Re: [PATCH] arm64: Introduce execute-only page access permissions

2016-08-25 Thread Kees Cook
On Thu, Aug 25, 2016 at 6:30 AM, Will Deacon wrote: > On Tue, Aug 16, 2016 at 05:18:24PM +0100, Catalin Marinas wrote: >> On Mon, Aug 15, 2016 at 10:45:09AM -0700, Kees Cook wrote: >> > On Mon, Aug 15, 2016 at 3:47 AM, Catalin Marinas >> > wrote: >>

Re: [PATCH] arm64: Introduce execute-only page access permissions

2016-08-25 Thread Kees Cook
On Thu, Aug 25, 2016 at 6:30 AM, Will Deacon wrote: > On Tue, Aug 16, 2016 at 05:18:24PM +0100, Catalin Marinas wrote: >> On Mon, Aug 15, 2016 at 10:45:09AM -0700, Kees Cook wrote: >> > On Mon, Aug 15, 2016 at 3:47 AM, Catalin Marinas >> > wrote: >> > > On Fri, Aug 12, 2016 at 11:23:03AM -0700,

Re: [PATCH] arm64: Introduce execute-only page access permissions

2016-08-25 Thread Will Deacon
On Tue, Aug 16, 2016 at 05:18:24PM +0100, Catalin Marinas wrote: > On Mon, Aug 15, 2016 at 10:45:09AM -0700, Kees Cook wrote: > > On Mon, Aug 15, 2016 at 3:47 AM, Catalin Marinas > > wrote: > > > On Fri, Aug 12, 2016 at 11:23:03AM -0700, Kees Cook wrote: > > >> On Thu,

Re: [PATCH] arm64: Introduce execute-only page access permissions

2016-08-25 Thread Will Deacon
On Tue, Aug 16, 2016 at 05:18:24PM +0100, Catalin Marinas wrote: > On Mon, Aug 15, 2016 at 10:45:09AM -0700, Kees Cook wrote: > > On Mon, Aug 15, 2016 at 3:47 AM, Catalin Marinas > > wrote: > > > On Fri, Aug 12, 2016 at 11:23:03AM -0700, Kees Cook wrote: > > >> On Thu, Aug 11, 2016 at 10:44 AM,

Re: [PATCH] arm64: Introduce execute-only page access permissions

2016-08-16 Thread Catalin Marinas
On Mon, Aug 15, 2016 at 10:45:09AM -0700, Kees Cook wrote: > On Mon, Aug 15, 2016 at 3:47 AM, Catalin Marinas > wrote: > > On Fri, Aug 12, 2016 at 11:23:03AM -0700, Kees Cook wrote: > >> On Thu, Aug 11, 2016 at 10:44 AM, Catalin Marinas > >>

Re: [PATCH] arm64: Introduce execute-only page access permissions

2016-08-16 Thread Catalin Marinas
On Mon, Aug 15, 2016 at 10:45:09AM -0700, Kees Cook wrote: > On Mon, Aug 15, 2016 at 3:47 AM, Catalin Marinas > wrote: > > On Fri, Aug 12, 2016 at 11:23:03AM -0700, Kees Cook wrote: > >> On Thu, Aug 11, 2016 at 10:44 AM, Catalin Marinas > >> wrote: > >> > The ARMv8 architecture allows

Re: [PATCH] arm64: Introduce execute-only page access permissions

2016-08-15 Thread Kees Cook
On Mon, Aug 15, 2016 at 3:47 AM, Catalin Marinas wrote: > On Fri, Aug 12, 2016 at 11:23:03AM -0700, Kees Cook wrote: >> On Thu, Aug 11, 2016 at 10:44 AM, Catalin Marinas >> wrote: >> > The ARMv8 architecture allows execute-only user permissions

Re: [PATCH] arm64: Introduce execute-only page access permissions

2016-08-15 Thread Kees Cook
On Mon, Aug 15, 2016 at 3:47 AM, Catalin Marinas wrote: > On Fri, Aug 12, 2016 at 11:23:03AM -0700, Kees Cook wrote: >> On Thu, Aug 11, 2016 at 10:44 AM, Catalin Marinas >> wrote: >> > The ARMv8 architecture allows execute-only user permissions by clearing >> > the PTE_UXN and PTE_USER bits.

Re: [PATCH] arm64: Introduce execute-only page access permissions

2016-08-15 Thread Catalin Marinas
On Fri, Aug 12, 2016 at 11:23:03AM -0700, Kees Cook wrote: > On Thu, Aug 11, 2016 at 10:44 AM, Catalin Marinas > wrote: > > The ARMv8 architecture allows execute-only user permissions by clearing > > the PTE_UXN and PTE_USER bits. However, the kernel running on a CPU > >

Re: [PATCH] arm64: Introduce execute-only page access permissions

2016-08-15 Thread Catalin Marinas
On Fri, Aug 12, 2016 at 11:23:03AM -0700, Kees Cook wrote: > On Thu, Aug 11, 2016 at 10:44 AM, Catalin Marinas > wrote: > > The ARMv8 architecture allows execute-only user permissions by clearing > > the PTE_UXN and PTE_USER bits. However, the kernel running on a CPU > > implementation without

Re: [PATCH] arm64: Introduce execute-only page access permissions

2016-08-12 Thread Kees Cook
On Thu, Aug 11, 2016 at 10:44 AM, Catalin Marinas wrote: > The ARMv8 architecture allows execute-only user permissions by clearing > the PTE_UXN and PTE_USER bits. However, the kernel running on a CPU > implementation without User Access Override (ARMv8.2 onwards) can

Re: [PATCH] arm64: Introduce execute-only page access permissions

2016-08-12 Thread Kees Cook
On Thu, Aug 11, 2016 at 10:44 AM, Catalin Marinas wrote: > The ARMv8 architecture allows execute-only user permissions by clearing > the PTE_UXN and PTE_USER bits. However, the kernel running on a CPU > implementation without User Access Override (ARMv8.2 onwards) can still > access such page, so

[PATCH] arm64: Introduce execute-only page access permissions

2016-08-11 Thread Catalin Marinas
The ARMv8 architecture allows execute-only user permissions by clearing the PTE_UXN and PTE_USER bits. However, the kernel running on a CPU implementation without User Access Override (ARMv8.2 onwards) can still access such page, so execute-only page permission does not protect against

[PATCH] arm64: Introduce execute-only page access permissions

2016-08-11 Thread Catalin Marinas
The ARMv8 architecture allows execute-only user permissions by clearing the PTE_UXN and PTE_USER bits. However, the kernel running on a CPU implementation without User Access Override (ARMv8.2 onwards) can still access such page, so execute-only page permission does not protect against