From mboxrd@z Thu Jan 1 00:00:00 1970 From: keescook@chromium.org (Kees Cook) Date: Tue, 13 Feb 2018 13:43:49 -0800 Subject: [kernel-hardening] [PATCH 4/6] Protectable Memory In-Reply-To: References: <20180124175631.22925-1-igor.stoppa@huawei.com> <20180124175631.22925-5-igor.stoppa@huawei.com> <20180126053542.GA30189@bombadil.infradead.org> <8818bfd4-dd9f-f279-0432-69b59531bd41@huawei.com> <17e5b515-84c8-dca2-1695-cdf819834ea2@huawei.com> <414027d3-dd73-cf11-dc2a-e8c124591646@redhat.com> Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Tue, Feb 13, 2018 at 8:09 AM, Laura Abbott wrote: > No, arm64 doesn't fixup the aliases, mostly because arm64 uses larger > page sizes which can't be broken down at runtime. CONFIG_PAGE_POISONING > does use 4K pages which could be adjusted at runtime. So yes, you are > right we would have physmap exposure on arm64 as well. Errr, so that means even modules and kernel code are writable via the arm64 physmap? That seems extraordinarily bad. :( -Kees -- Kees Cook Pixel Security -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html