From mboxrd@z Thu Jan 1 00:00:00 1970 From: Borislav Petkov Subject: Re: [PATCH v2] x86/mm: warn on W+x mappings Date: Wed, 21 Oct 2015 15:24:31 +0200 Message-ID: <20151021132430.GD3575@pd.tnic> References: <20151012124113.GD2579@codeblueprint.co.uk> <20151012124936.GA6260@gmail.com> <20151012125548.GE2579@codeblueprint.co.uk> <20151012141754.GA6621@gmail.com> <20151012144928.GF2579@codeblueprint.co.uk> <20151014151807.GA27013@gmail.com> <20151014210257.GF2782@codeblueprint.co.uk> <20151021094242.GA12155@gmail.com> <20151021124924.GA19262@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org To: Ard Biesheuvel Cc: Ingo Molnar , Matt Fleming , Stephen Smalley , "x86@kernel.org" , "linux-kernel@vger.kernel.org" , Kees Cook , Thomas Gleixner , "H. Peter Anvin" , Peter Zijlstra , Andy Lutomirski , Denys Vlasenko , Brian Gerst , "linux-efi@vger.kernel.org" List-Id: linux-efi@vger.kernel.org On Wed, Oct 21, 2015 at 02:57:47PM +0200, Ard Biesheuvel wrote: > ... For the remaining cases, which is the vast majority, no such > assumptions can be made, and since the UEFI runtime regions are > typically populated with a bunch of PE/COFF images (each of which > consists of text + data), inferring where the boundaries are between > them does not seem tractable (for instance, to only map 'boundary' > pages RWX) How much of a problem would it be if we still do the on-demand page faulting and map a trailing piece of code together with the data in a page RWX? Still better than mapping the *whole* thing RWX, no? -- Regards/Gruss, Boris. ECO tip #101: Trim your mails when you reply.