• Kees Cook's avatar
    arch: Introduce post-init read-only memory · c74ba8b3
    Kees Cook authored
    One of the easiest ways to protect the kernel from attack is to reduce
    the internal attack surface exposed when a "write" flaw is available. By
    making as much of the kernel read-only as possible, we reduce the
    attack surface.
    Many things are written to only during __init, and never changed
    again. These cannot be made "const" since the compiler will do the wrong
    thing (we do actually need to write to them). Instead, move these items
    into a memory region that will be made read-only during mark_rodata_ro()
    which happens after all kernel __init code has finished.
    This introduces __ro_after_init as a way to mark such memory, and adds
    some documentation about the existing __read_mostly marking.
    This improves the security of the Linux kernel by marking formerly
    read-write memory regions as read-only on a fully booted up system.
    Based on work by PaX Team and Brad Spengler.
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Arnd Bergmann <arnd@arndb.de>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Brad Spengler <spender@grsecurity.net>
    Cc: Brian Gerst <brgerst@gmail.com>
    Cc: David Brown <david.brown@linaro.org>
    Cc: Denys Vlasenko <dvlasenk@redhat.com>
    Cc: Emese Revfy <re.emese@gmail.com>
    Cc: H. Peter Anvin <hpa@zytor.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Mathias Krause <minipli@googlemail.com>
    Cc: Michael Ellerman <mpe@ellerman.id.au>
    Cc: PaX Team <pageexec@freemail.hu>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: kernel-hardening@lists.openwall.com
    Cc: linux-arch <linux-arch@vger.kernel.org>
    Link: http://lkml.kernel.org/r/1455748879-21872-5-git-send-email-keescook@chromium.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
cache.h 2.09 KB