available for modifying the memory, which is also mapped at a random
address, which is harder to retrieve, even in case of another core
racing with the one performing the modification.
Signed-off-by: Igor Stoppa
CC: Carlos Chinea Perez
CC: Remi Denis Courmont
---
Documentation/core-api
Try to alter locked but modifiable pools.
The test neds some cleanup and expansion.
It is provided primarily as reference.
Signed-off-by: Igor Stoppa
---
mm/test_pmalloc.c | 75 +++
1 file changed, 75 insertions(+)
diff --git a/mm
Verify that pmalloc read-only protection is in place: trying to
overwrite a protected variable will crash the kernel.
Signed-off-by: Igor Stoppa
---
drivers/misc/lkdtm/core.c | 3 +++
drivers/misc/lkdtm/lkdtm.h | 1 +
drivers/misc/lkdtm/perms.c | 25 +
3 files changed
how to deny an
easy target to the attacker.
In case the kernel is compiled with JOP safeguards, then it becomes far
harder for the attacker to jump into the middle of the function which
calls pmalloc_rare_write, to alter the state.
Signed-off-by: Igor Stoppa
---
security/selinux/hoo
tilization outside of the purging phase.
Since the purging happens after the vmap_area is dismissed, its use is
mutually exclusive with any use performed while the area is allocated.
Signed-off-by: Igor Stoppa
---
include/linux/vmalloc.h | 2 +-
mm/vmalloc.c| 6 +++---
2 files changed, 4
Add basic self-test functionality for pmalloc.
The testing is introduced as early as possible, right after the main
dependency, genalloc, has passed successfully, so that it can help
diagnosing failures in pmalloc users.
Signed-off-by: Igor Stoppa
---
include/linux/test_pmalloc.h | 24
one of hte internal states
of SELinux.
Changes since v22:
[http://www.openwall.com/lists/kernel-hardening/2018/04/13/3]
- refactored some helper functions in a separate local header
- expanded the documentation
- introduction of rare write support
- example with SELinux "initialized" fi
,
where present.
Signed-off-by: Igor Stoppa
---
include/linux/pmalloc.h | 148
include/linux/vmalloc.h | 3 +
mm/Kconfig | 6 ++
mm/Makefile | 1 +
mm/pmalloc.c| 174
On 24/04/18 15:50, Matthew Wilcox wrote:
On Mon, Apr 23, 2018 at 04:54:56PM +0400, Igor Stoppa wrote:
While the vanilla version of pmalloc provides support for permanently
transitioning between writable and read-only of a memory pool, this
patch seeks to support a separate class of data
On 24/04/18 16:32, lazytyped wrote:
On 4/24/18 1:50 PM, Matthew Wilcox wrote:
struct modifiable_data {
struct immutable_data *d;
...
};
Then allocate a new pool, change d and destroy the old pool.
With the above, you have just shifted the target of the arbitrary write
On 24/04/18 16:49, Stephen Smalley wrote:
On 04/23/2018 08:54 AM, Igor Stoppa wrote:
[...]
The patch is probably in need of rework, to make it fit better with the
new SELinux internal data structures, however it shows how to deny an
easy target to the attacker.
I know this is just
On 24/04/18 19:03, lazytyped wrote:
On 4/24/18 4:44 PM, Matthew Wilcox wrote:
On Tue, Apr 24, 2018 at 02:32:36PM +0200, lazytyped wrote:
On 4/24/18 1:50 PM, Matthew Wilcox wrote:
struct modifiable_data {
struct immutable_data *d;
...
};
Then allocate a new pool, change d
On 24/04/18 16:33, Igor Stoppa wrote:
On 24/04/18 15:50, Matthew Wilcox wrote:
On Mon, Apr 23, 2018 at 04:54:56PM +0400, Igor Stoppa wrote:
While the vanilla version of pmalloc provides support for permanently
transitioning between writable and read-only of a memory pool, this
patch seeks
On 14/03/18 19:33, Matthew Wilcox wrote:
> I think an implementation of
> pmalloc which used a page_frag-style allocator would be larger than
> 100 lines, but I don't think it would have to be significantly larger
> than that.
