v4.4, v4.14: Increase usage of ro_after_init(chromeos kernels and upstream) |
|
Issue descriptionUpstream kernels have had patches that mark certain data structures in the kernel as RO after initialization as they are not subsequently written to. These patches are currently present in v4.14 and v4.4. This is a useful mitigation to have as some of these data structures are popular targets for overwrite. An example is ptmx_fops. On x86_64(astronaut) with DEBUG_RODATA, X86_PTDUMP, X86_PTDUMP_CORE turned on :- # dmesg | grep ptmx_fops [...] without rodata: ptmx_fops=ffffffffb6903a48 # cat /sys/kernel/debug/kernel_page_tables | grep ffffffffb6 ... ffffffffb6600000-ffffffffb6a00000 4M RW NX pte ... After marking ptmx_fops as __ro_after_init :- # dmesg | grep ptmx_fops [...] with rodata: ptmx_fops=ffffffff9e475000 # cat /sys/kernel/debug/kernel_page_tables | grep ... ffffffff9e200000-ffffffff9e600000 4M ro PSE NX pmd ... It would be useful to increase the area marked as RO within the kernel. For data structures that are already marked ro_after_init upstream, pull those patches into our kernels. For data structures that can be marked but have not submit upstream patches.
,
Jul 12
Initial patchset here: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/1135962 Tryjobs below. coral-pre-cq http://cros-goldeneye/chromeos/healthmonitoring/buildDetails?buildbucketId=8941163693556480016 bob-pre-cq http://cros-goldeneye/chromeos/healthmonitoring/buildDetails?buildbucketId=8941163689359431152 kevin-pre-cq http://cros-goldeneye/chromeos/healthmonitoring/buildDetails?buildbucketId=8941163684968670960 coral-paladin-tryjob http://cros-goldeneye/chromeos/healthmonitoring/buildDetails?buildbucketId=8941163680015583056 bob-paladin-tryjob http://cros-goldeneye/chromeos/healthmonitoring/buildDetails?buildbucketId=8941163675650926944 kevin-paladin-tryjob http://cros-goldeneye/chromeos/healthmonitoring/buildDetails?buildbucketId=8941163670954744608
,
Jul 17
coral-paladin and bob-paladin seem to be failing due to TestLabFailure across multiple runs. Other tryjobs seems to pass. Moving the patches into CQ.
,
Nov 5
Patches merged upstream:
5248ee856030 ("tracefs: Annotate tracefs_ops with __ro_after_init")
2766d2ee960c ("perf/x86: Add __ro_after_init annotations")
49e73246cbe6 ("perf/x86/intel/pt: Annotate 'pt_cap_group' with __ro_after_init")
,
Dec 7
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/dev-util/+/fa3f2003873f7151e6f243bf2b0342a9d0d9091b commit fa3f2003873f7151e6f243bf2b0342a9d0d9091b Author: Zubin Mithra <zsm@chromium.org> Date: Fri Dec 07 06:06:24 2018 roafteriniter: Add files from ${LINUX}/scripts/gcc-plugins gcc-common.h and gcc-generate-gimple-pass.h contain some convinience functions that are useful when writing GCC plugins. These files allow for writing the plugins in C, even though the GCC API changed to use C++ after GCC 4.9. BUG=chromium:860068 TEST=None Change-Id: I360204a6cdfff073dd5cbd36c2809acd19389a83 Reviewed-on: https://chromium-review.googlesource.com/1244401 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Commit-Ready: Zubin Mithra <zsm@chromium.org> Tested-by: Zubin Mithra <zsm@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> [add] https://crrev.com/fa3f2003873f7151e6f243bf2b0342a9d0d9091b/contrib/roafteriniter/gcc-generate-gimple-pass.h [add] https://crrev.com/fa3f2003873f7151e6f243bf2b0342a9d0d9091b/contrib/roafteriniter/gcc-common.h
,
Dec 7
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/dev-util/+/511d505494568c977c16118b89b3a2a48a4cbce4 commit 511d505494568c977c16118b89b3a2a48a4cbce4 Author: Zubin Mithra <zsm@chromium.org> Date: Fri Dec 07 06:06:24 2018 roafteriniter: Add a cache implementation This commit adds in an implementation of file backed memory sharing across processes. This allows for the kernel to be built with -j<NRPROCS>, where each process loads in an instance of the plugin, and these plugins are able to have a shared cache. The following files are added in: - cache.h: Cache implementation - cache_test.cc: Unit tests - cachereader.c: Utility to read a cache BUG=chromium:860068 TEST=cache_test.cc Change-Id: I50b9cbedcca3c6921d75829040e5d9af30ac4ec7 Reviewed-on: https://chromium-review.googlesource.com/1244402 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Commit-Ready: Zubin Mithra <zsm@chromium.org> Tested-by: Zubin Mithra <zsm@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> [add] https://crrev.com/511d505494568c977c16118b89b3a2a48a4cbce4/contrib/roafteriniter/cachereader.c [add] https://crrev.com/511d505494568c977c16118b89b3a2a48a4cbce4/contrib/roafteriniter/cache_test.cc [add] https://crrev.com/511d505494568c977c16118b89b3a2a48a4cbce4/contrib/roafteriniter/cache.h
,
Dec 7
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/dev-util/+/785826cdb8e9654973c278af398839025257c430 commit 785826cdb8e9654973c278af398839025257c430 Author: Zubin Mithra <zsm@chromium.org> Date: Fri Dec 07 06:06:24 2018 roafteriniter: Add in the roafteriniter implementation This commit adds in the roafteriniter plugin. Usage instructions can be found in README.md. BUG=chromium:860068 TEST=make test, make arm64_test, make ctest, make kern(4.14.y), make kern(upstream) Change-Id: If8d107f2820d656262831cf9f5b135118a02e260 Reviewed-on: https://chromium-review.googlesource.com/1244403 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Commit-Ready: Zubin Mithra <zsm@chromium.org> Tested-by: Zubin Mithra <zsm@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> [add] https://crrev.com/785826cdb8e9654973c278af398839025257c430/contrib/roafteriniter/known_bugs [add] https://crrev.com/785826cdb8e9654973c278af398839025257c430/contrib/roafteriniter/Makefile [add] https://crrev.com/785826cdb8e9654973c278af398839025257c430/contrib/roafteriniter/tests/test.c [add] https://crrev.com/785826cdb8e9654973c278af398839025257c430/contrib/roafteriniter/postprocess.py [add] https://crrev.com/785826cdb8e9654973c278af398839025257c430/contrib/roafteriniter/README.md [add] https://crrev.com/785826cdb8e9654973c278af398839025257c430/contrib/roafteriniter/roafteriniter.c [add] https://crrev.com/785826cdb8e9654973c278af398839025257c430/contrib/roafteriniter/tests/test.h |
|
►
Sign in to add a comment |
|
Comment 1 by zsm@chromium.org
, Jul 3