Verify that pmalloc read-only protection is in place: trying to
overwrite a protected variable will crash the kernel.
Signed-off-by: Igor Stoppa
---
drivers/misc/lkdtm.h | 1 +
drivers/misc/lkdtm_core.c | 3 +++
drivers/misc/lkdtm_perms.c | 28
3 files
Detailed documentation about the protectable memory allocator.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/index.rst | 1 +
Documentation/core-api/pmalloc.rst | 111 +
2 files changed, 112 insertions(+)
create mode 100644 Documentation/core-api
izes of
allocation is likely to eat up much more memory than the bitmap.
Igor Stoppa (8):
genalloc: track beginning of allocations
Add label to genalloc.rst for cross reference
genalloc: selftest
struct page: add field for vm_struct
Protectable Memory
Pmalloc selftest
lkdtm: c
that the patch works correctly.
Eventually, the extra parameter (and the corresponding verification)
could be dropped, in favor of a simplified API.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 112 +++
lib/genalloc.c | 742 ++-
2
it as module.
Signed-off-by: Igor Stoppa
---
include/linux/test_genalloc.h | 26 +++
init/main.c | 2 +
lib/Kconfig | 15 ++
lib/Makefile | 1 +
lib/test_genalloc.c | 410 ++
5 files changed
Put a label at the beginning of the genalloc.rst, to allow other
documents to cross-reference it.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/genalloc.rst | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Documentation/core-api/genalloc.rst
b/Documentation/core-api/genalloc.rst
arent area.
This will avoid more expensive searches, later on.
Signed-off-by: Igor Stoppa
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index fd1af6b9591d..c3a4825e10c0 100644
---
.
At the same time, being also based on genalloc, pmalloc does not
generate as much trashing of the TLB as it would be caused by using
directly only vmalloc.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 4 +
include/linux/pmalloc.h | 163
include/linux/vmalloc.h | 1 +
lib
Detailed documentation about the protectable memory allocator.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/index.rst | 1 +
Documentation/core-api/pmalloc.rst | 111 +
2 files changed, 112 insertions(+)
create mode 100644 Documentation/core-api
Add basic self-test functionality for pmalloc.
The testing is introduced as early as possible, right after the main
dependency, genalloc, has passed successfully, so that it can help
diagnosing failures in pmalloc users.
Signed-off-by: Igor Stoppa
---
include/linux/test_pmalloc.h | 24
Verify that pmalloc read-only protection is in place: trying to
overwrite a protected variable will crash the kernel.
Signed-off-by: Igor Stoppa
---
drivers/misc/lkdtm.h | 1 +
drivers/misc/lkdtm_core.c | 3 +++
drivers/misc/lkdtm_perms.c | 28
3 files
On 13/03/18 23:45, Igor Stoppa wrote:
[...]
Some more thoughts about the open topics:
> Discussion topics that are unclear if they are closed and would need
> comment from those who initiated them, if my answers are accepted or not:
>
> * @Kees Cook proposed to have first
On 14/03/18 13:56, Matthew Wilcox wrote:
> On Wed, Mar 14, 2018 at 01:21:54PM +0200, Igor Stoppa wrote:
[...]
> You misread my proposal. I did not suggest storing the 'start', but the
> 'end'.
Ok, but doesn't that only change the race scenario?
Attempting to free one allocati
On 14/03/18 14:15, Matthew Wilcox wrote:
> On Tue, Mar 13, 2018 at 11:45:51PM +0200, Igor Stoppa wrote:
>> +static inline void *pmalloc_array(struct gen_pool *pool, size_t n,
>> + size_t size, gfp_t flags)
>> +{
>> +if (u
On 14/03/18 15:04, Matthew Wilcox wrote:
> I don't necessarily think you should use it as-is,
I think I simply cannot use it as-is, because it seems to use linear
memory, while I need virtual. This reason alone would require a rewrite
of several parts.
> but the principle it uses
> seems like
On 14/03/18 19:43, J Freyensee wrote:
> On 3/13/18 3:00 PM, Matthew Wilcox wrote:
[...]
>>> Signed-off-by: Igor Stoppa
>> Reviewed-by: Matthew Wilcox
>
> Igor, do you mind sticking these tags on the files that have spent some
> time reviewing a revision of your
On 14/03/18 14:25, Matthew Wilcox wrote:
> On Tue, Mar 13, 2018 at 11:45:52PM +0200, Igor Stoppa wrote:
>> Add basic self-test functionality for pmalloc.
>
> Here're some additional tests for your test-suite:
>
> for (i = 1; i; i *= 2)
> pzalloc
of allocations
* added parameter for specifying size of a refill
* removed option to pre-allocate memory for a pool (is it a bad idea?)
* changed vmap_area to allow chaining them, for tracking them in a pool
* made public the previously private find_vmap_area function
Igor Stoppa (6):
struct page: add
arent area.
This will avoid more expensive searches, later on.
Signed-off-by: Igor Stoppa
Reviewed-by: Jay Freyensee
Reviewed-by: Matthew Wilcox
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/include/linux/mm_types.h b/inc
tilization outside of the purging phase.
Since the purging happens after the vmap_area is dismissed, its use is
mutually exclusive with any use performed while the area is allocated.
Signed-off-by: Igor Stoppa
---
include/linux/vmalloc.h | 2 +-
mm/vmalloc.c| 6 +++---
2 files changed, 4
gained access to the physical mapping, still has to identify where the
target of the attack is actually located.
At the same time, being also based on genalloc, pmalloc does not
generate as much trashing of the TLB as it would be caused by only using
directly vmalloc.
Signed-off-by: Igor Stoppa
Verify that pmalloc read-only protection is in place: trying to
overwrite a protected variable will crash the kernel.
Signed-off-by: Igor Stoppa
---
drivers/misc/lkdtm.h | 1 +
drivers/misc/lkdtm_core.c | 3 +++
drivers/misc/lkdtm_perms.c | 28
3 files
Detailed documentation about the protectable memory allocator.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/index.rst | 1 +
Documentation/core-api/pmalloc.rst | 101 +
2 files changed, 102 insertions(+)
create mode 100644 Documentation/core-api
Add basic self-test functionality for pmalloc.
The testing is introduced as early as possible, right after the main
dependency, genalloc, has passed successfully, so that it can help
diagnosing failures in pmalloc users.
Signed-off-by: Igor Stoppa
---
include/linux/test_pmalloc.h | 24
On 27/03/18 05:31, Matthew Wilcox wrote:
> On Tue, Mar 27, 2018 at 04:55:21AM +0300, Igor Stoppa wrote:
>> +static inline void *pmalloc_array_align(struct pmalloc_pool *pool,
>> +size_t n, size_t size,
>> +
the destroy function, removing a possible race with
use-after-free code.
Igor Stoppa (6):
struct page: add field for vm_struct
vmalloc: rename llist field in vmap_area
Protectable Memory
Pmalloc selftest
lkdtm: crash on overwriting protected pmalloc var
Documentation for Pmalloc
arent area.
This will avoid more expensive searches, later on.
Signed-off-by: Igor Stoppa
Reviewed-by: Jay Freyensee
Reviewed-by: Matthew Wilcox
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/include/linux/mm_types.h b/inc
tilization outside of the purging phase.
Since the purging happens after the vmap_area is dismissed, its use is
mutually exclusive with any use performed while the area is allocated.
Signed-off-by: Igor Stoppa
---
include/linux/vmalloc.h | 2 +-
mm/vmalloc.c| 6 +++---
2 files changed, 4
,
where present.
Signed-off-by: Igor Stoppa
---
include/linux/pmalloc.h | 166 ++
include/linux/vmalloc.h | 3 +
mm/Kconfig | 6 ++
mm/Makefile | 1 +
mm/pmalloc.c| 264
mm
Add basic self-test functionality for pmalloc.
The testing is introduced as early as possible, right after the main
dependency, genalloc, has passed successfully, so that it can help
diagnosing failures in pmalloc users.
Signed-off-by: Igor Stoppa
---
include/linux/test_pmalloc.h | 24
Verify that pmalloc read-only protection is in place: trying to
overwrite a protected variable will crash the kernel.