I have some doubt about what is the best way to implement it using
On 06/03/2018 16:10, Matthew Wilcox wrote:
> On Wed, Feb 28, 2018 at 10:06:14PM +0200, Igor Stoppa wrote:
>> + * Encoding of the bitmap tracking the allocations
>> + * ---
>> + *
>> + * The bitmap is composed of units of allo
On 05/03/2018 21:00, J Freyensee wrote:
> .
> .
>
>
> On 2/28/18 12:06 PM, Igor Stoppa wrote:
>> +
>> +/**
>> + * gen_pool_dma_alloc() - allocate special memory from the pool for DMA
>> usage
>> + * @pool: pool to allocate from
>> +
On 06/03/18 18:05, Igor Stoppa wrote:
> On 06/03/2018 16:10, Matthew Wilcox wrote:
[...]
>> This seems unnecessarily complicated.
>
> TBH it seemed to me a natural extension of the existing encoding :-)
BTW, to provide some background, this is where it begun:
http://www.ope
On 06/03/18 19:20, J Freyensee wrote:
> On 2/28/18 12:06 PM, Igor Stoppa wrote:
[...]
>> void __init lkdtm_perms_init(void);
>> void lkdtm_WRITE_RO(void);
>> void lkdtm_WRITE_RO_AFTER_INIT(void);
>> +void lkdtm_WRITE_RO_PMALLOC(void);
>
> Does
On 06/03/18 05:59, J Freyensee wrote:
[...]
>> +config PROTECTABLE_MEMORY
>> +bool
>> +depends on MMU
>
>
> Curious, would you also want to depend on "SECURITY" as well, as this is
> being advertised as a compliment to __read_only_after_init, per the file
> header comments, as I'm
On 06/03/18 15:19, Mike Rapoport wrote:
> On Wed, Feb 28, 2018 at 10:06:14PM +0200, Igor Stoppa wrote:
[...]
> If I'm not mistaken, several kernel-doc descriptions are duplicated now.
> Can you please keep a single copy? ;-)
What's the preferred approach?
Document the functions tha
On 07/03/18 16:48, Igor Stoppa wrote:
>
>
> On 06/03/18 15:19, Mike Rapoport wrote:
>> On Wed, Feb 28, 2018 at 10:06:14PM +0200, Igor Stoppa wrote:
[...]
>>> + * get_boundary() - verifies address, then measure length.
>>
>> There's some lack of consistency
nux-kernel@vger.kernel.org/msg1617030.html]
Igor Stoppa (7):
genalloc: track beginning of allocations
genalloc: selftest
struct page: add field for vm_struct
Protectable Memory
Pmalloc selftest
lkdtm: crash on overwriting protected pmalloc var
Documentation for Pmalloc
Documentation/core-api
confirmation that the patch works correctly.
Eventually, the extra parameter (and the corresponding verification) could
be dropped, in favor of a simplified API.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 4 +-
lib/genalloc.c | 631
it as module.
Signed-off-by: Igor Stoppa
---
include/linux/test_genalloc.h | 26 +++
init/main.c | 2 +
lib/Kconfig | 15 ++
lib/Makefile | 1 +
lib/test_genalloc.c | 410 ++
5 files changed
arent area.
This will avoid more expensive searches, later on.
Signed-off-by: Igor Stoppa
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 5 +
2 files changed, 6 insertions(+)
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index fd1af6b9591d..c3a4825e1
.
At the same time, being also based on genalloc, pmalloc does not
generate as much trashing of the TLB as it would be caused by using
directly only vmalloc.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 3 +
include/linux/pmalloc.h | 242 +++
include/linux/vmalloc.h
Add basic self-test functionality for pmalloc.
The testing is introduced as early as possible, right after the main
dependency, genalloc, has passed successfully, so that it can help
diagnosing failures in pmalloc users.
Signed-off-by: Igor Stoppa
---
include/linux/test_pmalloc.h | 24
Verify that pmalloc read-only protection is in place: trying to
overwrite a protected variable will crash the kernel.
