On Wed, Aug 10, 2016 at 09:41:23PM +0200, Arnd Bergmann wrote: > It might be better to start by making the fixed mapping readonly, > as KASLR doesn't protect that one at all, and change the TLS > code accordingly.
I think that's impossible, because we gave userspace permission to read 0xffff0ff0 directly without using __kuser_get_tls. You're talking about potentially breaking userspace. If you disable kuser helpers, then the page becomes read-only and invisible to userspace anyway. So, everything is being done there which can be done - if you have kuser helpers enabled, then you lose some opportunities for these security improvements. -- RMK's Patch system: http://www.armlinux.org.uk/developer/patches/ FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up according to speedtest.net.
