Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 22 Jan 2016 11:16:57 -0800
From: Laura Abbott <>
Cc: Ingo Molnar <>, Kees Cook <>,
 Andy Lutomirski <>, "H. Peter Anvin" <>,
 Michael Ellerman <>,
 Mathias Krause <>, Thomas Gleixner
 <>,, Arnd Bergmann <>,
 PaX Team <>, Emese Revfy <>,, linux-arch <>
Subject: Re: [PATCH v4 0/8] introduce post-init read-only

On 1/22/16 9:19 AM, David Brown wrote:
> On Tue, Jan 19, 2016 at 10:08:34AM -0800, Kees Cook wrote:
>> This introduces __ro_after_init as a way to mark such memory, and uses
>> it on the x86 vDSO to kill an extant kernel exploitation method. Also
>> adds a new kernel parameter to help debug future use and adds an lkdtm
>> test to check the results.
> I've tested these patches on 32-bit ARM using the provoke-crashes
> test.  However, they do require CONFIG_ARM_KERNMEM_PERMS to be enabled
> as well, which does incur additional memory usage.
> Do we want to consider making CONFIG_ARM_KERNMEM_PERMS default y for
> security reasons, and just document that memory-constrained systems
> may want to turn it off?
> I'll test the arm64 next.
> David

Kees had previously pushed a patch to do so but it exposed a couple of
underlying issues, mostly with low power paths
Those will need to be all fixed up before this could be made default.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.