Re: [kernel-hardening] [PATCH v5 06/10] arm64/mm: Disable section mappings if XPFO is enabled

On Mon, Aug 14, 2017 at 11:42:45AM -0700, Laura Abbott wrote: > On 08/14/2017 09:22 AM, Tycho Andersen wrote: > > On Sat, Aug 12, 2017 at 12:17:34PM +0100, Mark Rutland wrote: > >> Hi, > >> > >> On Fri, Aug 11, 2017 at 03:13:02PM -0600, Tycho Andersen wrote: > >>> On Fri, Aug 11, 2017 at 10:25:14AM

Re: [kernel-hardening] [PATCH v5 06/10] arm64/mm: Disable section mappings if XPFO is enabled

On 08/14/2017 09:22 AM, Tycho Andersen wrote: > On Sat, Aug 12, 2017 at 12:17:34PM +0100, Mark Rutland wrote: >> Hi, >> >> On Fri, Aug 11, 2017 at 03:13:02PM -0600, Tycho Andersen wrote: >>> On Fri, Aug 11, 2017 at 10:25:14AM -0700, Laura Abbott wrote: On 08/09/2017 01:07 PM, Tycho Andersen wr

Re: [kernel-hardening] [PATCH v5 06/10] arm64/mm: Disable section mappings if XPFO is enabled

On Sat, Aug 12, 2017 at 12:17:34PM +0100, Mark Rutland wrote: > Hi, > > On Fri, Aug 11, 2017 at 03:13:02PM -0600, Tycho Andersen wrote: > > On Fri, Aug 11, 2017 at 10:25:14AM -0700, Laura Abbott wrote: > > > On 08/09/2017 01:07 PM, Tycho Andersen wrote: > > > > @@ -190,7 +202,7 @@ static void init

Re: [kernel-hardening] [PATCH v5 06/10] arm64/mm: Disable section mappings if XPFO is enabled

Hi, On Fri, Aug 11, 2017 at 03:13:02PM -0600, Tycho Andersen wrote: > On Fri, Aug 11, 2017 at 10:25:14AM -0700, Laura Abbott wrote: > > On 08/09/2017 01:07 PM, Tycho Andersen wrote: > > > @@ -190,7 +202,7 @@ static void init_pmd(pud_t *pud, unsigned long addr, > > > unsigned long end, > > >

Re: [kernel-hardening] [PATCH v5 06/10] arm64/mm: Disable section mappings if XPFO is enabled

On Fri, Aug 11, 2017 at 03:13:02PM -0600, Tycho Andersen wrote: > You're suggesting something like this instead? Seems to work fine. And in fact, using this patch instead means that booting on 4k pages works too... I guess because NO_BLOCK_MAPPINGS is looked at in a few other places that matter to

Re: [kernel-hardening] [PATCH v5 06/10] arm64/mm: Disable section mappings if XPFO is enabled

Hi Laura, On Fri, Aug 11, 2017 at 10:25:14AM -0700, Laura Abbott wrote: > On 08/09/2017 01:07 PM, Tycho Andersen wrote: > > From: Juerg Haefliger > > > > XPFO (eXclusive Page Frame Ownership) doesn't support section mappings > > yet, so disable it if XPFO is turned on. > > > > Signed-off-by: Ju

Re: [kernel-hardening] [PATCH v5 06/10] arm64/mm: Disable section mappings if XPFO is enabled

On 08/09/2017 01:07 PM, Tycho Andersen wrote: > From: Juerg Haefliger > > XPFO (eXclusive Page Frame Ownership) doesn't support section mappings > yet, so disable it if XPFO is turned on. > > Signed-off-by: Juerg Haefliger > Tested-by: Tycho Andersen > --- > arch/arm64/mm/mmu.c | 14 +