From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753029Ab3LJSzO (ORCPT ); Tue, 10 Dec 2013 13:55:14 -0500 Received: from terminus.zytor.com ([198.137.202.10]:50648 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751080Ab3LJSzL (ORCPT ); Tue, 10 Dec 2013 13:55:11 -0500 Message-ID: <52A76348.5080803@zytor.com> Date: Tue, 10 Dec 2013 10:54:00 -0800 From: "H. Peter Anvin" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Vivek Goyal CC: Kees Cook , LKML , Rik van Riel , Andrew Morton , Matthew Garrett , Rob Landley , Eric Biederman , Ingo Molnar , Peter Zijlstra , Mel Gorman , "linux-doc@vger.kernel.org" , kexec@lists.infradead.org Subject: Re: [PATCH v2] kexec: add sysctl to disable kexec References: <20131210001620.GA7938@www.outflux.net> <52A66190.9060907@zytor.com> <20131210143540.GA13909@redhat.com> <20131210183352.GD13909@redhat.com> In-Reply-To: <20131210183352.GD13909@redhat.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/10/2013 10:33 AM, Vivek Goyal wrote: > On Tue, Dec 10, 2013 at 08:32:38AM -0800, H. Peter Anvin wrote: >> Of course it isn't. > > I am not sure what are you trying to say. This is too brief. > > Thanks > Vivek > Of course it is not sufficient. Once you can get arbitrary code into kernel space (CPL 0) you can do anything, and "disabling jump back" is just a speed bump. -hpa