[PATCH 2/2] arm64: drop kernel segment resources from /proc/iomem
Ard Biesheuvel
ard.biesheuvel at linaro.org
Thu Jun 16 12:48:26 PDT 2016
> On 16 jun. 2016, at 19:48, Kees Cook <keescook at chromium.org> wrote:
>
> On Thu, Jun 16, 2016 at 10:28 AM, Ard Biesheuvel
> <ard.biesheuvel at linaro.org> wrote:
>> On 16 June 2016 at 19:21, Kees Cook <keescook at chromium.org> wrote:
>>> On Thu, Jun 16, 2016 at 5:32 AM, Ard Biesheuvel
>>> <ard.biesheuvel at linaro.org> wrote:
>>>> (+ James)
>>>>
>>>>> On 16 June 2016 at 14:28, Ard Biesheuvel <ard.biesheuvel at linaro.org> wrote:
>>>>> By the same reasoning as commit c4004b02f8e5 ("x86: remove the kernel
>>>>> code/data/bss resources from /proc/iomem"), the kernel code and kernel
>>>>> data entries in /proc/iomem probably do more harm than good on arm64 as
>>>>> well. So remove them.
>>>>>
>>>>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel at linaro.org>
>>>>
>>>>
>>>> Actually, Linus's patch above has been reverted again, so we have to
>>>> consider whether the kexec case exists for us as well before we
>>>> consider this
>>>>
>>>> Apologies for failing to spot that before sending
>>>
>>> Please leave this as it was originally. The security exposure has been
>>> minimized and it would make arm64 differ from all other architectures.
>>> If we remove this, it needs to be coordinated across all
>>> architectures.
>>
>> OK, fair enough
>
> Thanks!
>
> One thing I _would_ like to see fixed on arm64 is the misplaced
> _etext, which is incorrectly covering rodata. I just sent a patch to
> fix this on arm, but on arm64, the _etext use is much more embedded.
>
> I'd like to clean this up so that I can sanely use things like
> core_kernel_text() for checking addresses in the up-coming
> HARDENED_USERCOPY patch series.
Let me look into that
More information about the linux-arm-kernel
mailing list