[RFC PATCH v16 0/6] mm: security: ro protection for dynamic data
igor.stoppa at huawei.com
Tue Feb 20 18:03:49 UTC 2018
On 20/02/18 03:21, Dave Chinner wrote:
> On Mon, Feb 12, 2018 at 03:32:36PM -0800, Kees Cook wrote:
>> On Mon, Feb 12, 2018 at 8:52 AM, Igor Stoppa <igor.stoppa at huawei.com> wrote:
>>> This patch-set introduces the possibility of protecting memory that has
>>> been allocated dynamically.
>>> The memory is managed in pools: when a memory pool is turned into R/O,
>>> all the memory that is part of it, will become R/O.
>>> A R/O pool can be destroyed, to recover its memory, but it cannot be
>>> turned back into R/W mode.
>>> This is intentional. This feature is meant for data that doesn't need
>>> further modifications after initialization.
>> This series came up in discussions with Dave Chinner (and Matthew
>> Wilcox, already part of the discussion, and others) at LCA. I wonder
>> if XFS would make a good initial user of this, as it could allocate
>> all the function pointers and other const information about a
>> superblock in pmalloc(), keeping it separate from the R/W portions?
>> Could other filesystems do similar things?
> I wasn't cc'd on this patchset, (please use david at fromorbit.com for
> future postings)
Apologies, somehow I didn't realize that I should have put you too in
CC. It will be fixed at the next iteration.
> so I can't really say anything about it right
> now. My interest for XFS was that we have a fair amount of static
> data in XFS that we set up at mount time and it never gets modified
> after that.
This is the typical use case I had in mind, although it requires a
static int a;
a = 4;
static int *a __ro_after_init;
struct gen_pool *pool;
pool = pmalloc_create_pool("pool", 0);
a = (int *)pmalloc(pool, sizeof(int), GFP_KERNEL);
*a = 4;
> I'm not so worried about VFS level objects (that's a
> much more complex issue) but there is a lot of low hanging fruit in
> the XFS structures we could convert to write-once structures.
I'd be interested to have your review of the pmalloc API, if you think
something is missing, once I send out the next revision.
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive