[RFC PATCH v16 0/6] mm: security: ro protection for dynamic data

[RFC PATCH v16 0/6] mm: security: ro protection for dynamic data · Igor Stoppa <hidden> · 2018-02-12
[PATCH 1/6] genalloc: track beginning of allocations · Igor Stoppa <hidden> · 2018-02-12
Re: [PATCH 1/6] genalloc: track beginning of allocations · Kees Cook <hidden> · 2018-02-12
Re: [PATCH 1/6] genalloc: track beginning of allocations · Igor Stoppa <hidden> · 2018-02-20
Re: [PATCH 1/6] genalloc: track beginning of allocations · Kees Cook <hidden> · 2018-02-21
Re: [PATCH 1/6] genalloc: track beginning of allocations · Jonathan Corbet <corbet@lwn.net> · 2018-02-21
[PATCH 2/6] genalloc: selftest · Igor Stoppa <hidden> · 2018-02-12
Re: [PATCH 2/6] genalloc: selftest · Kees Cook <hidden> · 2018-02-12
Re: [PATCH 2/6] genalloc: selftest · Igor Stoppa <hidden> · 2018-02-20
Re: [PATCH 2/6] genalloc: selftest · Kees Cook <hidden> · 2018-02-21
Re: [PATCH 2/6] genalloc: selftest · Igor Stoppa <hidden> · 2018-02-22
Re: [PATCH 2/6] genalloc: selftest · Igor Stoppa <hidden> · 2018-02-22
[PATCH 3/6] struct page: add field for vm_struct · Igor Stoppa <hidden> · 2018-02-12
[PATCH 4/6] Protectable Memory · Igor Stoppa <hidden> · 2018-02-12
[PATCH 5/6] Pmalloc: self-test · Igor Stoppa <hidden> · 2018-02-12
Re: [PATCH 5/6] Pmalloc: self-test · Kees Cook <hidden> · 2018-02-12
Re: [PATCH 5/6] Pmalloc: self-test · Igor Stoppa <hidden> · 2018-02-20
Re: [PATCH 5/6] Pmalloc: self-test · Kees Cook <hidden> · 2018-02-21
Re: [PATCH 5/6] Pmalloc: self-test · Igor Stoppa <hidden> · 2018-02-22
[PATCH 6/6] Documentation for Pmalloc · Igor Stoppa <hidden> · 2018-02-12
Re: [RFC PATCH v16 0/6] mm: security: ro protection for dynamic data · Kees Cook <hidden> · 2018-02-12
Re: [RFC PATCH v16 0/6] mm: security: ro protection for dynamic data · Dave Chinner <hidden> · 2018-02-20
Re: [RFC PATCH v16 0/6] mm: security: ro protection for dynamic data · Igor Stoppa <hidden> · 2018-02-20
Re: [RFC PATCH v16 0/6] mm: security: ro protection for dynamic data · Dave Chinner <hidden> · 2018-02-20
Re: [RFC PATCH v16 0/6] mm: security: ro protection for dynamic data · Matthew Wilcox <willy@infradead.org> · 2018-02-20
Re: [RFC PATCH v16 0/6] mm: security: ro protection for dynamic data · Dave Chinner <hidden> · 2018-02-21
Re: [RFC PATCH v16 0/6] mm: security: ro protection for dynamic data · Igor Stoppa <hidden> · 2018-02-21
Re: [RFC PATCH v16 0/6] mm: security: ro protection for dynamic data · Dave Chinner <hidden> · 2018-02-21
Re: [RFC PATCH v16 0/6] mm: security: ro protection for dynamic data · Igor Stoppa <hidden> · 2018-02-22

From: Igor Stoppa <hidden>
Date: 2018-02-20 18:03:49
Also in: linux-mm, lkml


On 20/02/18 03:21, Dave Chinner wrote:

On Mon, Feb 12, 2018 at 03:32:36PM -0800, Kees Cook wrote:

quoted

On Mon, Feb 12, 2018 at 8:52 AM, Igor Stoppa [off-list ref] wrote:

quoted

This patch-set introduces the possibility of protecting memory that has
been allocated dynamically.

The memory is managed in pools: when a memory pool is turned into R/O,
all the memory that is part of it, will become R/O.

A R/O pool can be destroyed, to recover its memory, but it cannot be
turned back into R/W mode.

This is intentional. This feature is meant for data that doesn't need
further modifications after initialization.

This series came up in discussions with Dave Chinner (and Matthew
Wilcox, already part of the discussion, and others) at LCA. I wonder
if XFS would make a good initial user of this, as it could allocate
all the function pointers and other const information about a
superblock in pmalloc(), keeping it separate from the R/W portions?
Could other filesystems do similar things?

I wasn't cc'd on this patchset, (please use david at fromorbit.com for
future postings)

Apologies, somehow I didn't realize that I should have put you too in
CC. It will be fixed at the next iteration.

so I can't really say anything about it right
now. My interest for XFS was that we have a fair amount of static
data in XFS that we set up at mount time and it never gets modified
after that.

This is the typical use case I had in mind, although it requires a
conversion.
Ex:

before:

static int a;


void set_a(void)
{
	a = 4;
}



after:

static int *a __ro_after_init;
struct gen_pool *pool;

void init_a(void)
{
	pool = pmalloc_create_pool("pool", 0);
	a = (int *)pmalloc(pool, sizeof(int), GFP_KERNEL);
}

void set_a(void)
{
	*a = 4;
	pmalloc_protect_pool(pool);
}

I'm not so worried about VFS level objects (that's a
much more complex issue) but there is a lot of low hanging fruit in
the XFS structures we could convert to write-once structures.

I'd be interested to have your review of the pmalloc API, if you think
something is missing, once I send out the next revision.

--
igor
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help