart > > Cc: Allison Randal &g

Re: [PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

I'm fine with that. I would prefer to do it as a separate step, just to minimize the logical steps each patch takes. Shall I spin a v3 with the Acks added and a final rename for this? -- Kees Cook

Re: [PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

On Fri, Oct 11, 2019 at 03:25:19AM -0500, Segher Boessenkool wrote: > On Thu, Oct 10, 2019 at 05:05:41PM -0700, Kees Cook wrote: > > The Program Header identifiers are internal to the linker scripts. In > > preparation for moving the NOTES segment declaration into RO_DATA,

Re: [PATCH v2 02/29] powerpc: Remove PT_NOTE workaround

On Fri, Oct 11, 2019 at 05:07:04PM +1100, Michael Ellerman wrote: > Kees Cook writes: > > In preparation for moving NOTES into RO_DATA, remove the PT_NOTE > > workaround since the kernel requires at least gcc 4.6 now. > > > > Signed-off-by: Kees Cook >

[PATCH v2 26/29] x86/mm: Remove redundant on addresses

The on addresses are redundant. Remove them to match all the other similar functions. Signed-off-by: Kees Cook --- arch/x86/mm/init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 26299e9ce6da..e67ddca8b7a8

[PATCH v2 24/29] powerpc: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 4e7cec088c8b

[PATCH v2 27/29] x86/mm: Report which part of kernel image is freed

/rodata gap) memory: 2040K [2.336927] Freeing unused kernel image (rodata/data gap) memory: 172K Signed-off-by: Kees Cook --- arch/x86/include/asm/processor.h | 2 +- arch/x86/mm/init.c | 8 arch/x86/mm/init_64.c| 6 -- 3 files changed, 9 insertions(+), 7

[PATCH v2 29/29] x86: Use INT3 instead of NOP for linker fill bytes

810001ee: cc int3 810001ef: cc int3 810001f0 <__startup_64>: ... Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arc

[PATCH v2 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Also removes the redundant ALIGN, which is already present at the end of the RO_DATA macro. Signed-off-by: Kees Cook Acked-by: Will Deacon --- arch/arm64/kernel/vmlinux.lds.S | 7 --- 1 file changed, 4 insertions(+), 3

[PATCH v2 19/29] c6x: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/c6x/kernel/vmlinux.lds.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/c6x/kernel/vmlinux.lds.S b/arch/c6x/kernel/vmlinux.lds.S index a3547f9d415b..ac99ba0864bf

[PATCH v2 21/29] ia64: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 11d5115bc44d..1ec6b703c5b4

[PATCH v2 22/29] microblaze: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/microblaze/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index

[PATCH v2 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

Many architectures have an EXCEPTION_TABLE that only needs to be readable. As such, it should live in RO_DATA. Create a macro to identify this case for the architectures that can move EXCEPTION_TABLE into RO_DATA. Signed-off-by: Kees Cook Acked-by: Will Deacon --- include/asm-generic

[PATCH v2 23/29] parisc: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/parisc/kernel/vmlinux.lds.S | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S index 12b3d7d5e9e4

[PATCH v2 25/29] xtensa: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/xtensa/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index bdbd7c4056c1

[PATCH v2 17/29] alpha: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index edc45f45523b..bc6f727278fd

[PATCH v2 28/29] x86/mm: Report actual image regions in /proc/iomem

rnel data 02a95000-035f : Kernel bss Signed-off-by: Kees Cook --- arch/x86/kernel/setup.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 77ea96b794bd..591e885a852e 100644 --- a/arch/x86/kernel/setup.c +

[PATCH v2 20/29] h8300: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/h8300/kernel/vmlinux.lds.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index 2ac7bdcd2fe0

[PATCH v2 15/29] x86: Actually use _etext for end of text segment

Various calculations are using the end of the exception table (which does not need to be executable) as the end of the text segment. Instead, in preparation for moving the exception table into RO_DATA, move _etext after the exception table and update the calculations. Signed-off-by: Kees Cook

