Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Dave Hansen
On 12/14/2015 03:47 PM, Andy Lutomirski wrote: > On Mon, Dec 14, 2015 at 3:44 PM, Dave Hansen wrote: >> On 12/14/2015 03:39 PM, Andy Lutomirski wrote: > Nope. My linker-fu is weak. > > Can we even depend on the linker by itself? Even if the sections were > marked --x, we can't

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Andy Lutomirski
On Mon, Dec 14, 2015 at 3:44 PM, Dave Hansen wrote: > On 12/14/2015 03:39 PM, Andy Lutomirski wrote: >>> > Nope. My linker-fu is weak. >>> > >>> > Can we even depend on the linker by itself? Even if the sections were >>> > marked --x, we can't actually use them with those permissions unless we

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Dave Hansen
On 12/14/2015 03:39 PM, Andy Lutomirski wrote: >> > Nope. My linker-fu is weak. >> > >> > Can we even depend on the linker by itself? Even if the sections were >> > marked --x, we can't actually use them with those permissions unless we >> > have protection keys. >> > >> > Do we need some

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Kees Cook
On Mon, Dec 14, 2015 at 3:39 PM, Andy Lutomirski wrote: > On Mon, Dec 14, 2015 at 3:37 PM, Dave Hansen wrote: >> On 12/14/2015 12:05 PM, Kees Cook wrote: >>> On Mon, Dec 14, 2015 at 11:06 AM, Dave Hansen wrote: > From: Dave Hansen > Protection keys provide new page-based protection

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Kees Cook
On Mon, Dec 14, 2015 at 3:37 PM, Dave Hansen wrote: > On 12/14/2015 12:05 PM, Kees Cook wrote: >> On Mon, Dec 14, 2015 at 11:06 AM, Dave Hansen wrote: >>> > From: Dave Hansen >>> > Protection keys provide new page-based protection in hardware. >>> > But, they have an interesting attribute: they

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Andy Lutomirski
On Mon, Dec 14, 2015 at 3:37 PM, Dave Hansen wrote: > On 12/14/2015 12:05 PM, Kees Cook wrote: >> On Mon, Dec 14, 2015 at 11:06 AM, Dave Hansen wrote: >>> > From: Dave Hansen >>> > Protection keys provide new page-based protection in hardware. >>> > But, they have an interesting attribute: they

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Dave Hansen
On 12/14/2015 12:05 PM, Kees Cook wrote: > On Mon, Dec 14, 2015 at 11:06 AM, Dave Hansen wrote: >> > From: Dave Hansen >> > Protection keys provide new page-based protection in hardware. >> > But, they have an interesting attribute: they only affect data >> > accesses and never affect

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Kees Cook
On Mon, Dec 14, 2015 at 11:06 AM, Dave Hansen wrote: > > From: Dave Hansen > > Protection keys provide new page-based protection in hardware. > But, they have an interesting attribute: they only affect data > accesses and never affect instruction fetches. That means that > if we set up some

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Kees Cook
On Mon, Dec 14, 2015 at 3:39 PM, Andy Lutomirski wrote: > On Mon, Dec 14, 2015 at 3:37 PM, Dave Hansen wrote: >> On 12/14/2015 12:05 PM, Kees Cook wrote: >>> On Mon, Dec 14, 2015 at 11:06 AM, Dave Hansen wrote: > From: Dave Hansen

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Dave Hansen
On 12/14/2015 12:05 PM, Kees Cook wrote: > On Mon, Dec 14, 2015 at 11:06 AM, Dave Hansen wrote: >> > From: Dave Hansen >> > Protection keys provide new page-based protection in hardware. >> > But, they have an interesting attribute: they only affect

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Andy Lutomirski
On Mon, Dec 14, 2015 at 3:44 PM, Dave Hansen wrote: > On 12/14/2015 03:39 PM, Andy Lutomirski wrote: >>> > Nope. My linker-fu is weak. >>> > >>> > Can we even depend on the linker by itself? Even if the sections were >>> > marked --x, we can't actually use them with those

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Dave Hansen
On 12/14/2015 03:39 PM, Andy Lutomirski wrote: >> > Nope. My linker-fu is weak. >> > >> > Can we even depend on the linker by itself? Even if the sections were >> > marked --x, we can't actually use them with those permissions unless we >> > have protection keys. >> > >> > Do we need some

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Dave Hansen
On 12/14/2015 03:47 PM, Andy Lutomirski wrote: > On Mon, Dec 14, 2015 at 3:44 PM, Dave Hansen wrote: >> On 12/14/2015 03:39 PM, Andy Lutomirski wrote: > Nope. My linker-fu is weak. > > Can we even depend on the linker by itself? Even if the sections were > marked

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Andy Lutomirski
On Mon, Dec 14, 2015 at 3:37 PM, Dave Hansen wrote: > On 12/14/2015 12:05 PM, Kees Cook wrote: >> On Mon, Dec 14, 2015 at 11:06 AM, Dave Hansen wrote: >>> > From: Dave Hansen >>> > Protection keys provide new page-based protection in

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Kees Cook
On Mon, Dec 14, 2015 at 3:37 PM, Dave Hansen wrote: > On 12/14/2015 12:05 PM, Kees Cook wrote: >> On Mon, Dec 14, 2015 at 11:06 AM, Dave Hansen wrote: >>> > From: Dave Hansen >>> > Protection keys provide new page-based protection in

Re: [PATCH 31/32] x86, pkeys: execute-only support

2015-12-14 Thread Kees Cook
On Mon, Dec 14, 2015 at 11:06 AM, Dave Hansen wrote: > > From: Dave Hansen > > Protection keys provide new page-based protection in hardware. > But, they have an interesting attribute: they only affect data > accesses and never affect instruction