On Fri, Feb 10, 2017 at 9:16 AM, Ard Biesheuvel <ard.biesheu...@linaro.org> wrote: > To avoid having mappings that are writable and executable at the same > time, split the init region into a .init.text region that is mapped > read-only, and a .init.data region that is mapped non-executable. > > This is possible now that the alternative patching occurs via the linear > mapping, and the linear alias of the init region is always mapped writable > (but never executable).
Er, so, that means kernel text is still basically RWX... you just write to the linear mapping and execute the kernel mapping. Can't we make the linear mapping match the kernel mapping permissions? -Kees -- Kees Cook Pixel Security _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
