From: linux@arm.linux.org.uk (Russell King - ARM Linux)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3] ARM: xip: Use correct symbol for end of ROM marker
Date: Mon, 16 Nov 2015 19:53:34 +0000 [thread overview]
Message-ID: <20151116195334.GL8644@n2100.arm.linux.org.uk> (raw)
In-Reply-To: <HK2PR06MB056161DA1A57638A1D7305D58A1E0@HK2PR06MB0561.apcprd06.prod.outlook.com>
On Mon, Nov 16, 2015 at 07:46:05PM +0000, Chris Brandt wrote:
> > We don't need the data sections because they will have been copied to RAM, and
> > we probably don't want to keep those exposed (it's potentially useful for
> > attackers.)
>
> The init sections also hang around after boot as well (it's XIP code, so
> there is nothing to 'free' in terms of executable init code).
> Any potential security issues there as well? Should the data and init-
> text sections be put in a separate section that gets blown away after
> init-data is freed?
That's much harder to do - generally for XIP, people are space limited
(which is why they're using XIP rather than putting the kernel in RAM.)
They won't take kindly to having the kernel image bloated by 1MB just
to pad it out so that the init stuff can be unmapped.
However, from the security point of view, the less that's mapped at
known addresses, the better.
--
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.
next prev parent reply other threads:[~2015-11-16 19:53 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-11 14:17 [PATCH] ARM: xip: Use correct symbol for end of ROM marker Chris Brandt
2015-11-12 12:17 ` Peter Hurley
2015-11-12 13:15 ` Chris Brandt
2015-11-12 16:32 ` Russell King - ARM Linux
2015-11-12 21:01 ` [PATCH v2] " Chris Brandt
2015-11-13 7:46 ` Geert Uytterhoeven
2015-11-13 20:03 ` Chris Brandt
2015-11-16 18:05 ` [PATCH v3] " Chris Brandt
2015-11-16 18:17 ` Russell King - ARM Linux
2015-11-16 19:46 ` Chris Brandt
2015-11-16 19:53 ` Russell King - ARM Linux [this message]
2015-11-16 20:18 ` Chris Brandt
2015-11-16 20:30 ` Russell King - ARM Linux
2015-11-16 20:57 ` Nicolas Pitre
2015-11-16 21:09 ` Chris Brandt
2015-11-16 20:27 ` Nicolas Pitre
2015-11-16 21:02 ` Chris Brandt
2015-11-16 21:47 ` Nicolas Pitre
2015-11-16 22:19 ` Chris Brandt
2015-11-17 0:48 ` Nicolas Pitre
2015-11-17 2:11 ` Chris Brandt
2015-11-17 2:37 ` Nicolas Pitre
2015-11-17 16:56 ` Chris Brandt
2015-11-17 17:24 ` Nicolas Pitre
2015-11-18 3:58 ` Nicolas Pitre
2015-11-18 5:12 ` Magnus Damm
2015-11-18 13:45 ` Nicolas Pitre
2015-11-18 17:01 ` Nicolas Pitre
2015-11-18 19:12 ` Chris Brandt
2015-11-18 20:23 ` Nicolas Pitre
2015-11-18 20:51 ` Chris Brandt
2015-11-18 21:36 ` Nicolas Pitre
2016-01-29 21:12 ` Chris Brandt
2016-01-29 21:17 ` Nicolas Pitre
2015-11-17 16:45 ` Chris Brandt
2015-11-17 16:57 ` Nicolas Pitre
2015-11-18 2:09 ` Chris Brandt
2015-11-18 3:17 ` Nicolas Pitre
2015-11-18 8:30 ` Arnd Bergmann
2015-11-18 15:28 ` Chris Brandt
2015-11-18 15:16 ` Chris Brandt
2015-11-18 17:07 ` Nicolas Pitre
2015-11-18 19:36 ` Chris Brandt
2015-11-18 19:44 ` Nicolas Pitre
2015-11-18 20:00 ` Chris Brandt
2015-11-17 17:33 ` Russell King - ARM Linux
2016-02-01 17:52 ` [PATCH v4] " Chris Brandt
2016-02-01 19:12 ` Nicolas Pitre
2016-02-01 19:41 ` Chris Brandt
2016-02-01 20:23 ` Nicolas Pitre
2016-02-02 17:05 ` Chris Brandt
2016-02-02 17:19 ` [PATCH v5] " Chris Brandt
2016-02-02 17:35 ` Nicolas Pitre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151116195334.GL8644@n2100.arm.linux.org.uk \
--to=linux@arm.linux.org.uk \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).