On Fri, Sep 26, 2014 at 06:58:05AM +0100, Kees Cook wrote:

On Thu, Sep 18, 2014 at 12:19 PM, Kees Cook [off-list ref] wrote:

quoted

This is a series of patches to support CONFIG_RODATA on ARM, so that
the kernel text is RO, and non-text sections default to NX. To support
on-the-fly kernel text patching (via ftrace, kprobes, etc), fixmap
support has been finalized based on several versions of various patches
that are floating around on the mailing list. This series attempts to
include the least intrusive version, so that others can build on it for
future fixmap work.

The series has been heavily tested, and appears to be working correctly:

With CONFIG_ARM_PTDUMP, expected page table permissions are seen in
/sys/kernel/debug/kernel_page_tables.

Using CONFIG_LKDTM, the kernel now correctly detects bad accesses for
for the following lkdtm tests via /sys/kernel/debug/provoke-crash/DIRECT:
        EXEC_DATA
        WRITE_RO
        WRITE_KERN

ftrace works:
        CONFIG_FTRACE_STARTUP_TEST passes
        Enabling tracing works:
                echo function > /sys/kernel/debug/tracing/current_tracer
kprobes works:
        CONFIG_ARM_KPROBES_TEST passes

kexec works:
        kexec will load and start a new kernel

Built with and without CONFIG_HIGHMEM, CONFIG_HIGHMEM_DEBUG, and
CONFIG_NR_CPUS=32.

Thanks to everyone who has been testing this series and working on its
various pieces!

Hopefully this should address Will's last concerns. :)

Thanks!

-Kees

v6:
- always run patch_text under stop_machine (will.deacon)
- document set_fixmap's TLB flushing situation (will.deacon)

Hi Will,

Does this version look good to you? Should I turn it into a pull request?

The TLB flushing bits look sensible now, but the locking in __set_fixmap is
still pretty horrible (x86 just uses a mutex, not sure why we need to be
different). Still, it's Russell's call.

Will