From: Igor Stoppa <igor.stoppa@huawei.com>
To: Laura Abbott <labbott@redhat.com>, Michal Hocko <mhocko@kernel.org>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: Re: RFC v2: post-init-read-only protection for data allocated dynamically
Date: Fri, 5 May 2017 13:42:27 +0300 [thread overview]
Message-ID: <0b55343e-4305-a9f1-2b17-51c3c734aea6@huawei.com> (raw)
In-Reply-To: <a445774f-a307-25aa-d44e-c523a7a42da6@redhat.com>
On 04/05/17 19:49, Laura Abbott wrote:
> [adding kernel-hardening since I think there would be interest]
thank you, I overlooked this
> BPF takes the approach of calling set_memory_ro to mark regions as
> read only. I'm certainly over simplifying but it sounds like this
> is mostly a mechanism to have this happen mostly automatically.
> Can you provide any more details about tradeoffs of the two approaches?
I am not sure I understand the question ...
For what I can understand, the bpf is marking as read only something
that spans across various pages, which is fine.
The payload to be protected is already organized in such pages.
But in the case I have in mind, I have various, heterogeneous chunks of
data, coming from various subsystems, not necessarily page aligned.
And, even if they were page aligned, most likely they would be far
smaller than a page, even a 4k page.
The first problem I see, is how to compact them into pages, ensuring
that no rwdata manages to infiltrate the range.
The actual mechanism for marking pages as read only is not relevant at
this point, if I understand your question correctly, since set_memory_ro
is walking the pages it receives as parameter.
> arm and arm64 have the added complexity of using larger
> page sizes on the linear map so dynamic mapping/unmapping generally
> doesn't work.
Do you mean that a page could be 16MB and therefore it would not be
possible to get a smaller chunk?
> arm64 supports DEBUG_PAGEALLOC by mapping with only
> pages but this is generally only wanted as a debug mechanism.
> I don't know if you've given this any thought at all.
Since the beginning I have thought about this feature as an opt-in
feature. I am aware that it can have drawbacks, but I think it would be
valuable as debugging tool even where it's not feasible to keep it
always-on.
OTOH on certain systems it can be sufficiently appealing to be kept on,
even if it eats up some more memory.
If this doesn't answer your question, could you please detail it more?
---
thanks, igor
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-05-05 10:43 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-03 12:06 Igor Stoppa
[not found] ` <70a9d4db-f374-de45-413b-65b74c59edcb@intel.com>
2017-05-04 8:17 ` Igor Stoppa
2017-05-04 14:30 ` Dave Hansen
2017-05-05 8:53 ` Igor Stoppa
2017-05-04 11:21 ` Michal Hocko
2017-05-04 12:14 ` Igor Stoppa
2017-05-04 13:11 ` Michal Hocko
2017-05-04 13:37 ` Igor Stoppa
2017-05-04 14:01 ` Michal Hocko
2017-05-04 17:24 ` Dave Hansen
2017-05-05 12:08 ` Igor Stoppa
2017-05-05 12:19 ` Igor Stoppa
2017-05-10 7:45 ` Michal Hocko
2017-05-04 16:49 ` Laura Abbott
2017-05-05 10:42 ` Igor Stoppa [this message]
2017-05-08 15:25 ` Laura Abbott
2017-05-09 9:38 ` Igor Stoppa
2017-05-10 8:05 ` Michal Hocko
2017-05-10 8:57 ` Igor Stoppa
2017-05-10 11:43 ` Michal Hocko
2017-05-10 15:19 ` Igor Stoppa
2017-05-10 15:45 ` Dave Hansen
2017-05-19 10:51 ` Igor Stoppa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0b55343e-4305-a9f1-2b17-51c3c734aea6@huawei.com \
--to=igor.stoppa@huawei.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox