[RFC PATCH v2 1/3] Add support for eXclusive Page Frame Ownership (XPFO)

2016-09-14 Thread Juerg Haefliger
This patch adds support for XPFO which protects against 'ret2dir' kernel attacks. The basic idea is to enforce exclusive ownership of page frames by either the kernel or userspace, unless explicitly requested by the kernel. Whenever a page destined for userspace is allocated, it is unmapped from

[RFC PATCH v2 1/3] Add support for eXclusive Page Frame Ownership (XPFO)

2016-09-14 Thread Juerg Haefliger
This patch adds support for XPFO which protects against 'ret2dir' kernel attacks. The basic idea is to enforce exclusive ownership of page frames by either the kernel or userspace, unless explicitly requested by the kernel. Whenever a page destined for userspace is allocated, it is unmapped from

[RFC PATCH v2 1/3] Add support for eXclusive Page Frame Ownership (XPFO)

2016-09-02 Thread Juerg Haefliger
This patch adds support for XPFO which protects against 'ret2dir' kernel attacks. The basic idea is to enforce exclusive ownership of page frames by either the kernel or userspace, unless explicitly requested by the kernel. Whenever a page destined for userspace is allocated, it is unmapped from

[RFC PATCH v2 1/3] Add support for eXclusive Page Frame Ownership (XPFO)

2016-09-02 Thread Juerg Haefliger
This patch adds support for XPFO which protects against 'ret2dir' kernel attacks. The basic idea is to enforce exclusive ownership of page frames by either the kernel or userspace, unless explicitly requested by the kernel. Whenever a page destined for userspace is allocated, it is unmapped from