Signed-off-by: Igor Stoppa
---
drivers/misc/lkdtm.h | 1 +
drivers/misc/lkdtm_core.c | 3 +++
drivers/misc/lkdtm_perms.c | 25 +
3 files changed
Detailed documentation about the protectable memory allocator.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/index.rst | 1 +
Documentation/core-api/pmalloc.rst | 107 +
2 files changed, 108 insertions(+)
create mode 100644 Documentation/core-api
On 12/03/18 21:13, Matthew Wilcox wrote:
> On Wed, Feb 28, 2018 at 10:06:17PM +0200, Igor Stoppa wrote:
>> struct gen_pool *pmalloc_create_pool(const char *name,
>> int min_alloc_order);
>> int is_pmalloc_object(const void *ptr,
On 27/03/18 20:55, Jonathan Corbet wrote:
On Tue, 27 Mar 2018 18:37:36 +0300
Igor Stoppa wrote:
This patch-set introduces the possibility of protecting memory that has
been allocated dynamically.
One thing that jumps out at me as I look at the patch set is: you do not
include any users
On 14/03/2018 19:33, Matthew Wilcox wrote:
> On Wed, Mar 14, 2018 at 06:11:22PM +0200, Igor Stoppa wrote:
[...]
>> Probably page_frag does well with relatively large allocations, while
>> genalloc seems to be better for small (few allocation units) allocations.
>
> I don
On 14/02/18 21:29, Kees Cook wrote:
> On Wed, Feb 14, 2018 at 11:06 AM, Laura Abbott wrote:
[...]
>> Kernel code should be fine, if it isn't that is a bug that should be
>> fixed. Modules yes are not fully protected. The conclusion from past
>
> I think that's a pretty serious problem: we
On 13/02/18 01:43, Kees Cook wrote:
> On Mon, Feb 12, 2018 at 8:53 AM, Igor Stoppa wrote:
[...]
>> +obj-$(CONFIG_PROTECTABLE_MEMORY_SELFTEST) += pmalloc-selftest.o
>
> Nit: self-test modules are traditionally named "test_$thing.o"
> (outside of the tools/ direct
On 13/02/18 01:50, Kees Cook wrote:
> On Mon, Feb 12, 2018 at 8:52 AM, Igor Stoppa wrote:
[...]
>> lib/genalloc-selftest.c | 400
>> ++
>
> Nit: make this test_genalloc.c instead.
ok
[...]
>> + genalloc_selfte
On 13/02/18 01:52, Kees Cook wrote:
> On Mon, Feb 12, 2018 at 8:52 AM, Igor Stoppa wrote:
>> @@ -738,14 +1031,16 @@ EXPORT_SYMBOL(devm_gen_pool_create);
>>
>> #ifdef CONFIG_OF
>> /**
>> - * of_gen_pool_get - find a pool by phandle property
>> + * of_
On 13/02/18 20:10, Laura Abbott wrote:
> On 02/13/2018 07:20 AM, Igor Stoppa wrote:
>> Why alterations of page properties are not considered a risk and the physmap
>> is?
>> And how would it be easier (i suppose) to attack the latter?
>
> Alterations are certainly
On 20/02/18 03:21, Dave Chinner wrote:
> On Mon, Feb 12, 2018 at 03:32:36PM -0800, Kees Cook wrote:
>> On Mon, Feb 12, 2018 at 8:52 AM, Igor Stoppa wrote:
>>> This patch-set introduces the possibility of protecting memory that has
>>> been allocated dynamically.
&g
On 12/02/18 18:24, Igor Stoppa wrote:
>
>
> On 11/02/18 23:16, Matthew Wilcox wrote:
>> On Sun, Feb 11, 2018 at 05:19:17AM +0200, Igor Stoppa wrote:
>>> The struct page has a "mapping" field, which can be re-used, to store a
>>> pointer to the
On 21/02/18 03:36, Dave Chinner wrote:
> On Tue, Feb 20, 2018 at 03:56:00PM -0800, Matthew Wilcox wrote:
>> On Wed, Feb 21, 2018 at 08:36:04AM +1100, Dave Chinner wrote:
>>> FWIW, I'm not wanting to use it to replace static variables. All the
>>> structures are dynamically allocated right now, and
On 20/02/18 22:54, Matthew Wilcox wrote:
> On Tue, Feb 20, 2018 at 09:53:30PM +0200, Igor Stoppa wrote:
[...]
>> It was found while testing on a configuration with framebuffer.
>
> ... ah. You tried to use vmalloc_to_page() on something which wasn't
> backed by a st
On 21/02/18 23:36, Dave Chinner wrote:
> On Wed, Feb 21, 2018 at 11:56:22AM +0200, Igor Stoppa wrote:
[...]
> It seems lots of people get confused when discussing concepts vs
> implementation... :)
IMHO, if possible, it's better to use unambiguous terms at every point.
__ro_a
On 22/02/18 00:24, Kees Cook wrote:
> On Tue, Feb 20, 2018 at 8:40 AM, Igor Stoppa wrote:
[...]
>> sorry for being dense ... are you proposing that I do something to
>> lkdtm_rodata.c ? An example would probably help me understand.
>
> It would likely live in lk
On 22/02/18 00:28, Kees Cook wrote:
> On Tue, Feb 20, 2018 at 8:59 AM, Igor Stoppa wrote:
>>
>>
>> On 13/02/18 01:50, Kees Cook wrote:
>>> On Mon, Feb 12, 2018 at 8:52 AM, Igor Stoppa wrote:
[...]
>>>> + genalloc_selftest();
>>>
any of my patches.
I'm still not 100% sure that I'm doing something sane, but I thought it
might be good to share the finding.
The patch contains both a minimal change, to trigger the crash, and a
snippet of the log of the crash i get.
Igor Stoppa (1):
crash vmalloc_to_page()
mm/vmalloc.c | 5
this patch, when used with the config file for 0day kernel test for
i386, against 4.16-rc2, causes the following:
...
[8.686470] [TTM] Initializing DMA pool allocator
[8.691148] WARNING: CPU: 0 PID: 1 at mm/vmalloc.c:301
vmalloc_to_page+0x360/0x370
[8.692185] Modules linked in:
[
On 21/02/18 14:01, Igor Stoppa wrote:
> it seems to return garbage also without this patch, but I need to clean
> up the code, try it again and possibly come up with a demo patch for
> triggering the problem.
>
> I'll investigate it more. However it doesn't see
On 22/02/18 11:14, Igor Stoppa wrote:
>
>
> On 22/02/18 00:28, Kees Cook wrote:
>> On Tue, Feb 20, 2018 at 8:59 AM, Igor Stoppa wrote:
>>>
>>>
>>> On 13/02/18 01:50, Kees Cook wrote:
>>>> On Mon, Feb 12, 2018 at 8:52 AM, Igor Stoppa
>
Add SPDX license to genalloc.rst, then a label, to allow cross-referencing.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/genalloc.rst | 4
1 file changed, 4 insertions(+)
diff --git a/Documentation/core-api/genalloc.rst
b/Documentation/core-api/genalloc.rst
index 6b38a39fab24
that the patch works correctly.
Eventually, the extra parameter (and the corresponding verification)
could be dropped, in favor of a simplified API.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 112 +++
lib/genalloc.c | 742 ++-
2
the callers of the free function with the internal tracking.
Later on, the "size" parameter can be dropped, and each caller can be
adjusted accordingly.
Signed-off-by: Igor Stoppa
Igor Stoppa (3):
genalloc: track beginning of allocations
Add label and license to genalloc.rst
it as module.
Signed-off-by: Igor Stoppa
---
init/main.c | 2 +
lib/Kconfig | 15 ++
lib/Makefile| 1 +
lib/test_genalloc.c | 410
4 files changed, 428 insertions(+)
create mode 100644 lib/test_genalloc.c
diff --git
On 29/04/18 07:09, Matthew Wilcox wrote:
On Sun, Apr 29, 2018 at 06:45:39AM +0400, Igor Stoppa wrote:
This patchset was created as part of an older version of pmalloc, however
it has value per-se, as it hardens the memory management for the generic
allocator genalloc.
