From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932652AbcHKPzC (ORCPT ); Thu, 11 Aug 2016 11:55:02 -0400 Received: from mout.kundenserver.de ([212.227.17.10]:59922 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932267AbcHKPy6 (ORCPT ); Thu, 11 Aug 2016 11:54:58 -0400 From: Arnd Bergmann To: Russell King - ARM Linux Cc: linux-arm-kernel@lists.infradead.org, Kees Cook , linux-arch , Ard Biesheuvel , "x86@kernel.org" , LKML , "kernel-hardening@lists.openwall.com" , Andrew Morton , Mathias Krause Subject: Re: [PATCH 2/2] arm: apply more __ro_after_init Date: Thu, 11 Aug 2016 17:54:08 +0200 Message-ID: <2188666.QKZtt2vNXZ@wuerfel> User-Agent: KMail/5.1.3 (Linux/4.4.0-31-generic; KDE/5.18.0; x86_64; ; ) In-Reply-To: <20160810230645.GP1041@n2100.armlinux.org.uk> References: <1464979224-2085-1-git-send-email-keescook@chromium.org> <2760702.46Rp2Juk5b@wuerfel> <20160810230645.GP1041@n2100.armlinux.org.uk> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Provags-ID: V03:K0:Ik6PJhRXO4wDvSxIjVp0Sp0B9b4ZQwyEwy4b8faX+pNu2wLIDeQ +Id+2CFna6aDzJzSqiK2LL9tBqoYxAlGs/bed/O2qF8fY4KNj/4PWsPeYFO/dhmKLpfGj0Y 6OI8aoiP6daoMmu5Ac6h2Ag9OElUtWe+xT3w8Q1czEuUxdyf/ifWdjYWuOnf0gY1+o0y7N+ jr/BetQhGfXkey05xiUyg== X-UI-Out-Filterresults: notjunk:1;V01:K0:AEn7XWWYmUo=:MDt8/zCYKZlZkK2dq/p8w4 p+6qcXoqqcKkp7zdz/5iiWULH3JkrCo5C3cT8IW53ioziM1nrpx5P4q5uGTQUOrFunKBirTT3 qKVDpNm8B2Dst/FwGAMCNWZkfQfq/Y2iadHq5AbVAjxLhhS059TTOSi79dxXXpU/9KURNsGGE iXIVk4auaoz/eROg+CofFGwMKH0g2bbXpJc/vnr2iRchsF9dKmkOlY6osclhmIOZpYijqIDZr sneGQGkA7x8HDZS7VTEB1tf+5pxCYS+3U4f1Qvec4JghRIKSPR4Fd3rT45yAaaq3oyo5qLS5P hpk99Yg/JQzXpVyrYW4NphIFraNPwrsJSLV9Y0f43n8RdkQ5fc+uT+cuLgIRJAhMe+qR71N8w iBuGfOanXY9CXIHvpRCooXaU7XvmUlyJq62oTLB9TjPnhTUbkhGpqQaaI+hTelLCzEIb/IRN6 gKrjNWtjgYx5z61KPJBn6qw16+akMaBsl75pd5GqJeuZYPPV8nzyn6864aKlOYMEavfr3AaU8 dAcPlNl1N1kflvkZUcJ5rlxR0lYSshgFc9UB5+WkINNc6yrNLYlfkCN5MWE8+voBK2wSOoPdS 2CTJH1dZ9FyjnM8/6gS/mIWqVMrEo/xFQmJ/cZTLkpk4KTF63iD8c/wZurLxU5iEOU/Tvx3OR urRJOgdCdsSre9L0f8P+076hC1+aroMRc5lIyqGSFtIU7+ihje/6aYj57iCFi32M9Dup7DMes 8ac1MVpN0Pl0ljZI Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thursday, August 11, 2016 12:06:45 AM CEST Russell King - ARM Linux wrote: > On Wed, Aug 10, 2016 at 09:41:23PM +0200, Arnd Bergmann wrote: > > It might be better to start by making the fixed mapping readonly, > > as KASLR doesn't protect that one at all, and change the TLS > > code accordingly. > > I think that's impossible, because we gave userspace permission to > read 0xffff0ff0 directly without using __kuser_get_tls. You're > talking about potentially breaking userspace. > > If you disable kuser helpers, then the page becomes read-only and > invisible to userspace anyway. So, everything is being done there > which can be done - if you have kuser helpers enabled, then you > lose some opportunities for these security improvements. What I meant was writing to the page through the linear mapping rather than the virtual mapping at 0xffff0000 so we can leave that one read-only (I did not consider whether that might cause cache aliasing problems when reading from the other address). Your other point is more important though: if one really cares about optimizing security here, they probably should disable kuser helpers completely anyway. Kees, is that something you have on your radar already? Arnd