[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jLy3cpLzU1MSQhS6q=5rMu2Mdp9pXncoFapPqUyQ1fO0A@mail.gmail.com>
Date: Thu, 28 Jan 2016 06:06:53 -0800
From: Kees Cook <keescook@...omium.org>
To: Mark Rutland <mark.rutland@....com>
Cc: David Brown <david.brown@...aro.org>,
"kernel-hardening@...ts.openwall.com"
<kernel-hardening@...ts.openwall.com>,
Ingo Molnar <mingo@...hat.com>,
Andy Lutomirski <luto@...capital.net>,
"H. Peter Anvin" <hpa@...or.com>,
Michael Ellerman <mpe@...erman.id.au>,
Mathias Krause <minipli@...glemail.com>,
Thomas Gleixner <tglx@...utronix.de>,
"x86@...nel.org" <x86@...nel.org>, Arnd Bergmann <arnd@...db.de>,
PaX Team <pageexec@...email.hu>,
Emese Revfy <re.emese@...il.com>,
LKML <linux-kernel@...r.kernel.org>,
linux-arch <linux-arch@...r.kernel.org>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Marc Zyngier <marc.zyngier@....com>,
yalin wang <yalin.wang2010@...il.com>,
Zi Shen Lim <zlim.lnx@...il.com>,
Yang Shi <yang.shi@...aro.org>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Laura Abbott <lauraa@...eaurora.org>,
"Suzuki K. Poulose" <suzuki.poulose@....com>,
Steve Capper <steve.capper@...aro.org>,
Jeremy Linton <jeremy.linton@....com>,
Mark Salter <msalter@...hat.com>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH] arm64: make CONFIG_DEBUG_RODATA non-optional
On Thu, Jan 28, 2016 at 3:06 AM, Mark Rutland <mark.rutland@....com> wrote:
> One thing I would like to do is to avoid the need for fixup_executable
> entirely, by mapping the kernel text RO from the outset. However, that
> requires rework of the alternatives patching (to use a temporary RW
> alias), and I haven't had the time to look into that yet.
This makes perfect sense for the rodata section, but the (future)
postinit_rodata section we'll still want to mark RO after init
finishes. x86 and ARM cheat by marking both RO after init, and they
don't have to pad sections. parisc will need to solve this too.
-Kees
--
Kees Cook
Chrome OS & Brillo Security
Powered by blists - more mailing lists