From: Russell King - ARM Linux <linux@armlinux.org.uk>
To: Kees Cook <keescook@chromium.org>
Cc: Hoeun Ryu <hoeun.ryu@gmail.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Andy Lutomirski <luto@kernel.org>,
PaX Team <pageexec@freemail.hu>, Emese Revfy <re.emese@gmail.com>,
"x86@kernel.org" <x86@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Christoffer Dall <christoffer.dall@linaro.org>,
Mark Rutland <mark.rutland@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Laura Abbott <labbott@redhat.com>,
Hugh Dickins <hughd@google.com>,
Steve Capper <steve.capper@arm.com>,
Ganapatrao Kulkarni <gkulkarni@caviumnetworks.com>,
James Morse <james.morse@arm.com>,
Kefeng Wang <wangkefeng.wang@huawei.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: [kernel-hardening] Re: [RFCv2] arm64: support HAVE_ARCH_RARE_WRITE and HAVE_ARCH_RARE_WRITE_MEMCPY
Date: Thu, 30 Mar 2017 20:45:28 +0100 [thread overview]
Message-ID: <20170330194528.GJ7909@n2100.armlinux.org.uk> (raw)
In-Reply-To: <CAGXu5jLFDGO5OfOGa7B9H6pw8ivnL9MUsPZ=fQns-fbA6R-Ljw@mail.gmail.com>
On Thu, Mar 30, 2017 at 12:38:15PM -0700, Kees Cook wrote:
> Great work! I think this will need some further changes, though, since
> it doesn't look to me like this would pass LKDTM's tests if it was
> built as a module. (This is missing from my ARM attempt too... I
> haven't figured out how to set the domain on the kernel modules...)
You're not going to be able to do it very easily. The only way I can
think of achieving it would be to split the module area into one
chunk for text, one chunk for write-rare and one chunk for data.
I still think that using domains is a mistake for this - it's a good
solution for things that are contiguous and big (like userspace), but
not for small amounts of data (like module sections.)
--
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.
next prev parent reply other threads:[~2017-03-30 19:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-30 14:39 [kernel-hardening] [RFCv2] arm64: support HAVE_ARCH_RARE_WRITE and HAVE_ARCH_RARE_WRITE_MEMCPY Hoeun Ryu
2017-03-30 19:38 ` [kernel-hardening] " Kees Cook
2017-03-30 19:45 ` Russell King - ARM Linux [this message]
2017-03-30 19:49 ` Kees Cook
2017-04-03 3:19 ` Hoeun Ryu
2017-03-31 9:25 ` Ard Biesheuvel
2017-04-03 4:03 ` Hoeun Ryu
2017-04-03 4:17 ` Ho-Eun Ryu
2017-04-03 7:11 ` Ard Biesheuvel
2017-04-04 12:12 ` Ho-Eun Ryu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170330194528.GJ7909@n2100.armlinux.org.uk \
--to=linux@armlinux.org.uk \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=christoffer.dall@linaro.org \
--cc=gkulkarni@caviumnetworks.com \
--cc=hoeun.ryu@gmail.com \
--cc=hughd@google.com \
--cc=james.morse@arm.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=pageexec@freemail.hu \
--cc=re.emese@gmail.com \
--cc=steve.capper@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=wangkefeng.wang@huawei.com \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox