Re: [PATCH 2/2] arm: apply more __ro_after_init

From: Russell King - ARM Linux
Date: Wed Aug 10 2016 - 19:07:01 EST

Next message: Mathieu Poirier: "Re: [PATCH V3 1/6] perf/core: Adding PMU driver specific configuration"
Previous message: Shuah Khan: "Re: [PATCH] exynos-drm: Fix display manager failing to start without IOMMU problem"
In reply to: Kees Cook: "Re: [PATCH 2/2] arm: apply more __ro_after_init"
Next in thread: Arnd Bergmann: "Re: [PATCH 2/2] arm: apply more __ro_after_init"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 10, 2016 at 09:41:23PM +0200, Arnd Bergmann wrote:
> It might be better to start by making the fixed mapping readonly,
> as KASLR doesn't protect that one at all, and change the TLS
> code accordingly.

I think that's impossible, because we gave userspace permission to
read 0xffff0ff0 directly without using __kuser_get_tls. You're
talking about potentially breaking userspace.

If you disable kuser helpers, then the page becomes read-only and
invisible to userspace anyway. So, everything is being done there
which can be done - if you have kuser helpers enabled, then you
lose some opportunities for these security improvements.

--
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.

Next message: Mathieu Poirier: "Re: [PATCH V3 1/6] perf/core: Adding PMU driver specific configuration"
Previous message: Shuah Khan: "Re: [PATCH] exynos-drm: Fix display manager failing to start without IOMMU problem"
In reply to: Kees Cook: "Re: [PATCH 2/2] arm: apply more __ro_after_init"
Next in thread: Arnd Bergmann: "Re: [PATCH 2/2] arm: apply more __ro_after_init"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]