[PATCH v3 26/29] x86/mm: Remove redundant &s on addresses

The &s on addresses are redundant. Remove them to match all the other similar functions. Signed-off-by: Kees Cook --- arch/x86/mm/init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 26299e9ce6da..e67ddca8

[PATCH v3 29/29] x86: Use INT3 instead of NOP for linker fill bytes

810001ee: cc int3 810001ef: cc int3 810001f0 <__startup_64>: ... Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arc

[PATCH v3 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Also removes the redundant ALIGN, which is already present at the end of the RO_DATA macro. Signed-off-by: Kees Cook Acked-by: Will Deacon --- arch/arm64/kernel/vmlinux.lds.S | 7 --- 1 file changed, 4 insertions(+), 3

[PATCH v3 15/29] x86: Actually use _etext for end of text segment

Various calculations are using the end of the exception table (which does not need to be executable) as the end of the text segment. Instead, in preparation for moving the exception table into RO_DATA, move _etext after the exception table and update the calculations. Signed-off-by: Kees Cook

[PATCH v3 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

Many architectures have an EXCEPTION_TABLE that only needs to be readable. As such, it should live in RO_DATA. Create a macro to identify this case for the architectures that can move EXCEPTION_TABLE into RO_DATA. Signed-off-by: Kees Cook Acked-by: Will Deacon --- include/asm-generic

[PATCH v3 19/29] c6x: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/c6x/kernel/vmlinux.lds.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/c6x/kernel/vmlinux.lds.S b/arch/c6x/kernel/vmlinux.lds.S index a3547f9d415b..ac99ba0864bf

[PATCH v3 17/29] alpha: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index edc45f45523b..bc6f727278fd

[PATCH v3 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment

The exception table was needlessly marked executable. In preparation for execute-only memory, move the table into the RO_DATA segment via the new macro that can be used by any architectures that want to make a similar consolidation. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3

[PATCH v3 10/29] vmlinux.lds.h: Move NOTES into RO_DATA

The .notes section should be non-executable read-only data. As such, move it to the RO_DATA macro instead of being per-architecture defined. Signed-off-by: Kees Cook Acked-by: Heiko Carstens # s390 --- arch/alpha/kernel/vmlinux.lds.S | 2 -- arch/arc/kernel/vmlinux.lds.S| 2

[PATCH v3 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro

In preparation for moving NOTES into RO_DATA, make the Program Header assignment restoration be part of the NOTES macro itself. Signed-off-by: Kees Cook Acked-by: Heiko Carstens # s390 --- arch/alpha/kernel/vmlinux.lds.S | 5 + arch/ia64/kernel/vmlinux.lds.S| 4 +--- arch/mips

[PATCH v3 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes

In preparation for moving NOTES into RO_DATA, provide a mechanism for architectures that want to emit a PT_NOTE Program Header to do so. Signed-off-by: Kees Cook Acked-by: Heiko Carstens # s390 --- arch/alpha/kernel/vmlinux.lds.S | 3 +++ arch/ia64/kernel/vmlinux.lds.S| 2 ++ arch/mips

[PATCH v3 07/29] x86: Restore "text" Program Header with dummy section

t assignment use a dummy section (as done by other architectures). Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index e2feacf921a0..788e78978030 100644 --- a/a

[PATCH v3 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header

In preparation for moving NOTES into RO_DATA, move RO_DATA back into the "text" PT_LOAD Program Header, as done with other architectures. The "data" PT_LOAD now starts with the writable data section. Signed-off-by: Kees Cook Acked-by: Heiko Carstens --- arch/s390/kern

[PATCH v3 05/29] ia64: Rename PT_LOAD identifier "code" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "code" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 14 +++--- 1 file changed

[PATCH v3 02/29] powerpc: Remove PT_NOTE workaround

In preparation for moving NOTES into RO_DATA, remove the PT_NOTE workaround since the kernel requires at least gcc 4.6 now. Signed-off-by: Kees Cook Acked-by: Michael Ellerman --- arch/powerpc/kernel/vmlinux.lds.S | 24 ++-- 1 file changed, 2 insertions(+), 22 deletions

[PATCH v3 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook Acked-by: Michael Ellerman --- arch/powerpc/kernel/vmlinux.lds.S | 12