Genalloc does
oops, sorry, I forgot the references :-(
On 29/04/18 20:39, Igor Stoppa wrote:
On 29/04/18 07:09, Matthew Wilcox wrote:
On Sun, Apr 29, 2018 at 06:45:39AM +0400, Igor Stoppa wrote:
This patchset was created as part of an older version of pmalloc,
however
it has value per-se, as it hardens
On 29/04/18 07:36, Randy Dunlap wrote:
On 04/28/2018 07:45 PM, Igor Stoppa wrote:
[...]
+ test_genalloc();
Is there a stub for test_genalloc() when its config option is not enabled?
I don't see it.
I failed to add to the patch include/linux/test_genalloc.h :-/
That's where the stub
On 24/04/18 18:44, Matthew Wilcox wrote:
On Tue, Apr 24, 2018 at 02:32:36PM +0200, lazytyped wrote:
On 4/24/18 1:50 PM, Matthew Wilcox wrote:
struct modifiable_data {
struct immutable_data *d;
...
};
Then allocate a new pool, change d and destroy the old pool.
With the
/Igor-security/linux/tree/preparations-for-mm
Igor Stoppa (2):
struct page: add field for vm_struct
vmalloc: rename llist field in vmap_area
include/linux/mm_types.h | 1 +
include/linux/vmalloc.h | 2 +-
mm/vmalloc.c | 8 +---
3 files changed, 7 insertions(+), 4 deletions
tilization outside of the purging phase.
Since the purging happens after the vmap_area is dismissed, its use is
mutually exclusive with any use performed while the area is allocated.
Signed-off-by: Igor Stoppa
---
include/linux/vmalloc.h | 2 +-
mm/vmalloc.c| 6 +++---
2 files changed, 4
arent area.
This will avoid more expensive searches, later on.
Signed-off-by: Igor Stoppa
Reviewed-by: Jay Freyensee
Reviewed-by: Matthew Wilcox
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/include/linux/mm_types.h b/inc
Hi,
I have been wondering if it's ok to break a long (function declaration)
line in the following way:
static __always_inline
struct foo_bar *__get_foo_bar(type1 parm1, type2 parm2, type3 parm3)
instead of:
static __always_inline struct foo_bar *__get_foo_bar(type1 parm1,
On 12/05/18 18:41, Joe Perches wrote:
I personally like more the former, not to mention that it uses also one
line less, but it seems less common in the sources.
The coding style references do not seem to say anything explicit about
which style to prefer.
thank you, I could provide a patch to
On 01/05/18 03:15, Andrew Morton wrote:
On Fri, 27 Apr 2018 03:42:41 +0400 Igor Stoppa wrote:
These two patches were written in preparation for the creation of
protectable memory, however their use is not limited to pmalloc and can
improve the use of virtually contiguous memory.
The first
enwall.com/lists/kernel-hardening/2018/04/29/1]
* make the tester code a kernel module
* turn selftest BUG() error exit paths into WARN()
* add analysis of impact on current users of genalloc
Igor Stoppa (3):
genalloc: track beginning of allocations
Add label and license to genalloc.rst
troubleshooting a crash, it is recommended
to compile the tests into the monolithic kernel.
Signed-off-by: Igor Stoppa
---
lib/Kconfig.debug | 23 +++
lib/Makefile| 1 +
lib/test_genalloc.c | 419
3 files changed, 443 insertions(+)
create
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 112 +++
lib/genalloc.c | 742 ++-
2 files changed, 599 insertions(+), 255 deletions(-)
diff --git a/include/linux/genalloc.h b/include/linux/genalloc.h
index 872f930f1b06..ff72295
Add SPDX license to genalloc.rst, then a label, to allow cross-referencing.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/genalloc.rst | 4
1 file changed, 4 insertions(+)
diff --git a/Documentation/core-api/genalloc.rst
b/Documentation/core-api/genalloc.rst
index 6b38a39fab24
On 03/05/18 01:50, Andrew Morton wrote:
On Wed, 2 May 2018 05:05:19 +0400 Igor Stoppa wrote:
This patchset was created as part of an older version of pmalloc, however
it has value per-se, as it hardens the memory management for the generic
allocator genalloc.
