Re: [PATCH 2/4] arm64: alternatives: apply boot time fixups via the linear mapping

> On 10 Feb 2017, at 18:49, Suzuki K Poulose wrote: > >> On 10/02/17 17:16, Ard Biesheuvel wrote: >> One important rule of thumb when designing a secure software system is >> that memory should never be writable and executable at the same time. >> We mostly adhere to

Re: [PATCH 2/4] arm64: alternatives: apply boot time fixups via the linear mapping

On 10/02/17 17:16, Ard Biesheuvel wrote: One important rule of thumb when designing a secure software system is that memory should never be writable and executable at the same time. We mostly adhere to this rule in the kernel, except at boot time, when regions may be mapped RWX until after we

[PATCH 3/4] arm64: mmu: map .text as read-only from the outset

Now that alternatives patching code no longer relies on the primary mapping of .text being writable, we can remove the code that removes the writable permissions post-init time, and map it read-only from the outset. Signed-off-by: Ard Biesheuvel ---

[PATCH 4/4] arm64: mmu: apply strict permissions to .init.text and .init.data

To avoid having mappings that are writable and executable at the same time, split the init region into a .init.text region that is mapped read-only, and a .init.data region that is mapped non-executable. This is possible now that the alternative patching occurs via the linear mapping, and the

[PATCH 2/4] arm64: alternatives: apply boot time fixups via the linear mapping

One important rule of thumb when designing a secure software system is that memory should never be writable and executable at the same time. We mostly adhere to this rule in the kernel, except at boot time, when regions may be mapped RWX until after we are done applying alternatives or making

[PATCH 0/4] arm64: mmu: avoid writeable-executable mappings

Having memory that is writable and executable at the same time is a security hazard, and so we tend to avoid those when we can. However, at boot time, we keep .text mapped writable during the entire init phase, and the init region itself is mapped rwx as well. Let's improve the situation by: -

Re: [RFC v2 05/19] KVM: arm64: ITS: Implement vgic_its_has_attr_regs and attr_regs_access

Hi Andre, On 10/02/2017 12:57, Andre Przywara wrote: > On 08/02/17 11:43, Eric Auger wrote: > > Salut Eric, > > one minor thing below, but first a general question: > I take it that the state of the ITS (enabled/disabled) shouldn't matter > when it comes to reading/writing registers, right?

Re: [RFC v2 05/19] KVM: arm64: ITS: Implement vgic_its_has_attr_regs and attr_regs_access

On 08/02/17 11:43, Eric Auger wrote: Salut Eric, one minor thing below, but first a general question: I take it that the state of the ITS (enabled/disabled) shouldn't matter when it comes to reading/writing registers, right? Because this is totally under guest control and userland shouldn't mess