Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 22 Jan 2016 10:19:54 -0700
From: David Brown <>
Cc: Ingo Molnar <>, Kees Cook <>,
	Andy Lutomirski <>,
	"H. Peter Anvin" <>,
	Michael Ellerman <>,
	Mathias Krause <>,
	Thomas Gleixner <>,,
	Arnd Bergmann <>, PaX Team <>,
	Emese Revfy <>,,
	linux-arch <>,
	Laura Abbott <>
Subject: Re: [PATCH v4 0/8] introduce post-init read-only

On Tue, Jan 19, 2016 at 10:08:34AM -0800, Kees Cook wrote:

>This introduces __ro_after_init as a way to mark such memory, and uses
>it on the x86 vDSO to kill an extant kernel exploitation method. Also
>adds a new kernel parameter to help debug future use and adds an lkdtm
>test to check the results.

I've tested these patches on 32-bit ARM using the provoke-crashes
test.  However, they do require CONFIG_ARM_KERNMEM_PERMS to be enabled
as well, which does incur additional memory usage.

Do we want to consider making CONFIG_ARM_KERNMEM_PERMS default y for
security reasons, and just document that memory-constrained systems
may want to turn it off?

I'll test the arm64 next.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.