Genalloc does not currently
On 24/04/18 15:50, Matthew Wilcox wrote:
On Mon, Apr 23, 2018 at 04:54:56PM +0400, Igor Stoppa wrote:
While the vanilla version of pmalloc provides support for permanently
transitioning between writable and read-only of a memory pool, this
patch seeks to support a separate class of data
On 04/05/18 01:55, Dave Hansen wrote:
On 05/03/2018 02:52 PM, Igor Stoppa wrote:
At the end of the summit, we agreed that I would go through the physmap.
Do you mean the kernel linear map?
Apparently I did mean it. It was confusing, because I couldn't find a
single place stating
Foreword:
If I should direct this message to someone else, please let me know.
I couldn't get a clear idea, by looking at both MAINTAINERS and git blame.
Hi,
I'm currently trying to convert the SE Linux policy db into using a
protectable memory allocator (pmalloc) that I have developed.
Hi,
On 18/08/17 16:57, Laura Abbott wrote:
> Again, if you have a specific patch or
> proposal this would be easier to review.
yes, I'm preparing it and will send it out soon,
but it was somehow surprising to me that it was chosen to implement free
with the size parameter.
It made me think
.
The execution of the self testing is controlled through a Kconfig option.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc-selftest.h | 30 +++
init/main.c | 2 +
lib/Kconfig | 14 ++
lib/Makefile | 1 +
lib/genalloc-selftest.c
missed someone, please include them to the recipients.
Igor Stoppa (2):
genalloc: track beginning of allocations
genalloc: selftest
include/linux/genalloc-selftest.h | 30 +++
include/linux/genalloc.h | 3 +-
init/main.c | 2 +
lib/Kconfig
being patched has a 1:1 mapping between allocation units and bits.
This means that, now, the bitmap can be extended (by following powers of
2), to track also other properties of the allocations, if ever needed.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 3 +-
lib/gen
together, but it
definitely would need thorough review.
I hope I have added as reviewer all the relevant people.
If I missed someone, please include them to the recipients.
Igor Stoppa (1):
genalloc: track beginning of allocations
include/linux/genalloc.h | 3 +-
lib/genalloc.c | 417
being patched has a 1:1 mapping between allocation units and bits.
This means that, now, the bitmap can be extended (by following powers of
2), to track also other properties of the allocations, if ever needed.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 3 +-
lib/gen
On 03/08/17 18:15, Michal Hocko wrote:
> I would check the one where we have mapping. It is rather unlikely
> vmalloc users would touch this one.
That was also the initial recommendation from Jerome Glisse, but it
seemed unusable, because of the related comment.
I should have asked for
On 04/08/17 11:12, Michal Hocko wrote:
> On Fri 04-08-17 11:02:46, Igor Stoppa wrote:
[...]
>> struct page {
>> /* First double word block */
>> unsigned long flags; /* Atomic flags, some possibly
>> * updated
On 07/08/17 16:31, Jerome Glisse wrote:
> On Mon, Aug 07, 2017 at 02:26:21PM +0300, Igor Stoppa wrote:
[...]
>> I'll add a vm_area field as you advised.
>>
>> Is this something I could send as standalone patch?
>
> Note that vmalloc() is not the only thing that
On 07/08/17 22:12, Jerome Glisse wrote:
> On Mon, Aug 07, 2017 at 05:13:00PM +0300, Igor Stoppa wrote:
[...]
>> I have an updated version of the old proposal:
>>
>> * put a magic number in the private field, during initialization of
>> pmalloc pages
>>
>>
On 09/08/17 02:15, Jerome Glisse wrote:
> On Tue, Aug 08, 2017 at 03:59:36PM +0300, Igor Stoppa wrote:
[...]
>> I am tempted to add
>>
>> #define VM_PMALLOC 0x0100
[...]
> VM_PMALLOC sounds fine to me also adding a comment there pointing to
>
Hi,
while I am working to another example of using pmalloc [1],
it was pointed out to me that:
1) I had introduced a bug when I switched to using a field of the page
structure [2]
2) I was also committing a layer violation in the way I was tagging the
pages.
I am seeking help to understand what
On 02/08/17 20:08, Jerome Glisse wrote:
> On Wed, Aug 02, 2017 at 06:14:28PM +0300, Igor Stoppa wrote:
[...]
>> +set_page_private(page, 1);
>
> Above line is pointless you overwrite value right below
yes ...
