[PATCH v2 0/7] arm64: Privileged Access Never using TTBR0_EL1 switching
Kees Cook
keescook at chromium.org
Wed Sep 7 16:20:55 PDT 2016
On Fri, Sep 2, 2016 at 8:02 AM, Catalin Marinas <catalin.marinas at arm.com> wrote:
> This is the second version of the arm64 PAN emulation by disabling
> TTBR0_EL1 accesses. The major change from v1 is the use of a thread_info
> member to store the real TTBR0_EL1 value. The advantage is slightly
> simpler assembler macros for uaccess_enable with the downside that
> switch_mm() must always update the saved ttbr0 even if there is no mm
> switch.
Is arm64 thread_info attached to the kernel stack? (i.e. is this
introducing a valuable target for stack-based attacks?)
-Kees
--
Kees Cook
Nexus Security
More information about the linux-arm-kernel
mailing list