|
|
Subscribe / Log in / New account

Support strict kernel memory permissions for security

From:  Zong Li <zong.li-AT-sifive.com>
To:  paul.walmsley-AT-sifive.com, palmer-AT-dabbelt.com, aou-AT-eecs.berkeley.edu, linux-riscv-AT-lists.infradead.org, linux-kernel-AT-vger.kernel.org
Subject:  [PATCH 0/8] Support strict kernel memory permissions for security
Date:  Mon, 17 Feb 2020 16:32:15 +0800
Message-ID:  <20200217083223.2011-1-zong.li@sifive.com>
Cc:  Zong Li <zong.li-AT-sifive.com>
Archive-link:  Article

The main purpose of this patch series is changing the kernel mapping permission
, make sure that code is not writeable, data is not executable, and read-only
data is neither writable nor executable.

This patch series also supports the relevant implementations such as
ARCH_HAS_SET_MEMORY, ARCH_HAS_SET_DIRECT_MAP,
ARCH_SUPPORTS_DEBUG_PAGEALLOC and DEBUG_WX.

Zong Li (8):
  riscv: add ARCH_HAS_SET_MEMORY support
  riscv: add ARCH_HAS_SET_DIRECT_MAP support
  riscv: add ARCH_SUPPORTS_DEBUG_PAGEALLOC support
  riscv: move exception table immediately after RO_DATA
  riscv: add alignment for text, rodata and data sections
  riscv: add STRICT_KERNEL_RWX support
  riscv: add DEBUG_WX support
  riscv: add two hook functions of ftrace

 arch/riscv/Kconfig                  |   6 +
 arch/riscv/Kconfig.debug            |  30 +++++
 arch/riscv/include/asm/ptdump.h     |   6 +
 arch/riscv/include/asm/set_memory.h |  41 ++++++
 arch/riscv/kernel/ftrace.c          |  18 +++
 arch/riscv/kernel/vmlinux.lds.S     |  12 +-
 arch/riscv/mm/Makefile              |   1 +
 arch/riscv/mm/init.c                |  47 +++++++
 arch/riscv/mm/pageattr.c            | 187 ++++++++++++++++++++++++++++
 9 files changed, 344 insertions(+), 4 deletions(-)
 create mode 100644 arch/riscv/include/asm/set_memory.h
 create mode 100644 arch/riscv/mm/pageattr.c

-- 
2.25.0



Copyright © 2020, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds