Support strict kernel memory permissions for security
From: | Zong Li <zong.li-AT-sifive.com> | |
To: | paul.walmsley-AT-sifive.com, palmer-AT-dabbelt.com, aou-AT-eecs.berkeley.edu, linux-riscv-AT-lists.infradead.org, linux-kernel-AT-vger.kernel.org | |
Subject: | [PATCH 0/8] Support strict kernel memory permissions for security | |
Date: | Mon, 17 Feb 2020 16:32:15 +0800 | |
Message-ID: | <20200217083223.2011-1-zong.li@sifive.com> | |
Cc: | Zong Li <zong.li-AT-sifive.com> | |
Archive-link: | Article |
The main purpose of this patch series is changing the kernel mapping permission , make sure that code is not writeable, data is not executable, and read-only data is neither writable nor executable. This patch series also supports the relevant implementations such as ARCH_HAS_SET_MEMORY, ARCH_HAS_SET_DIRECT_MAP, ARCH_SUPPORTS_DEBUG_PAGEALLOC and DEBUG_WX. Zong Li (8): riscv: add ARCH_HAS_SET_MEMORY support riscv: add ARCH_HAS_SET_DIRECT_MAP support riscv: add ARCH_SUPPORTS_DEBUG_PAGEALLOC support riscv: move exception table immediately after RO_DATA riscv: add alignment for text, rodata and data sections riscv: add STRICT_KERNEL_RWX support riscv: add DEBUG_WX support riscv: add two hook functions of ftrace arch/riscv/Kconfig | 6 + arch/riscv/Kconfig.debug | 30 +++++ arch/riscv/include/asm/ptdump.h | 6 + arch/riscv/include/asm/set_memory.h | 41 ++++++ arch/riscv/kernel/ftrace.c | 18 +++ arch/riscv/kernel/vmlinux.lds.S | 12 +- arch/riscv/mm/Makefile | 1 + arch/riscv/mm/init.c | 47 +++++++ arch/riscv/mm/pageattr.c | 187 ++++++++++++++++++++++++++++ 9 files changed, 344 insertions(+), 4 deletions(-) create mode 100644 arch/riscv/include/asm/set_memory.h create mode 100644 arch/riscv/mm/pageattr.c -- 2.25.0