|
Message-ID: <8ef1669cdfbcc6114eebc30c610c91c191c7cc7a.camel@russell.cc> Date: Fri, 22 Feb 2019 11:09:22 +1100 From: Russell Currey <ruscur@...sell.cc> To: Kees Cook <keescook@...omium.org> Cc: PowerPC <linuxppc-dev@...ts.ozlabs.org>, Michael Ellerman <mpe@...erman.id.au>, Nick Piggin <npiggin@...il.com>, Christophe Leroy <christophe.leroy@....fr>, Kernel Hardening <kernel-hardening@...ts.openwall.com> Subject: Re: [PATCH 0/7] Kernel Userspace Protection for radix On Thu, 2019-02-21 at 08:07 -0800, Kees Cook wrote: > On Thu, Feb 21, 2019 at 1:36 AM Russell Currey <ruscur@...sell.cc> > wrote: > > The first three patches of these series are from Christophe's work > > and are > > the bare minimum framework needed to implement the support for > > radix. > > > > In patch 3, I have removed from Christophe's patch my > > implementation of > > the 64-bit exception handling code, since we don't have an answer > > for > > making nested exceptions work yet. This is mentioned in the final > > KUAP > > patch. Regardless, this is still a significant security > > improvement > > and greatly narrows the attack surface. > > Nice! Am I understanding correctly that with this series powerpc9 and > later, using radix, will pass the lkdtm tests for KUAP and KUEP (i.e. > EXEC_USERSPACE and ACCESS_USERSPACE)? Yes! We've had execution prevention for a while on radix (which is default on POWER9) since 3b10d0095a1e, the only functional thing this series does is allow disabling it with nosmep. This series adds access prevention.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.