On Tue, Feb 20, 2018 at 8:40 AM, Igor Stoppa <igor.stoppa@xxxxxxxxxx> wrote: > > On 13/02/18 01:43, Kees Cook wrote: >> On Mon, Feb 12, 2018 at 8:53 AM, Igor Stoppa <igor.stoppa@xxxxxxxxxx> wrote: > > [...] > >>> +obj-$(CONFIG_PROTECTABLE_MEMORY_SELFTEST) += pmalloc-selftest.o >> >> Nit: self-test modules are traditionally named "test_$thing.o" >> (outside of the tools/ directory). > > ok > > [...] > >> I wonder if lkdtm should grow a test too, to validate the RO-ness of >> the allocations at the right time in API usage? > > sorry for being dense ... are you proposing that I do something to > lkdtm_rodata.c ? An example would probably help me understand. It would likely live in lkdtm_perms.c (or maybe lkdtm_heap.c). Namely, use the pmalloc API and then attempt to write to a read-only variable in the pmalloc region (to prove that the permission adjustment actually happened). Likely a good example is lkdtm_WRITE_RO_AFTER_INIT(). -Kees -- Kees Cook Pixel Security -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
