[PATCH v10 06/10] powerpc/mm/ptdump: debugfs handler for W+X checks at runtime
Michael Ellerman
mpe at ellerman.id.au
Wed Mar 31 22:24:40 AEDT 2021
Jordan Niethe <jniethe5 at gmail.com> writes:
> From: Russell Currey <ruscur at russell.cc>
>
> Optionally run W+X checks when dumping pagetable information to
> debugfs' kernel_page_tables.
>
> To use:
> $ echo 1 > /sys/kernel/debug/check_wx_pages
> $ cat /sys/kernel/debug/kernel_page_tables
>
> and check the kernel log. Useful for testing strict module RWX.
>
> To disable W+X checks:
> $ echo 0 > /sys/kernel/debug/check_wx_pages
>
> Update the Kconfig entry to reflect this.
>
> Also fix a typo.
>
> Reviewed-by: Kees Cook <keescook at chromium.org>
> Signed-off-by: Russell Currey <ruscur at russell.cc>
> [jpn: Change check_wx_pages to act as mode bit affecting
> kernel_page_tables instead of triggering action on its own]
> Signed-off-by: Jordan Niethe <jniethe5 at gmail.com>
> ---
> v10: check_wx_pages now affects kernel_page_tables rather then triggers
> its own action.
Hmm. I liked the old version better :)
I think you changed it based on Christophe's comment:
Why not just perform the test everytime someone dumps kernel_page_tables ?
But I think he meant *always* do the check when someone dumps
kernel_page_tables, not have another file to enable checking and then
require someone to dump kernel_page_tables to do the actual check.
Still I like the previous version where you can do the checks
separately, without having to dump the page tables, because dumping can
sometimes take quite a while.
What would be even better is if ptdump_check_wx() returned an error when
wx pages were found, and that was plumbed out to the debugs file. That
way you can script around it.
cheers
More information about the Linuxppc-dev
mailing list