Date: Thu, 10 Dec 2015 09:49:13 -0800 From: Kees Cook <keescook@...omium.org> To: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Cc: Catalin Marinas <catalin.marinas@....com> Subject: Re: Self Introduction On Thu, Dec 10, 2015 at 9:14 AM, Stephen Smalley <stephen.smalley@...il.com> wrote: > On Wed, Dec 9, 2015 at 7:41 PM, Kees Cook <keescook@...omium.org> wrote: >> On Wed, Dec 9, 2015 at 4:26 PM, David Brown <david.brown@...aro.org> wrote: >>> On Wed, Dec 09, 2015 at 04:14:20PM -0800, Kees Cook wrote: >>>> I'd love to see CONFIG_CPU_SW_DOMAIN_PAN into the AOSP 3.18 android kernel >>>> too. >>> >>> I'll put this on my list to investigate. Sadly, it looks like there >>> is a bit of a window of ARM CPUs where neither solution will work; >>> Basically the pre V8.1 64-bit. >> >> The LPAE support for PAN emulation exists in grsecurity, if someone >> wanted to look at how to extract it and add it to >> CONFIG_CPU_SW_DOMAIN_PAN (or similar). > > Are you looking for this: > http://marc.info/?l=linux-arm-kernel&m=144308911409429&w=2 > > Haven't seen any follow up on it though... Ah yes! Thank you! https://patchwork.kernel.org/patch/7250401/ https://patchwork.kernel.org/patch/7250391/ https://patchwork.kernel.org/patch/7250421/ https://patchwork.kernel.org/patch/7250441/ Catalin, where does this stand? Also, what options do ARMv8 (not ARMv8.1) devices have for PAN if they're running 64-bit? The matrix for PAN seems to be: ARMv7 32-bit non-LPAE: CONFIG_CPU_SW_DOMAIN_PAN ARMv7 32-bit LPAE: Catalin's series (CPU_TTBR0_PAN) ARMv8 32-bit: Catalin's series? ARMv8 64-bit: ?? ARMv8.1: hardware PAN x86 pre-late-Broadwell: nothing upstream (though UDEREF in PaX exists) x86 Broadwell+: hardware PAN (SMAP) powerpc: ?? MIPS: ?? Corrections appreciated. :) -Kees -- Kees Cook Chrome OS & Brillo Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.