On Thu, Oct 01, 2015 at 12:24:25PM -0700, Kees Cook wrote:
> On Thu, Oct 1, 2015 at 9:28 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> > Warn on any residual W+x mappings if X86_PTDUMP is enabled.
> >
> > Sample dmesg output:
> > Checking for W+x mappings
> > 0xffffffff81755000-0xffffffff81800000 684K RW
> > GLB x pte
> > Found W+x mappings. Please fix.
> >
> > Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov>
> > ---
> > Not sure if this is the best place to put this check.
> > It must occur after free_init_pages() or it won't catch the
> > W+x case for the gap between __ex_table and rodata.
>
> Yeah. Hmm. I want this test for sure, but I'd like to be able to do
> with without needing PTDUMP, since that puts a very sensitive file in
> debugfs. I wonder if we can reuse the same code, but only expose the
> page tables to userspace with PTDUMP?
So make it a debugging option like CONFIG_EFI_PGT_DUMP and let it dump
the pagetable in dmesg during boot, at the exact point you want it to.
Then one can grep dmesg for W+x bits or whatever else...
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