Signed-off-by: Igor Stoppa
---
drivers/misc/lkdtm.h | 1 +
drivers/misc/lkdtm_core.c | 3 +++
drivers/misc/lkdtm_perms.c | 28
3 files
Detailed documentation about the protectable memory allocator.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/index.rst | 1 +
Documentation/core-api/pmalloc.rst | 114 +
2 files changed, 115 insertions(+)
create mode 100644 Documentation/core-api
On 02/02/18 17:40, Rob Herring wrote:
> Add SPDX license tag check based on the rules defined in
Shouldn't it also check that the license is compatible?
[...]
> + } elsif ($realfile =~ /\.rst$/) {
> + $comment = '..';
What is the
Thanks for the review and apologies for the delay.
Replies inlined below.
On 30/01/18 19:08, Jonathan Corbet wrote:
> On Tue, 30 Jan 2018 17:14:45 +0200
> Igor Stoppa wrote:
[...]
> Please don't put plain-text files into core-api - that's a directory full
ok
>> diff --git
On 01/02/18 23:11, Kees Cook wrote:
> IIUC, he means PageHead(), which is also hard to grep for, since it is
> a constructed name, via Page##uname in include/linux/page-flags.h:
>
> __PAGEFLAG(Head, head, PF_ANY) CLEARPAGEFLAG(Head, head, PF_ANY)
Thank you, I'll try to provide a meaningful
On 02/02/18 21:06, Joe Perches wrote:
> On Fri, 2018-02-02 at 12:27 -0600, Rob Herring wrote:
>> On Fri, Feb 2, 2018 at 9:49 AM, Igor Stoppa wrote:
>>> On 02/02/18 17:40, Rob Herring wrote:
>>>> Add SPDX license tag check based on the rules defined in
&
+Boris Lukashev
On 02/02/18 20:39, Christopher Lameter wrote:
> On Thu, 25 Jan 2018, Matthew Wilcox wrote:
>
>> It's worth having a discussion about whether we want the pmalloc API
>> or whether we want a slab-based API. We can have a separate discussion
>> about an API to remove pages from the
On 02/02/18 20:43, Christopher Lameter wrote:
> On Thu, 1 Feb 2018, Igor Stoppa wrote:
>
>>> Would it not be better to use compound page allocations here?
[...]
> Ok its compound_head(). See also the use in the SLAB and SLUB allocator.
>
>> During hardened user co
.
An example is provided, in the form of self-testing.
Changes since v12
[https://lkml.org/lkml/2018/1/30/397]
- fixed Kconfig dependency for pmalloc-test
- fixed warning for size_t treated as %ul on i386
- moved to SPDX license reference
- rewrote pmalloc docs
Igor Stoppa (6):
genalloc: track
.
The execution of the self testing is controlled through a Kconfig option.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc-selftest.h | 30 +++
init/main.c | 2 +
lib/Kconfig | 15 ++
lib/Makefile | 1 +
lib/genalloc-selftest.c
being patched has a 1:1 mapping between allocation units and bits.
This means that, now, the bitmap can be extended (by following powers of
2), to track also other properties of the allocations, if ever needed.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 4 +-
lib/gen
arent area. This will avoid more expensive searches.
As example, the function find_vm_area is reimplemented, to take advantage
of the newly introduced field.
Signed-off-by: Igor Stoppa
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 18 +-
2 files changed, 14 insert
as needed, for example to support the
protection of data that is initialized in sufficiently distinct phases.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 3 +
include/linux/pmalloc.h | 211 +++
include/linux/vmalloc.h | 1 +
lib/genalloc.c | 27
>> On Thu, 25 Jan 2018, Matthew Wilcox wrote:
>>> It's worth having a discussion about whether we want the pmalloc API
>>> or whether we want a slab-based API.
I'd love to have some feedback specifically about the API.
I have also some idea about userspace and how to extend the pmalloc
concept
On 03/02/18 22:12, Boris Lukashev wrote:
> Regarding the notion of validated protected memory, is there a method
> by which the resulting checksum could be used in a lookup
> table/function to resolve the location of the protected data?
What I have in mind is a checksum at page/vmap_area
On 04/02/18 00:29, Boris Lukashev wrote:
> On Sat, Feb 3, 2018 at 3:32 PM, Igor Stoppa wrote:
[...]
>> What you are suggesting, if I have understood it correctly, is that,
>> when the pool is protected, the addresses already given out, will become
>> traps that get reso
.
An example is provided, in the form of self-testing.
Changes since v13:
[http://www.openwall.com/lists/kernel-hardening/2018/02/03/3]
- fixed warnings from "make htmldocs"
- added documentation to core-api index
Igor Stoppa (6):
genalloc: track beginning of allocations
genalloc
being patched has a 1:1 mapping between allocation units and bits.
This means that, now, the bitmap can be extended (by following powers of
2), to track also other properties of the allocations, if ever needed.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 4 +-
lib/gen
.
The execution of the self testing is controlled through a Kconfig option.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc-selftest.h | 30 +++
init/main.c | 2 +
lib/Kconfig | 15 ++
lib/Makefile | 1 +
lib/genalloc-selftest.c
arent area. This will avoid more expensive searches.
As example, the function find_vm_area is reimplemented, to take advantage
of the newly introduced field.
Signed-off-by: Igor Stoppa
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 18 +-
2 files changed, 14 insert
as needed, for example to support the
protection of data that is initialized in sufficiently distinct phases.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 3 +
include/linux/pmalloc.h | 213
include/linux/vmalloc.h | 1 +
lib/genalloc.c | 27
Add basic self-test functionality for pmalloc.
Signed-off-by: Igor Stoppa
---
mm/Kconfig| 9
mm/Makefile | 1 +
mm/pmalloc-selftest.c | 61 +++
mm/pmalloc-selftest.h | 26 ++
4 files changed, 97
Detailed documentation about the protectable memory allocator.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/index.rst | 1 +
Documentation/core-api/pmalloc.rst | 114 +
2 files changed, 115 insertions(+)
create mode 100644 Documentation/core-api
Ping?
The kernel test automation seems to confirm my findings:
https://marc.info/?l=linux-mm=151999308428656=2
Is this really a bug?
On 22/02/18 16:13, Igor Stoppa wrote:
> While trying to change the code of find_vm_area, I got an automated
> notification that my code was breaking the t
Hello,
and thanks for the reviews, my replies inlined below.
On 24/02/18 00:28, J Freyensee wrote:
> some code snipping
> .
> .
> .
>> +/**
>> + * get_bitmap_entry() - extracts the specified entry from the bitmap
>> + * @map: pointer to a bitmap
>> + * @entry_index: the index of the desired entry
On 24/02/18 00:42, J Freyensee wrote:
>
>> +locations[action->location] = gen_pool_alloc(pool, action->size);
>> +BUG_ON(!locations[action->location]);
>
> Again, I'd think it through if you really want to use BUG_ON() or not:
>
> https://lwn.net/Articles/13183/
>
On 24/02/18 02:10, J Freyensee wrote:
> On 2/23/18 6:48 AM, Igor Stoppa wrote:
[...]
>> +struct gen_pool *pmalloc_create_pool(const char *name,
>> + int min_alloc_order);
>
> Same comments as earlier. If this is new API with new cod
On 24/02/18 02:26, J Freyensee wrote:
>
>
> On 2/23/18 6:48 AM, Igor Stoppa wrote:
[...]
>> +- Before destroying a pool, all the memory allocated from it must be
>> + released.
>
> Is that true? pmalloc_destroy_pool() has:
>
> .
> .
> +
On 25/02/18 05:38, Matthew Wilcox wrote:
> On Fri, Feb 23, 2018 at 04:48:03PM +0200, Igor Stoppa wrote:
>> @@ -1769,6 +1771,9 @@ void *__vmalloc_node_range(unsigned long size,
>> unsigned long align,
>>
>> kmemleak_vmalloc(area, size, gfp_mask);
>&g
On 26/02/18 19:46, J Freyensee wrote:
>
>
> On 2/26/18 4:11 AM, Igor Stoppa wrote:
>>
>> On 24/02/18 00:42, J Freyensee wrote:
>>>> + locations[action->location] = gen_pool_alloc(pool, action->size);
>>>> + BUG_ON(!locations[action->loc
On 26/02/18 19:32, J Freyensee wrote:
> My replies also inlined.
>
> On 2/26/18 4:09 AM, Igor Stoppa wrote:
[...]
