Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.20.1802021236510.31548@nuc-kabylake>
Date: Fri, 2 Feb 2018 12:39:20 -0600 (CST)
From: Christopher Lameter <cl@...ux.com>
To: Matthew Wilcox <willy@...radead.org>
cc: Jann Horn <jannh@...gle.com>, Igor Stoppa <igor.stoppa@...wei.com>, 
    jglisse@...hat.com, Kees Cook <keescook@...omium.org>, 
    Michal Hocko <mhocko@...nel.org>, Laura Abbott <labbott@...hat.com>, 
    Christoph Hellwig <hch@...radead.org>, 
    linux-security-module@...r.kernel.org, linux-mm@...ck.org, 
    kernel list <linux-kernel@...r.kernel.org>, 
    Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH 4/6] Protectable Memory

On Thu, 25 Jan 2018, Matthew Wilcox wrote:

> It's worth having a discussion about whether we want the pmalloc API
> or whether we want a slab-based API.  We can have a separate discussion
> about an API to remove pages from the physmap.

We could even do this in a more thorough way. Can we use a ring 1 / 2
distinction to create a hardened OS core that policies the rest of
the ever expanding kernel with all its modules and this and that feature?

I think that will long term be a better approach and allow more than the
current hardening approaches can get you. It seems that we are willing to
tolerate significant performance regressions now. So lets use the
protection mechanisms that the hardware offers.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.