lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 May 2022 22:26:43 +0000 From: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com> To: "keescook@...omium.org" <keescook@...omium.org>, "Weiny, Ira" <ira.weiny@...el.com> CC: "hpa@...or.com" <hpa@...or.com>, "Williams, Dan J" <dan.j.williams@...el.com>, "Shankar, Ravi V" <ravi.v.shankar@...el.com>, "Yu, Fenghua" <fenghua.yu@...el.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>, "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org> Subject: Re: [PATCH V10 14/44] mm/pkeys: Introduce pks_set_readwrite() On Tue, 2022-05-10 at 15:08 -0700, Kees Cook wrote: > > Kees would you prefer pks_set_nowrite() as a name? > > I think nowrite is the better name (in the sense that "read-only" can > sometimes imply non-executable). I agree with this here. Read-only is a bad name for not writable. Especially if you try talking about "execute-only" memory which is "read-only" (not writable) and "not readable". Very confusing. > > > > > > > With these changes it should be possible to protect the kernel's > > > page > > > table entries from "stray" writes. :) > > > > Yes, Rick has done some great work in that area. > > Oh! I would _love_ to see this series. I was trying to scope the work > yesterday but gave up after I couldn't figure out the qemu PKS trick. > :) I would still like to get back to it, but other work has bumped it for now. v1: https://lore.kernel.org/lkml/20210505003032.489164-1-rick.p.edgecombe@intel.com/#r v2: https://lore.kernel.org/lkml/20210830235927.6443-1-rick.p.edgecombe@intel.com/#r Mostly it fit together pretty easily, but there was memory overhead required to protect the page tables that map the direct map fully (unless a better solution can be found).
Powered by blists - more mailing lists