| Message ID | 20171005190317.GA98302@beast (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v2] powerpc: Default to enabling STRICT_KERNEL_RWX | expand |
On Fri, Oct 6, 2017 at 6:03 AM, Kees Cook <keescook@chromium.org> wrote: > When available, CONFIG_KERNEL_RWX should be default-enabled for PPC64. > On PPC32, there is a performance trade-off. > > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> > Cc: Paul Mackerras <paulus@samba.org> > Cc: Michael Ellerman <mpe@ellerman.id.au> > Cc: Christophe LEROY <christophe.leroy@c-s.fr> > Cc: Balbir Singh <bsingharora@gmail.com> > Cc: linuxppc-dev@lists.ozlabs.org > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > v2: > - depend on PPC64, as noted by Christophe. > --- > arch/powerpc/Kconfig | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig > index 809c468edab1..4315c9b2db4f 100644 > --- a/arch/powerpc/Kconfig > +++ b/arch/powerpc/Kconfig > @@ -178,6 +178,7 @@ config PPC > select HAVE_ARCH_TRACEHOOK > select ARCH_HAS_STRICT_KERNEL_RWX if ((PPC_BOOK3S_64 || PPC32) && !RELOCATABLE && !HIBERNATION) > select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX > + select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT if PPC64 We usually have CONFIG_RELOCATABLE on - on most configs. Our STRICT RWX depends on !RELOCATABLE as you've seen. I have patches to fix STRICT_KERNEL_RWX on CONFIG_RELOCATABLE https://patchwork.ozlabs.org/patch/795744/ (I need to rebase this to use generic helpers we have to convert an mm,addr to pte) Aside, I also have set_memory_xx at https://patchwork.ozlabs.org/patch/796183/ (again I need to rebase them) I hope to get to them next week, hopefully Balbir Singh.
Kees Cook <keescook@chromium.org> writes: > When available, CONFIG_KERNEL_RWX should be default-enabled for PPC64. > On PPC32, there is a performance trade-off. Thanks for prodding us. But I think we need some more test cycles on this before we make it the default. As Balbir said it's currently not compatible with RELOCATABLE, which means most folks aren't enabling it. We also don't have good numbers on what the performance impact is on 64-bit. So although it almost certainly should be the default in future, I'd still like us to have some idea of what it's costing us. I'll try and get some perf numbers. cheers
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 809c468edab1..4315c9b2db4f 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -178,6 +178,7 @@ config PPC select HAVE_ARCH_TRACEHOOK select ARCH_HAS_STRICT_KERNEL_RWX if ((PPC_BOOK3S_64 || PPC32) && !RELOCATABLE && !HIBERNATION) select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX + select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT if PPC64 select HAVE_CBPF_JIT if !PPC64 select HAVE_CONTEXT_TRACKING if PPC64 select HAVE_DEBUG_KMEMLEAK
When available, CONFIG_KERNEL_RWX should be default-enabled for PPC64. On PPC32, there is a performance trade-off. Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Christophe LEROY <christophe.leroy@c-s.fr> Cc: Balbir Singh <bsingharora@gmail.com> Cc: linuxppc-dev@lists.ozlabs.org Signed-off-by: Kees Cook <keescook@chromium.org> --- v2: - depend on PPC64, as noted by Christophe. --- arch/powerpc/Kconfig | 1 + 1 file changed, 1 insertion(+)