> But some of the code looks API'like to me, partly because of
> all the function header documentation, which thank you for that, but I
> wasn't sure where
On 26/02/18 21:12, Matthew Wilcox wrote:
[...]
> panic() halts the kernel
> BUG_ON() kills the thread
> WARN_ON() just prints messages
>
> Now, if we're at boot time and we're still executing code from the init
> thread, killing init is equivalent to halting the kernel.
>
> The question is,
On 11/02/18 14:24, Mike Rapoport wrote:
> On Sun, Feb 11, 2018 at 05:19:15AM +0200, Igor Stoppa wrote:
[...]
>> +/**
>> + * mem_to_units - convert references to memory into orders of allocation
>
> Documentation/doc-guide/kernel-doc.rst recommends to to include brackets
&g
On 11/02/18 14:37, Mike Rapoport wrote:
> On Sun, Feb 11, 2018 at 05:19:18AM +0200, Igor Stoppa wrote:
>> + * Return: 0 if the object does not belong to pmalloc, 1 if it belongs to
>> + * pmalloc, -1 if it partially overlaps pmalloc meory, but incore
On 11/02/18 23:17, Matthew Wilcox wrote:
> On Sun, Feb 11, 2018 at 05:19:20AM +0200, Igor Stoppa wrote:
>> @@ -0,0 +1,114 @@
>> +SPDX-License-Identifier: CC-BY-SA-4.0
>
> You need the '.. ' before the 'SPDX'. See
> Documentation/process/license-rules.rst
yes, sorry, I
On 12/02/18 14:53, Mike Rapoport wrote:
> 'scripts/kernel-doc -v -none
That has a quite interesting behavior.
I run it on genalloc.c while I am in the process of adding the brackets
to the function names in the kernel-doc description.
The brackets confuse the script and it fails to output
On 12/02/18 17:31, Mike Rapoport wrote:
[...]
> Seems that kernel-doc does not consider () as a valid match for the
> identifier :)
>
> Can you please check with the below patch?
yes, it works now, than you!
--
igor
On 11/02/18 23:16, Matthew Wilcox wrote:
> On Sun, Feb 11, 2018 at 05:19:17AM +0200, Igor Stoppa wrote:
>> The struct page has a "mapping" field, which can be re-used, to store a
>> pointer to the parent area. This will avoid more expensive searches.
>>
>>
to lists
- Fixed SPDX license statements
Igor Stoppa (6):
genalloc: track beginning of allocations
genalloc: selftest
struct page: add field for vm_struct
Protectable Memory
Pmalloc: self-test
Documentation for Pmalloc
Documentation/core-api/index.rst | 1 +
Documentat
for a sufficiently long
sequence of zeros, to identify zones available for allocation.
This patch doubles the space reserved in the bitmap for each allocation,
to track their beginning.
For details, see the documentation inside lib/genalloc.c
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 4
.
The execution of the self testing is controlled through a Kconfig option.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc-selftest.h | 26 +++
init/main.c | 2 +
lib/Kconfig | 15 ++
lib/Makefile | 1 +
lib/genalloc-selftest.c
arent area. This will avoid more expensive searches.
As example, the function find_vm_area is reimplemented, to take advantage
of the newly introduced field.
Signed-off-by: Igor Stoppa
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 18 +-
2 files changed, 14 insert
as needed, for example to support the
protection of data that is initialized in sufficiently distinct phases.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 3 +
include/linux/pmalloc.h | 242 +++
include/linux/vmalloc.h | 1 +
lib/genalloc.c | 27
Add basic self-test functionality for pmalloc.
Signed-off-by: Igor Stoppa
---
mm/Kconfig| 9
mm/Makefile | 1 +
mm/pmalloc-selftest.c | 64 +++
mm/pmalloc-selftest.h | 24 +++
mm/pmalloc.c
Detailed documentation about the protectable memory allocator.
Signed-off-by: Igor Stoppa
---
Documentation/core-api/index.rst | 1 +
Documentation/core-api/pmalloc.rst | 114 +
2 files changed, 115 insertions(+)
create mode 100644 Documentation/core-api
the headers after it has loaded)
- unloading SELinux from RedHat, if the system has booted, but no policy
has been loaded yet - this feature is going away, according to Casey.