[PATCH v2 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment

The exception table was needlessly marked executable. In preparation for execute-only memory, move the table into the RO_DATA segment via the new macro that can be used by any architectures that want to make a similar consolidation. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3

[PATCH v2 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA

Rename RW_DATA_SECTION to RW_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/arc/kernel/vmlinux.lds.S| 2 +- arch/arm/kern

[PATCH v2 10/29] vmlinux.lds.h: Move NOTES into RO_DATA

The .notes section should be non-executable read-only data. As such, move it to the RO_DATA macro instead of being per-architecture defined. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 -- arch/arc/kernel/vmlinux.lds.S| 2 -- arch/arm/kernel/vmlinux-xip.lds.S

[PATCH v2 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA

Finish renaming RO_DATA_SECTION to RO_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/arc/kernel/vmlinux.lds.S | 2 +- arch/c6x/kernel/vmlinux.lds.S | 2 +- arch/c

[PATCH v2 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro

In preparation for moving NOTES into RO_DATA, make the Program Header assignment restoration be part of the NOTES macro itself. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 5 + arch/ia64/kernel/vmlinux.lds.S| 4 +--- arch/mips/kernel/vmlinux.lds.S| 3

[PATCH v2 11/29] vmlinux.lds.h: Replace RODATA with RO_DATA

There's no reason to keep the RODATA macro: replace the callers with the expected RO_DATA macro. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/ia64/kernel/vmlinux.lds.S | 2 +- arch/microblaze/kernel/vmlinux.lds.S | 2 +- arch/mips/kernel/vmlinux.lds.S

[PATCH v2 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes

In preparation for moving NOTES into RO_DATA, provide a mechanism for architectures that want to emit a PT_NOTE Program Header to do so. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 3 +++ arch/ia64/kernel/vmlinux.lds.S| 2 ++ arch/mips/kernel/vmlinux.lds.S| 12

[PATCH v2 07/29] x86: Restore "text" Program Header with dummy section

t assignment use a dummy section (as done by other architectures). Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index e2feacf921a0..788e78978030 100644 --- a/a

[PATCH v2 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header

In preparation for moving NOTES into RO_DATA, move RO_DATA back into the "text" PT_LOAD Program Header, as done with other architectures. The "data" PT_LOAD now starts with the writable data section. Signed-off-by: Kees Cook --- arch/s390/kernel/vmlinux.lds.S | 4 ++-

[PATCH v2 05/29] ia64: Rename PT_LOAD identifier "code" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "code" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 14 +++--- 1 file changed

[PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

The Program Header identifiers are internal to the linker scripts. In preparation for moving the NOTES segment declaration into RO_DATA, standardize the identifier for the PT_NOTE entry to "note" as used by all other architectures that emit PT_NOTE. Signed-off-by: Kees Cook --- ar

[PATCH v2 04/29] alpha: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 8 1 file changed, 4 insert

[PATCH v2 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 12 ++-- 1 file changed

[PATCH v2 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

lear - clean up some x86-specific reporting of kernel memory resources - switch x86 linker fill byte from x90 (NOP) to 0xcc (INT3), just because I finally realized what that trailing ": 0x9090" meant -- and we should trap, not slide, if execution lands in section padding Thanks! -K

[PATCH v2 02/29] powerpc: Remove PT_NOTE workaround

In preparation for moving NOTES into RO_DATA, remove the PT_NOTE workaround since the kernel requires at least gcc 4.6 now. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 24 ++-- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/arch/powerpc

Re: [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

On Thu, Oct 10, 2019 at 08:03:31PM +0200, Borislav Petkov wrote: > On Thu, Sep 26, 2019 at 10:55:33AM -0700, Kees Cook wrote: > > This series works to move the linker sections for NOTES and > > EXCEPTION_TABLE into the RO_DATA area, where they belong on most > > (all?) archi

Re: [PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

On Thu, Oct 10, 2019 at 05:25:16PM +0200, Borislav Petkov wrote: > On Thu, Sep 26, 2019 at 10:55:47AM -0700, Kees Cook wrote: > > Many architectures have an EXCEPTION_TABLE that needs only to be > > read-only. As such, it should live in RO_DATA. This creates a macro to > &g