[PATCH v3 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

on architectures where this is clear - clean up some x86-specific reporting of kernel memory resources - switch x86 linker fill byte from x90 (NOP) to 0xcc (INT3), just because I finally realized what that trailing ": 0x9090" meant -- and we should trap, not slide, if execution lands i

[PATCH v3 04/29] alpha: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 8 1 file changed, 4 insert

[PATCH v3 01/29] powerpc: Rename "notes" PT_NOTE to "note"

n it, this is just an internal identifier. It matches the ELF "PT_NOTE", and is 4 characters (like "text", and "data") for pretty alignment. The more exposed macro, "NOTES", use the more sensible plural wording. Signed-off-by: Kees Cook Acked-by: Michael Ellerm

Re: [PATCH RFC v1 02/12] mm/usercopy.c: Prepare check_page_span() for PG_reserved changes

7;t change. Once we no > > longer set these pages to reserved, we can rework this function to > > perform separate checks for ZONE_DEVICE (split from PG_reserved checks). > > > > Cc: Kees Cook > > Cc: Andrew Morton > > Cc: Kate Stewart > > Cc: Allison

Re: [PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

, I'm fine with that. I would prefer to do it as a separate step, just to minimize the logical steps each patch takes. Shall I spin a v3 with the Acks added and a final rename for this? -- Kees Cook

Re: [PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

On Fri, Oct 11, 2019 at 03:25:19AM -0500, Segher Boessenkool wrote: > On Thu, Oct 10, 2019 at 05:05:41PM -0700, Kees Cook wrote: > > The Program Header identifiers are internal to the linker scripts. In > > preparation for moving the NOTES segment declaration into RO_DATA, >

Re: [PATCH v2 02/29] powerpc: Remove PT_NOTE workaround

On Fri, Oct 11, 2019 at 05:07:04PM +1100, Michael Ellerman wrote: > Kees Cook writes: > > In preparation for moving NOTES into RO_DATA, remove the PT_NOTE > > workaround since the kernel requires at least gcc 4.6 now. > > > > Signed-off-by: Kees Cook >

[PATCH v2 26/29] x86/mm: Remove redundant &s on addresses

The &s on addresses are redundant. Remove them to match all the other similar functions. Signed-off-by: Kees Cook --- arch/x86/mm/init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 26299e9ce6da..e67ddca8

[PATCH v2 24/29] powerpc: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 4e7cec088c8b

[PATCH v2 27/29] x86/mm: Report which part of kernel image is freed

(text/rodata gap) memory: 2040K [2.336927] Freeing unused kernel image (rodata/data gap) memory: 172K Signed-off-by: Kees Cook --- arch/x86/include/asm/processor.h | 2 +- arch/x86/mm/init.c | 8 arch/x86/mm/init_64.c| 6 -- 3 files changed, 9 insertions(

[PATCH v2 29/29] x86: Use INT3 instead of NOP for linker fill bytes

810001ee: cc int3 810001ef: cc int3 810001f0 <__startup_64>: ... Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arc

[PATCH v2 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Also removes the redundant ALIGN, which is already present at the end of the RO_DATA macro. Signed-off-by: Kees Cook Acked-by: Will Deacon --- arch/arm64/kernel/vmlinux.lds.S | 7 --- 1 file changed, 4 insertions(+), 3

[PATCH v2 19/29] c6x: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/c6x/kernel/vmlinux.lds.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/c6x/kernel/vmlinux.lds.S b/arch/c6x/kernel/vmlinux.lds.S index a3547f9d415b..ac99ba0864bf

[PATCH v2 21/29] ia64: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 11d5115bc44d..1ec6b703c5b4

[PATCH v2 22/29] microblaze: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/microblaze/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index

[PATCH v2 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

Many architectures have an EXCEPTION_TABLE that only needs to be readable. As such, it should live in RO_DATA. Create a macro to identify this case for the architectures that can move EXCEPTION_TABLE into RO_DATA. Signed-off-by: Kees Cook Acked-by: Will Deacon --- include/asm-generic

[PATCH v2 23/29] parisc: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/parisc/kernel/vmlinux.lds.S | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S index 12b3d7d5e9e4

[PATCH v2 25/29] xtensa: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/xtensa/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index bdbd7c4056c1

[PATCH v2 17/29] alpha: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index edc45f45523b..bc6f727278fd

[PATCH v2 28/29] x86/mm: Report actual image regions in /proc/iomem

rnel data 02a95000-035f : Kernel bss Signed-off-by: Kees Cook --- arch/x86/kernel/setup.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 77ea96b794bd..591e885a852e 100644 --- a/arch/x86/kernel/setup.c +

[PATCH v2 20/29] h8300: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/h8300/kernel/vmlinux.lds.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index 2ac7bdcd2fe0

[PATCH v2 15/29] x86: Actually use _etext for end of text segment

Various calculations are using the end of the exception table (which does not need to be executable) as the end of the text segment. Instead, in preparation for moving the exception table into RO_DATA, move _etext after the exception table and update the calculations. Signed-off-by: Kees Cook

[PATCH v2 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment

The exception table was needlessly marked executable. In preparation for execute-only memory, move the table into the RO_DATA segment via the new macro that can be used by any architectures that want to make a similar consolidation. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3

[PATCH v2 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA

Rename RW_DATA_SECTION to RW_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/arc/kernel/vmlinux.lds.S| 2 +- arch/arm

[PATCH v2 10/29] vmlinux.lds.h: Move NOTES into RO_DATA

The .notes section should be non-executable read-only data. As such, move it to the RO_DATA macro instead of being per-architecture defined. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 -- arch/arc/kernel/vmlinux.lds.S| 2 -- arch/arm/kernel/vmlinux-xip.lds.S

[PATCH v2 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA

Finish renaming RO_DATA_SECTION to RO_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/arc/kernel/vmlinux.lds.S | 2 +- arch/c6x/kernel/vmlinux.lds.S | 2 +- a

[PATCH v2 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro

In preparation for moving NOTES into RO_DATA, make the Program Header assignment restoration be part of the NOTES macro itself. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 5 + arch/ia64/kernel/vmlinux.lds.S| 4 +--- arch/mips/kernel/vmlinux.lds.S| 3

[PATCH v2 11/29] vmlinux.lds.h: Replace RODATA with RO_DATA

There's no reason to keep the RODATA macro: replace the callers with the expected RO_DATA macro. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/ia64/kernel/vmlinux.lds.S | 2 +- arch/microblaze/kernel/vmlinux.lds.S | 2 +- arch/mips/kernel/vmlinux.

[PATCH v2 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes

In preparation for moving NOTES into RO_DATA, provide a mechanism for architectures that want to emit a PT_NOTE Program Header to do so. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 3 +++ arch/ia64/kernel/vmlinux.lds.S| 2 ++ arch/mips/kernel/vmlinux.lds.S| 12

[PATCH v2 07/29] x86: Restore "text" Program Header with dummy section

t assignment use a dummy section (as done by other architectures). Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index e2feacf921a0..788e78978030 100644 --- a/a

[PATCH v2 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header

In preparation for moving NOTES into RO_DATA, move RO_DATA back into the "text" PT_LOAD Program Header, as done with other architectures. The "data" PT_LOAD now starts with the writable data section. Signed-off-by: Kees Cook --- arch/s390/kernel/vmlinux.lds.S | 4 ++-

[PATCH v2 05/29] ia64: Rename PT_LOAD identifier "code" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "code" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 14 +++--- 1 file changed

[PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

The Program Header identifiers are internal to the linker scripts. In preparation for moving the NOTES segment declaration into RO_DATA, standardize the identifier for the PT_NOTE entry to "note" as used by all other architectures that emit PT_NOTE. Signed-off-by: Kees Cook --- ar

[PATCH v2 04/29] alpha: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 8 1 file changed, 4 insert

[PATCH v2 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 12 ++-- 1 file changed

[PATCH v2 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

is clear - clean up some x86-specific reporting of kernel memory resources - switch x86 linker fill byte from x90 (NOP) to 0xcc (INT3), just because I finally realized what that trailing ": 0x9090" meant -- and we should trap, not slide, if execution lands in section padding Thanks

[PATCH v2 02/29] powerpc: Remove PT_NOTE workaround

In preparation for moving NOTES into RO_DATA, remove the PT_NOTE workaround since the kernel requires at least gcc 4.6 now. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 24 ++-- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/arch/powerpc

Re: [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

On Thu, Oct 10, 2019 at 08:03:31PM +0200, Borislav Petkov wrote: > On Thu, Sep 26, 2019 at 10:55:33AM -0700, Kees Cook wrote: > > This series works to move the linker sections for NOTES and > > EXCEPTION_TABLE into the RO_DATA area, where they belong on most > > (all?) archi

Re: [PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

On Thu, Oct 10, 2019 at 05:25:16PM +0200, Borislav Petkov wrote: > On Thu, Sep 26, 2019 at 10:55:47AM -0700, Kees Cook wrote: > > Many architectures have an EXCEPTION_TABLE that needs only to be > > read-only. As such, it should live in RO_DATA. This creates a macro to > > i

Re: [PATCH 07/29] x86: Restore "text" Program Header with dummy section

On Thu, Oct 10, 2019 at 12:33:05PM +0200, Borislav Petkov wrote: > On Thu, Sep 26, 2019 at 10:55:40AM -0700, Kees Cook wrote: > > Instead of depending on markings in the section following NOTES to > > restore the associated Program Header, use a dummy section, as done > > i

Re: [PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

On Tue, Oct 01, 2019 at 10:03:56AM +0100, Will Deacon wrote: > Hi Kees, > > On Thu, Sep 26, 2019 at 10:55:51AM -0700, Kees Cook wrote: > > The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. > > > > Signed-off-by: Kees Cook > > --- > &g

[PATCH 15/29] x86: Actually use _etext for end of text segment

Various calculations are using the end of the exception table (which does not need to be executable) as the end of the text segment. Instead, in preparation for moving the exception table into RO_DATA, move _etext after the exception table and update the calculations. Signed-off-by: Kees Cook

[PATCH 21/29] ia64: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 0d86fc8e88d5..18a732597112 100644

[PATCH 11/29] vmlinux.lds.h: Replace RODATA with RO_DATA

There's no reason to keep the RODATA macro: just replace the callers with the expected RO_DATA macro. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/ia64/kernel/vmlinux.lds.S | 2 +- arch/microblaze/kernel/vmlinux.lds.S | 2 +- arch/mips/k

[PATCH 23/29] parisc: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/parisc/kernel/vmlinux.lds.S | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S index 12b3d7d5e9e4

[PATCH 22/29] microblaze: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/microblaze/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index b8efb08204a1

[PATCH 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment

The exception table was needlessly marked executable. In preparation for execute-only memory, this moves the table into the RO_DATA segment via a new macro that can be used by any architectures that want to make a similar consolidation. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S

[PATCH 26/29] x86/mm: Remove redundant &s on addresses

The &s on addresses are redundant and are better removed to match all the other similar functions. Signed-off-by: Kees Cook --- arch/x86/mm/init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 26299e9c

[PATCH 28/29] x86/mm: Report actual image regions in /proc/iomem

0-035f : Kernel bss Signed-off-by: Kees Cook --- arch/x86/kernel/setup.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index bbe35bf879f5..0bc71ee3a9c3 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kern

[PATCH 27/29] x86/mm: Report which part of kernel image is freed

(text/rodata gap) memory: 2040K [2.336927] Freeing unused kernel image (rodata/data gap) memory: 172K Signed-off-by: Kees Cook --- arch/x86/include/asm/processor.h | 2 +- arch/x86/mm/init.c | 8 arch/x86/mm/init_64.c| 6 -- 3 files changed, 9 insertions(

[PATCH 24/29] powerpc: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 4e7cec088c8b

[PATCH 20/29] h8300: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/h8300/kernel/vmlinux.lds.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index 2ac7bdcd2fe0..aba90398b774

[PATCH 25/29] xtensa: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/xtensa/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index bdbd7c4056c1..7341964722ae

[PATCH 29/29] x86: Use INT3 instead of NOP for linker fill bytes

810001ee: cc int3 810001ef: cc int3 810001f0 <__startup_64>: ... Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arc

[PATCH 17/29] alpha: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index edc45f45523b..72303827bcb4

[PATCH 19/29] c6x: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/c6x/kernel/vmlinux.lds.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/c6x/kernel/vmlinux.lds.S b/arch/c6x/kernel/vmlinux.lds.S index a3547f9d415b..9a09aab63ab3

[PATCH 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA

This renames RW_DATA_SECTION to RW_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/arc/kernel/vmlinux.lds.S| 2 +-

[PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/arm64/kernel/vmlinux.lds.S | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 81d94e371c95

[PATCH 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA

This finishes renaming RO_DATA_SECTION to RO_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/arc/kernel/vmlinux.lds.S | 2 +- arch/c6x/kernel/vmlinux.lds.S |

[PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

Many architectures have an EXCEPTION_TABLE that needs only to be read-only. As such, it should live in RO_DATA. This creates a macro to identify this case for the architectures that can move EXCEPTION_TABLE into RO_DATA. Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 12

[PATCH 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes

In preparation for moving NOTES into RO_DATA, this provides a mechanism for architectures that want to emit a PT_NOTE Program Header to do so. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 3 +++ arch/ia64/kernel/vmlinux.lds.S| 2 ++ arch/mips/kernel/vmlinux.lds.S

[PATCH 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro

In preparation for moving NOTES into RO_DATA, the Program Header assignment restoration needs to be part of the NOTES macro itself. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 5 + arch/ia64/kernel/vmlinux.lds.S| 4 +--- arch/mips/kernel/vmlinux.lds.S| 3

[PATCH 05/29] ia64: Rename PT_LOAD identifier "code" to "text"

In preparation for moving NOTES into RO_DATA, this renames the linker script internal identifier for the PT_LOAD Program Header from "code" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 14 +++--- 1 file changed

[PATCH 07/29] x86: Restore "text" Program Header with dummy section

Instead of depending on markings in the section following NOTES to restore the associated Program Header, use a dummy section, as done in other architectures. This is preparation for moving NOTES into the RO_DATA macro. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3 ++- 1 file

[PATCH 01/29] powerpc: Rename "notes" PT_NOTE to "note"

The Program Header identifiers are internal to the linker scripts. In preparation for moving the NOTES segment declaration into RO_DATA, standardize the identifier for the PT_NOTE entry to "note" as used by all other architectures that emit PT_NOTE. Signed-off-by: Kees Cook --- ar

[PATCH 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header

In preparation for moving NOTES into RO_DATA, this moves RO_DATA back into the "text" PT_LOAD Program Header, as done with other architectures. The "data" PT_LOAD now starts with the writable data section. Signed-off-by: Kees Cook --- arch/s390/kernel/vmlinux.lds.S | 4 ++-

[PATCH 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, this renames the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 12 ++-- 1 file c

[PATCH 10/29] vmlinux.lds.h: Move NOTES into RO_DATA

The .notes section should be non-executable read-only data. As such, it can live in the RO_DATA macro instead of being per-architecture defined. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 -- arch/arc/kernel/vmlinux.lds.S| 2 -- arch/arm/kernel/vmlinux

[PATCH 04/29] alpha: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, this renames the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 8 1 file changed

[PATCH 02/29] powerpc: Remove PT_NOTE workaround

The kernel requires gcc 4.6 now, so this PT_NOTE workaround can be removed in preparation for moving NOTES into RO_DATA. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 24 ++-- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/arch/powerpc

[PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

changes are treewide, I'd love to get architecture-maintainer Acks and either have this live in x86 -tip or in my own tree, however people think it should go. Thanks! -Kees Kees Cook (29): powerpc: Rename "notes" PT_NOTE to "note" powerpc: Remove PT_NOTE workaround

Clean up cut-here even harder (was Re: [PATCH 1/3] powerpc: don't use __WARN() for WARN_ON())

On Mon, Aug 19, 2019 at 09:28:03AM -0700, Kees Cook wrote: > On Mon, Aug 19, 2019 at 01:06:28PM +, Christophe Leroy wrote: > > __WARN() used to just call __WARN_TAINT(TAINT_WARN) > > > > But a call to printk() has been added in the commit identified below > >

Re: [PATCH 1/3] powerpc: don't use __WARN() for WARN_ON()

__WARN_TAINT(TAINT_WARN); \ > } else { \ > __asm__ __volatile__( \ > "1: "PPC_TLNEI" %4,0\n" \ > -- > 2.13.3 > -- Kees Cook

Re: [PATCH] drivers/macintosh/smu.c: Mark expected switch fall-through

case SMU_I2C_TRANSFER_STDSUB: > > ^~~~ > > > > Cc: Benjamin Herrenschmidt > > Cc: Gustavo A. R. Silva > > Cc: Kees Cook > > Signed-off-by: Stephen Rothwell > > --- > > drivers/macintosh/smu.c | 1 + > > 1 file changed, 1 insertion(+) &g

Re: [PATCH] scsi: ibmvfc: Mark expected switch fall-throughs

> (bsg_request->rqst_data.h_ct.port_id[1] << 8) | > ~~~ > bsg_request->rqst_data.h_ct.port_id[2]; > ~~ > drivers/scsi/ibmvscsi/ibmvfc.c:1841:2: note: here > case FC_BSG

Re: [RFC PATCH 00/10] implement KASLR for powerpc/fsl_booke/32

> Yes, if this feature can be accepted, I will start to work with powerpc64 > KASLR and other things like CONFIG_RANDOMIZE_MEMORY. Awesome. :) -- Kees Cook

Re: [RFC PATCH 00/10] implement KASLR for powerpc/fsl_booke/32

y() helper > >powerpc/fsl_booke/32: implement KASLR infrastructure > >powerpc/fsl_booke/32: randomize the kernel image offset > >powerpc/fsl_booke/kaslr: clear the original kernel if randomized > >powerpc/fsl_booke/kaslr: support nokaslr cmdline parameter > >powerpc/fsl_booke/kaslr: dump out kernel offset information on panic Is there anything planned for other fixed-location things, like x86's CONFIG_RANDOMIZE_MEMORY? -- Kees Cook

Re: [PATCH 0/7] Kernel Userspace Protection for radix

On Thu, Feb 21, 2019 at 4:09 PM Russell Currey wrote: > On Thu, 2019-02-21 at 08:07 -0800, Kees Cook wrote: > > On Thu, Feb 21, 2019 at 1:36 AM Russell Currey > > wrote: > > > The first three patches of these series are from Christophe's work > > > and are &

Re: [PATCH 0/7] Kernel Userspace Protection for radix

tanding correctly that with this series powerpc9 and later, using radix, will pass the lkdtm tests for KUAP and KUEP (i.e. EXEC_USERSPACE and ACCESS_USERSPACE)? -- Kees Cook

Re: [PATCH] lkdtm: Add a tests for NULL pointer dereference

On Wed, Jan 9, 2019 at 7:16 AM Kees Cook wrote: > > On Tue, Jan 8, 2019 at 10:31 PM Christophe Leroy > wrote: > > > > > > > > Le 09/01/2019 à 02:14, Kees Cook a écrit : > > > On Fri, Dec 14, 2018 at 7:26 AM Christophe Leroy > > > wrote: &

Re: [PATCH] lkdtm: Add a tests for NULL pointer dereference

On Tue, Jan 8, 2019 at 10:31 PM Christophe Leroy wrote: > > > > Le 09/01/2019 à 02:14, Kees Cook a écrit : > > On Fri, Dec 14, 2018 at 7:26 AM Christophe Leroy > > wrote: > >> > >> Introduce lkdtm tests for NULL pointer dereference: check > >>

Re: [PATCH] lkdtm: Add a tests for NULL pointer dereference

CCESS_NULL(void) > +{ > + unsigned long tmp; > + unsigned long *ptr = (unsigned long *)NULL; > + > + pr_info("attempting bad read at %px\n", ptr); > + tmp = *ptr; > + tmp += 0xc0dec0de; > + > + pr_info("attempting bad write at %px\n", ptr); > + *ptr = tmp; > +} > + > void __init lkdtm_perms_init(void) > { > /* Make sure we can write to __ro_after_init values during __init */ > -- > 2.13.3 > -- Kees Cook

Re: [PATCH v2 1/2] mm: add probe_user_read()

size_t size) > >> +{ > >> +long ret; > >> + > >> +if (!access_ok(src, size)) > >> +return -EFAULT; > >> + > >> +pagefault_disable(); > >> +ret = __copy_from_user_inatomic(dst, src, size); > >> +pagefault_enable(); > >> + > >> +return ret ? -EFAULT : 0; > >> +} > >> +#endif > > > > Why was the __always_inline needed? > > > > This function is pretty large. Why is it inlined? > > > > Kees told to do that way, see https://patchwork.ozlabs.org/patch/986848/ Yeah, I'd like to make sure we can plumb the size checks down into the user copy primitives. -- Kees Cook

Re: [PATCH] lib: fix build failure in CONFIG_DEBUG_VIRTUAL test

ug_virtual.c:26:7: error: implicit declaration of function > 'virt_to_phys' [-Werror=implicit-function-declaration] > pa = virt_to_phys(va); >^ > > Fixes: e4dace361552 ("lib: add test module for CONFIG_DEBUG_VIRTUAL") > CC: sta...@vger.kernel.org > Sig

<    1   2   3   4   5   6   7   8   >