Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGXu5j+P1wh0uf1kfMywSTo4NYtwFPSnKXg6wbfyBRqwVRZVYA@mail.gmail.com>
Date: Thu, 21 Feb 2019 08:07:54 -0800
From: Kees Cook <keescook@...omium.org>
To: Russell Currey <ruscur@...sell.cc>
Cc: PowerPC <linuxppc-dev@...ts.ozlabs.org>, Michael Ellerman <mpe@...erman.id.au>, 
	Nick Piggin <npiggin@...il.com>, Christophe Leroy <christophe.leroy@....fr>, 
	Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH 0/7] Kernel Userspace Protection for radix

On Thu, Feb 21, 2019 at 1:36 AM Russell Currey <ruscur@...sell.cc> wrote:
> The first three patches of these series are from Christophe's work and are
> the bare minimum framework needed to implement the support for radix.
>
> In patch 3, I have removed from Christophe's patch my implementation of
> the 64-bit exception handling code, since we don't have an answer for
> making nested exceptions work yet.  This is mentioned in the final KUAP
> patch.  Regardless, this is still a significant security improvement
> and greatly narrows the attack surface.

Nice! Am I understanding correctly that with this series powerpc9 and
later, using radix, will pass the lkdtm tests for KUAP and KUEP (i.e.
EXEC_USERSPACE and ACCESS_USERSPACE)?

-- 
Kees Cook

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.