Re: [PATCH 07/29] x86: Restore "text" Program Header with dummy section

On Thu, Oct 10, 2019 at 12:33:05PM +0200, Borislav Petkov wrote: > On Thu, Sep 26, 2019 at 10:55:40AM -0700, Kees Cook wrote: > > Instead of depending on markings in the section following NOTES to > > restore the associated Program Header, use a dummy section, as done > > i

Re: [PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

On Tue, Oct 01, 2019 at 10:03:56AM +0100, Will Deacon wrote: > Hi Kees, > > On Thu, Sep 26, 2019 at 10:55:51AM -0700, Kees Cook wrote: > > The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. > > > > Signed-off-by: Kees Cook > > --- > &g

[PATCH 15/29] x86: Actually use _etext for end of text segment

Various calculations are using the end of the exception table (which does not need to be executable) as the end of the text segment. Instead, in preparation for moving the exception table into RO_DATA, move _etext after the exception table and update the calculations. Signed-off-by: Kees Cook

[PATCH 21/29] ia64: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 0d86fc8e88d5..18a732597112 100644

[PATCH 11/29] vmlinux.lds.h: Replace RODATA with RO_DATA

There's no reason to keep the RODATA macro: just replace the callers with the expected RO_DATA macro. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/ia64/kernel/vmlinux.lds.S | 2 +- arch/microblaze/kernel/vmlinux.lds.S | 2 +- arch/mips/kernel

[PATCH 23/29] parisc: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/parisc/kernel/vmlinux.lds.S | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S index 12b3d7d5e9e4

[PATCH 22/29] microblaze: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/microblaze/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index b8efb08204a1

[PATCH 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment

The exception table was needlessly marked executable. In preparation for execute-only memory, this moves the table into the RO_DATA segment via a new macro that can be used by any architectures that want to make a similar consolidation. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S

[PATCH 26/29] x86/mm: Remove redundant on addresses

The on addresses are redundant and are better removed to match all the other similar functions. Signed-off-by: Kees Cook --- arch/x86/mm/init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 26299e9ce6da

[PATCH 28/29] x86/mm: Report actual image regions in /proc/iomem

0-035f : Kernel bss Signed-off-by: Kees Cook --- arch/x86/kernel/setup.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index bbe35bf879f5..0bc71ee3a9c3 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kern

[PATCH 27/29] x86/mm: Report which part of kernel image is freed

/rodata gap) memory: 2040K [2.336927] Freeing unused kernel image (rodata/data gap) memory: 172K Signed-off-by: Kees Cook --- arch/x86/include/asm/processor.h | 2 +- arch/x86/mm/init.c | 8 arch/x86/mm/init_64.c| 6 -- 3 files changed, 9 insertions(+), 7

[PATCH 24/29] powerpc: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 4e7cec088c8b

[PATCH 20/29] h8300: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/h8300/kernel/vmlinux.lds.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index 2ac7bdcd2fe0..aba90398b774

[PATCH 25/29] xtensa: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/xtensa/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index bdbd7c4056c1..7341964722ae

[PATCH 29/29] x86: Use INT3 instead of NOP for linker fill bytes

810001ee: cc int3 810001ef: cc int3 810001f0 <__startup_64>: ... Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arc

[PATCH 17/29] alpha: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index edc45f45523b..72303827bcb4

[PATCH 19/29] c6x: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/c6x/kernel/vmlinux.lds.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/c6x/kernel/vmlinux.lds.S b/arch/c6x/kernel/vmlinux.lds.S index a3547f9d415b..9a09aab63ab3

[PATCH 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA

This renames RW_DATA_SECTION to RW_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/arc/kernel/vmlinux.lds.S| 2 +- arch/

[PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/arm64/kernel/vmlinux.lds.S | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 81d94e371c95

[PATCH 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA

This finishes renaming RO_DATA_SECTION to RO_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/arc/kernel/vmlinux.lds.S | 2 +- arch/c6x/kernel/vmlinux.lds.S | 2 +-

[PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

Many architectures have an EXCEPTION_TABLE that needs only to be read-only. As such, it should live in RO_DATA. This creates a macro to identify this case for the architectures that can move EXCEPTION_TABLE into RO_DATA. Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 12

[PATCH 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes

In preparation for moving NOTES into RO_DATA, this provides a mechanism for architectures that want to emit a PT_NOTE Program Header to do so. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 3 +++ arch/ia64/kernel/vmlinux.lds.S| 2 ++ arch/mips/kernel/vmlinux.lds.S

[PATCH 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro

In preparation for moving NOTES into RO_DATA, the Program Header assignment restoration needs to be part of the NOTES macro itself. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 5 + arch/ia64/kernel/vmlinux.lds.S| 4 +--- arch/mips/kernel/vmlinux.lds.S| 3

[PATCH 05/29] ia64: Rename PT_LOAD identifier "code" to "text"

In preparation for moving NOTES into RO_DATA, this renames the linker script internal identifier for the PT_LOAD Program Header from "code" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 14 +++--- 1 file changed

[PATCH 07/29] x86: Restore "text" Program Header with dummy section

Instead of depending on markings in the section following NOTES to restore the associated Program Header, use a dummy section, as done in other architectures. This is preparation for moving NOTES into the RO_DATA macro. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3 ++- 1 file

[PATCH 01/29] powerpc: Rename "notes" PT_NOTE to "note"

The Program Header identifiers are internal to the linker scripts. In preparation for moving the NOTES segment declaration into RO_DATA, standardize the identifier for the PT_NOTE entry to "note" as used by all other architectures that emit PT_NOTE. Signed-off-by: Kees Cook --- ar

[PATCH 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header

In preparation for moving NOTES into RO_DATA, this moves RO_DATA back into the "text" PT_LOAD Program Header, as done with other architectures. The "data" PT_LOAD now starts with the writable data section. Signed-off-by: Kees Cook --- arch/s390/kernel/vmlinux.lds.S | 4 ++-

[PATCH 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, this renames the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 12 ++-- 1 file c

[PATCH 10/29] vmlinux.lds.h: Move NOTES into RO_DATA

The .notes section should be non-executable read-only data. As such, it can live in the RO_DATA macro instead of being per-architecture defined. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 -- arch/arc/kernel/vmlinux.lds.S| 2 -- arch/arm/kernel/vmlinux

[PATCH 04/29] alpha: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, this renames the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 8 1 file changed

[PATCH 02/29] powerpc: Remove PT_NOTE workaround

The kernel requires gcc 4.6 now, so this PT_NOTE workaround can be removed in preparation for moving NOTES into RO_DATA. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 24 ++-- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/arch/powerpc

[PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

changes are treewide, I'd love to get architecture-maintainer Acks and either have this live in x86 -tip or in my own tree, however people think it should go. Thanks! -Kees Kees Cook (29): powerpc: Rename "notes" PT_NOTE to "note" powerpc: Remove PT_NOTE workaround po

Clean up cut-here even harder (was Re: [PATCH 1/3] powerpc: don't use __WARN() for WARN_ON())

On Mon, Aug 19, 2019 at 09:28:03AM -0700, Kees Cook wrote: > On Mon, Aug 19, 2019 at 01:06:28PM +, Christophe Leroy wrote: > > __WARN() used to just call __WARN_TAINT(TAINT_WARN) > > > > But a call to printk() has been added in the commit identified below > >

Re: [PATCH 1/3] powerpc: don't use __WARN() for WARN_ON()

__WARN_TAINT(TAINT_WARN); \ > } else {\ > __asm__ __volatile__( \ > "1: "PPC_TLNEI" %4,0\n" \ > -- > 2.13.3 > -- Kees Cook