>
>> +page->
On 03/08/17 14:48, Michal Hocko wrote:
> On Thu 03-08-17 13:11:45, Igor Stoppa wrote:
>> On 02/08/17 20:08, Jerome Glisse wrote:
>>> On Wed, Aug 02, 2017 at 06:14:28PM +0300, Igor Stoppa wrote:
[...]
>>>> from include/linux/mm_types.h:
>>>>
On 03/08/17 16:55, Michal Hocko wrote:
> On Thu 03-08-17 15:20:31, Igor Stoppa wrote:
>> On 03/08/17 14:48, Michal Hocko wrote:
>>> On Thu 03-08-17 13:11:45, Igor Stoppa wrote:
[...]
>>>> But, to reply more specifically to your advice, yes, I think I coul
On 03/08/17 17:47, Jerome Glisse wrote:
> On Thu, Aug 03, 2017 at 03:55:50PM +0200, Michal Hocko wrote:
>> On Thu 03-08-17 15:20:31, Igor Stoppa wrote:
[...]
>>> I am confused about this: if "private2" is a pointer, but when I get an
>>> address, I do no
On 01/04/18 08:41, Sargun Dhillon wrote:
> The biggest security benefit of this patchset is the introduction of
> read-only hooks, even if some security modules have mutable hooks.
> Currently, if you have any LSMs with mutable hooks it will render all heads,
> and
> list nodes mutable. These are
On 05/04/18 13:31, Peter Dolding wrote:
> On Thu, Apr 5, 2018 at 7:55 PM, Igor Stoppa wrote:
[...]
>> A) hooks that are either const or marked as RO after init
>>
>> B) hooks that are writable for a short time, long enough to load
>> additional, non built-in module
tilization outside of the purging phase.
Since the purging happens after the vmap_area is dismissed, its use is
mutually exclusive with any use performed while the area is allocated.
Signed-off-by: Igor Stoppa
---
include/linux/vmalloc.h | 2 +-
mm/vmalloc.c| 6 +++---
2 files changed, 4
arent area.
This will avoid more expensive searches, later on.
Signed-off-by: Igor Stoppa
Reviewed-by: Jay Freyensee
Reviewed-by: Matthew Wilcox
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/include/linux/mm_types.h b/inc
(), detected by gcc 7.3
* converted internal types into size_t
* fixed leak of vmalloc memory in the self-test code
Igor Stoppa (6):
struct page: add field for vm_struct
vmalloc: rename llist field in vmap_area
Protectable Memory
Documentation for Pmalloc
Pmalloc selftest
lkdtm: crash
Verify that pmalloc read-only protection is in place: trying to
overwrite a protected variable will crash the kernel.
Signed-off-by: Igor Stoppa
---
drivers/misc/lkdtm/core.c | 3 +++
drivers/misc/lkdtm/lkdtm.h | 1 +
drivers/misc/lkdtm/perms.c | 25 +
3 files changed
,
where present.
Signed-off-by: Igor Stoppa
---
include/linux/pmalloc.h | 166 ++
include/linux/vmalloc.h | 3 +
mm/Kconfig | 6 ++
mm/Makefile | 1 +
mm/pmalloc.c| 265
mm
Detailed documentation about the protectable memory allocator.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/index.rst | 1 +
Documentation/core-api/pmalloc.rst | 107 +
2 files changed, 108 insertions(+)
create mode 100644 Documentation/core-api
Add basic self-test functionality for pmalloc.
The testing is introduced as early as possible, right after the main
dependency, genalloc, has passed successfully, so that it can help
diagnosing failures in pmalloc users.
Signed-off-by: Igor Stoppa
---
include/linux/test_pmalloc.h | 24
arent area.
This will avoid more expensive searches, later on.
Signed-off-by: Igor Stoppa
Reviewed-by: Jay Freyensee
Reviewed-by: Matthew Wilcox
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/include/linux/mm_types.h b/inc
Detailed documentation about the protectable memory allocator.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/index.rst | 1 +
Documentation/core-api/pmalloc.rst | 161 +
2 files changed, 162 insertions(+)
create mode 100644 Documentation/core-api
401 - 500 of 850 matches
Mail list logo