[kernel-hardening] [PATCH 4/6] Protectable Memory
Kees Cook
keescook at chromium.org
Tue Feb 13 21:43:49 UTC 2018
On Tue, Feb 13, 2018 at 8:09 AM, Laura Abbott <labbott at redhat.com> wrote:
> No, arm64 doesn't fixup the aliases, mostly because arm64 uses larger
> page sizes which can't be broken down at runtime. CONFIG_PAGE_POISONING
> does use 4K pages which could be adjusted at runtime. So yes, you are
> right we would have physmap exposure on arm64 as well.
Errr, so that means even modules and kernel code are writable via the
arm64 physmap? That seems extraordinarily bad. :(
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list