Re: [PATCH] drivers/macintosh/smu.c: Mark expected switch fall-through

U_I2C_TRANSFER_STDSUB: > > ^~~~ > > > > Cc: Benjamin Herrenschmidt > > Cc: Gustavo A. R. Silva > > Cc: Kees Cook > > Signed-off-by: Stephen Rothwell > > --- > > drivers/macintosh/smu.c | 1 + > > 1 file changed, 1 insertion(+) > > &g

Re: [PATCH] scsi: ibmvfc: Mark expected switch fall-throughs

sg_request->rqst_data.h_ct.port_id[1] << 8) | > ~~~ > bsg_request->rqst_data.h_ct.port_id[2]; > ~~ > drivers/scsi/ibmvscsi/ibmvfc.c:1841:2: note: here > case FC_BSG_RPT_CT: > ^~~~

Re: [RFC PATCH 00/10] implement KASLR for powerpc/fsl_booke/32

n. > Yes, if this feature can be accepted, I will start to work with powerpc64 > KASLR and other things like CONFIG_RANDOMIZE_MEMORY. Awesome. :) -- Kees Cook

Re: [RFC PATCH 00/10] implement KASLR for powerpc/fsl_booke/32

> >powerpc/fsl_booke/32: implement KASLR infrastructure > >powerpc/fsl_booke/32: randomize the kernel image offset > >powerpc/fsl_booke/kaslr: clear the original kernel if randomized > >powerpc/fsl_booke/kaslr: support nokaslr cmdline parameter > >powerpc/fsl_booke/kaslr: dump out kernel offset information on panic Is there anything planned for other fixed-location things, like x86's CONFIG_RANDOMIZE_MEMORY? -- Kees Cook

Re: [PATCH 0/7] Kernel Userspace Protection for radix

On Thu, Feb 21, 2019 at 4:09 PM Russell Currey wrote: > On Thu, 2019-02-21 at 08:07 -0800, Kees Cook wrote: > > On Thu, Feb 21, 2019 at 1:36 AM Russell Currey > > wrote: > > > The first three patches of these series are from Christophe's work > > > and are > &

Re: [PATCH 0/7] Kernel Userspace Protection for radix

ly that with this series powerpc9 and later, using radix, will pass the lkdtm tests for KUAP and KUEP (i.e. EXEC_USERSPACE and ACCESS_USERSPACE)? -- Kees Cook

Re: [PATCH] lkdtm: Add a tests for NULL pointer dereference

On Wed, Jan 9, 2019 at 7:16 AM Kees Cook wrote: > > On Tue, Jan 8, 2019 at 10:31 PM Christophe Leroy > wrote: > > > > > > > > Le 09/01/2019 à 02:14, Kees Cook a écrit : > > > On Fri, Dec 14, 2018 at 7:26 AM Christophe Leroy > > > wrote: &

Re: [PATCH] lkdtm: Add a tests for NULL pointer dereference

On Tue, Jan 8, 2019 at 10:31 PM Christophe Leroy wrote: > > > > Le 09/01/2019 à 02:14, Kees Cook a écrit : > > On Fri, Dec 14, 2018 at 7:26 AM Christophe Leroy > > wrote: > >> > >> Introduce lkdtm tests for NULL pointer dereference: check > &

Re: [PATCH] lkdtm: Add a tests for NULL pointer dereference

_NULL(void) > +{ > + unsigned long tmp; > + unsigned long *ptr = (unsigned long *)NULL; > + > + pr_info("attempting bad read at %px\n", ptr); > + tmp = *ptr; > + tmp += 0xc0dec0de; > + > + pr_info("attempting bad write at %px\n", ptr); > + *ptr = tmp; > +} > + > void __init lkdtm_perms_init(void) > { > /* Make sure we can write to __ro_after_init values during __init */ > -- > 2.13.3 > -- Kees Cook

Re: [PATCH v2 1/2] mm: add probe_user_read()

> >> +{ > >> +long ret; > >> + > >> +if (!access_ok(src, size)) > >> +return -EFAULT; > >> + > >> +pagefault_disable(); > >> +ret = __copy_from_user_inatomic(dst, src, size); > >> +pagefault_enable(); > >> + > >> +return ret ? -EFAULT : 0; > >> +} > >> +#endif > > > > Why was the __always_inline needed? > > > > This function is pretty large. Why is it inlined? > > > > Kees told to do that way, see https://patchwork.ozlabs.org/patch/986848/ Yeah, I'd like to make sure we can plumb the size checks down into the user copy primitives. -- Kees Cook

Re: [PATCH] lib: fix build failure in CONFIG_DEBUG_VIRTUAL test

.c:26:7: error: implicit declaration of function > 'virt_to_phys' [-Werror=implicit-function-declaration] > pa = virt_to_phys(va); >^ > > Fixes: e4dace361552 ("lib: add test module for CONFIG_DEBUG_VIRTUAL") > CC: sta...@vger.kernel.org > Signed-off-by: Christop

Re: [PATCH] lkdtm: print real addresses

ntentional. Kees? I've gone back and forth on this and in the end I decided I'd wait and see if anyone was bothered by it besides just me. :) But, yes, for lkdtm do really do want a "real" view of the pointer because we're comparing it against page tables and/or kernel section layout, etc. I've applied this to my lkdtm -next tree. Thanks! -- Kees Cook

[PATCH] lkdtm: Do not depend on BLOCK and clean up headers

After the transition to kprobes, symbols are resolved at runtime. This means there is no need to have all the Kconfig and header logic to avoid build failures. This also paves the way to having arbitrary test locations. Reported-by: Christophe Leroy Signed-off-by: Kees Cook --- drivers/misc

Re: [PATCH] lkdtm: do not depend on CONFIG_BLOCK

roy Actually, I don't think any of this is needed, actually. The switch to kprobes from jprobes meant that the symbols are resolved at runtime now, so there's no need for the headers at all (nor the Kconfig line). I'll spin something and send it out... -- Kees Cook

Re: [PATCH] seccomp: Add pkru into seccomp_data

On Thu, Oct 25, 2018 at 5:49 PM, Andy Lutomirski wrote: >> On Oct 25, 2018, at 5:35 PM, Kees Cook wrote: >> >>> On Fri, Oct 26, 2018 at 12:00 AM, Andy Lutomirski >>> wrote: >>> You could bite the bullet and add seccomp eBPF support :) >> >

Re: [RFC PATCH] seccomp: Add protection keys into seccomp_data

ch: > Benchmarking 33554432 samples... > 28.059619466 - 18.706769155 = 9352850311 > getpid native: 278 ns > 42.299228279 - 28.059761804 = 14239466475 > getpid RET_ALLOW: 424 ns > Estimated seccomp overhead per syscall: 146 ns > > Cc: Kees Cook > Cc: Andy Lutomirski > Cc: Will

Re: [PATCH] seccomp: Add pkru into seccomp_data

On Fri, Oct 26, 2018 at 12:00 AM, Andy Lutomirski wrote: > You could bite the bullet and add seccomp eBPF support :) I'm not convinced this is a good enough reason for gaining the eBPF attack surface yet. -Kees -- Kees Cook

Re: [RFC PATCH] mm: add probe_user_read() and probe_user_address()

her locks which nest inside mmap_sem. > + */ > + > +long __weak probe_user_read(void *dst, const void *src, size_t size) > + __attribute__((alias("__probe_user_read"))); Let's use #defines to deal with per-arch aliases so we can keep the inline I'm suggesting below... > +

Re: [PATCH 4/4] powerpc: Add -Wimplicit-fallthrough to arch CFLAGS

Kees, can you take the patches? > > Apparently, neither signal.h nor compat.h have a dedicated maintainer: > > $ scripts/get_maintainer.pl --nokeywords --nogit --nogit-fallback > include/linux/signal.h > linux-ker...@vger.kernel.org (open list) > > $ scripts/get_maintainer.pl --nokeywords --nogit --nogit-fallback > include/linux/compat.h > linux-ker...@vger.kernel.org (open list) Normally things like that go through akpm, but I'm happy to carry them if needed. -Kees -- Kees Cook Pixel Security

<    1   2   3   4   5   6   7   8   >