Re: [PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional

From: Kees Cook
Date: Thu Jan 28 2016 - 09:06:59 EST

Next message: Eric Dumazet: "Re: Re: [PATCH V2] netfilter: h323: avoid potential attack"
Previous message: Paolo Bonzini: "[PATCH 2/2] kvm/x86: Hyper-V tsc page setup"
In reply to: Mark Rutland: "Re: [PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional"
Next in thread: Mark Rutland: "Re: [PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 28, 2016 at 3:06 AM, Mark Rutland <mark.rutland@xxxxxxx> wrote:
> One thing I would like to do is to avoid the need for fixup_executable
> entirely, by mapping the kernel text RO from the outset. However, that
> requires rework of the alternatives patching (to use a temporary RW
> alias), and I haven't had the time to look into that yet.

This makes perfect sense for the rodata section, but the (future)
postinit_rodata section we'll still want to mark RO after init
finishes. x86 and ARM cheat by marking both RO after init, and they
don't have to pad sections. parisc will need to solve this too.

-Kees

--
Kees Cook
Chrome OS & Brillo Security

Next message: Eric Dumazet: "Re: Re: [PATCH V2] netfilter: h323: avoid potential attack"
Previous message: Paolo Bonzini: "[PATCH 2/2] kvm/x86: Hyper-V tsc page setup"
In reply to: Mark Rutland: "Re: [PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional"
Next in thread: Mark Rutland: "Re: [PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]