Igor Stoppa (2):
Protectable memory support
Make LSM Writable Hooks a command line option
Tetsuo Handa (1):
LSM: Convert
From: Igor Stoppa
The MMU available in many systems running Linux can often provide R/O
protection to the memory pages it handles.
However, the MMU-based protection works efficiently only when said pages
contain exclusively data that will not need further modifications.
Statically allocated
From: Igor Stoppa
This patch shows how it is possible to take advantage of pmalloc:
instead of using the build-time option __lsm_ro_after_init, to decide if
it is possible to keep the hooks modifiable, now this becomes a
boot-time decision, based on the kernel command line.
This patch relies
eads becomes a local
variable. In order to pass 80 columns check by scripts/checkpatch.pl ,
rename security_hook_heads to hook_heads.
Signed-off-by: Tetsuo Handa
Rebased-by: Igor Stoppa
Cc: Kees Cook
Cc: Paul Moore
Cc: Stephen Smalley
Cc: Casey Schaufler
Cc: James Morris
Cc: Igor Stoppa
Cc:
, according to Casey.
Note:
The patch is larg-ish, but I was not sure what criteria to use for
splitting it.
If it helps the reviewing, please do let me know how I should split it
and I will comply.
Igor Stoppa (2):
Protectable memory support
Make LSM Writable Hooks a command line option
Tetsuo
From: Igor Stoppa
The MMU available in many systems running Linux can often provide R/O
protection to the memory pages it handles.
However, the MMU-based protection works efficiently only when said pages
contain exclusively data that will not need further modifications.
Statically allocated
eads becomes a local
variable. In order to pass 80 columns check by scripts/checkpatch.pl ,
rename security_hook_heads to hook_heads.
Signed-off-by: Tetsuo Handa
Rebased-by: Igor Stoppa
Cc: Kees Cook
Cc: Paul Moore
Cc: Stephen Smalley
Cc: Casey Schaufler
Cc: James Morris
Cc: Igor Stoppa
Cc:
From: Igor Stoppa
This patch shows how it is possible to take advantage of pmalloc:
instead of using the build-time option __lsm_ro_after_init, to decide if
it is possible to keep the hooks modifiable, now this becomes a
boot-time decision, based on the kernel command line.
This patch relies
Resending my reply, I mistakenly used the wrong mail account yesterday
and my reply didn't et to the ml.
On 27/06/17 20:51, Christoph Hellwig wrote:
> On Tue, Jun 27, 2017 at 08:33:23PM +0300, Igor Stoppa wrote:
[...]
>> The default value is disabled, unless SE Linux debugging
revised patch, whatever
comes easier.
Igor Stoppa (2):
Protectable memory support
Make LSM Writable Hooks a command line option
Tetsuo Handa (1):
LSM: Convert security_hook_heads into explicit array of struct
list_head
arch/Kconfig | 1 +
include/linux/lsm_hooks.
as needed, for example to support the
protection of data that is initialized in sufficiently distinct phases.
Signed-off-by: Igor Stoppa
---
arch/Kconfig| 1 +
include/linux/pmalloc.h | 127 +
lib/Kconfig | 1 +
mm/Makefile | 1 +
mm
eads becomes a local
variable. In order to pass 80 columns check by scripts/checkpatch.pl ,
rename security_hook_heads to hook_heads.
Signed-off-by: Tetsuo Handa
Rebased-by: Igor Stoppa
Cc: Kees Cook
Cc: Paul Moore
Cc: Stephen Smalley
Cc: Casey Schaufler
Cc: James Morris
Cc: Igor Stoppa
Cc:
nvert security_hook_heads into explicit array of struct list_head"
Author: Tetsuo Handa
to break free from the static constraint imposed by the previous
hardening model, based on __ro_after_init.
The default value is disabled, unless SE Linux debugging is turned on.
Signed-off-by: Igor Stoppa
On 07/07/17 21:48, Jerome Glisse wrote:
> I believe there is enough unuse field that for vmalloc pages that
> you should find one you can use. Just add some documentation in
> mm_types.h so people are aware of alternate use for the field you
> are using.
I ended up using page->private and the
On 11/07/17 14:12, Tetsuo Handa wrote:
> Igor Stoppa wrote:
>> - I had to rebase Tetsuo Handa's patch because it didn't apply cleanly
>> anymore, I would appreciate an ACK to that or a revised patch, whatever
>> comes easier.
>
> Since we are getting several prop
for
splitting it. If it helps the reviewing, please do let me know how I
should split it and I will comply.
- I had to rebase Tetsuo Handa's patch because it didn't apply cleanly
anymore, I would appreciate an ACK to that or a revised patch, whatever
comes easier.
Igor Stoppa (2):
Protectable
as needed, for example to support the
protection of data that is initialized in sufficiently distinct phases.
Signed-off-by: Igor Stoppa
---
arch/Kconfig | 1 +
include/linux/page-flags.h | 2 +
include/linux/pmalloc.h| 127 +++
include/trace/events
eads becomes a local
variable. In order to pass 80 columns check by scripts/checkpatch.pl ,
rename security_hook_heads to hook_heads.
Signed-off-by: Tetsuo Handa
Rebased-by: Igor Stoppa
Cc: Kees Cook
Cc: Paul Moore
Cc: Stephen Smalley
Cc: Casey Schaufler
Cc: James Morris
Cc: Igor Stoppa
Cc:
nvert security_hook_heads into explicit array of struct list_head"
Author: Tetsuo Handa
to break free from the static constraint imposed by the previous
hardening model, based on __ro_after_init.
The default value is disabled, unless SE Linux debugging is turned on.
Signed-off-by: Igor Stoppa
On 06/07/17 19:27, Jerome Glisse wrote:
> On Wed, Jul 05, 2017 at 04:46:26PM +0300, Igor Stoppa wrote:
[...]
>> diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h
>> index 6b5818d..acc0723 100644
>> --- a/include/linux/page-flags.h
>> +++ b
Some parameters are used in macros without being surrounded by parentheses.
Igor Stoppa (1):
Add paretheses to macro parameters. For trivial
include/linux/kernel.h | 8
1 file changed, 4 insertions(+), 4 deletions(-)
--
2.9.3
kernel.h: Some macros are not wrapping their parameters with parentheses.
Signed-off-by: Igor Stoppa
Cc: Tetsuo Handa
Cc: Guenter Roeck
Cc: Javi Merino
---
include/linux/kernel.h | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/linux/kernel.h b/include
On 30/11/17 04:28, Casey Schaufler wrote:
> On 11/26/2017 2:15 PM, Sargun Dhillon wrote:
>> This patchset introduces safe dynamic LSM support. It does this via
>> SRCU-protected security hooks. It also EXPORT_SYMBOL_GPLs the symbols
>> required to perform runtime loading, and unloading. The
ituation is going to get quite complicated very soon, if
you explicitly include certain HW devices in your model.
--
Cheers, Igor
Igor Stoppa <[EMAIL PROTECTED]>
(Nokia Multimedia - CP - OSSO / Helsinki, Finland)
--
To unsubscribe from this list: send the line "unsubscribe linux-ker
iew.
Igor Stoppa (6):
genalloc: track beginning of allocations
genalloc: selftest
struct page: add field for vm_struct
Protectable Memory
Documentation for Pmalloc
Pmalloc: self-test
Documentation/core-api/pmalloc.txt | 104
include/linux/genalloc-selftest.h | 30 +++
incl
being patched has a 1:1 mapping between allocation units and bits.
This means that, now, the bitmap can be extended (by following powers of
2), to track also other properties of the allocations, if ever needed.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc.h | 3 +-
lib/gen
.
The execution of the self testing is controlled through a Kconfig option.
Signed-off-by: Igor Stoppa
---
include/linux/genalloc-selftest.h | 30 +++
init/main.c | 2 +
lib/Kconfig | 15 ++
lib/Makefile | 1 +
lib/genalloc-selftest.c
arent area. This will avoid more expensive searches.
As example, the function find_vm_area is reimplemented, to take advantage
of the newly introduced field.
Signed-off-by: Igor Stoppa
---
include/linux/mm_types.h | 1 +
mm/vmalloc.c | 18 +-
2 files changed, 14 insert
501 - 600 of 850 matches
Mail list logo
