[PATCH v2 4/5] arm64: mmu: map .text as read-only from the outset
Mark Rutland
mark.rutland at arm.com
Tue Feb 14 09:54:05 PST 2017
On Tue, Feb 14, 2017 at 05:49:19PM +0000, Ard Biesheuvel wrote:
>
> > On 14 Feb 2017, at 17:40, Mark Rutland <mark.rutland at arm.com> wrote:
> >
> >> On Tue, Feb 14, 2017 at 04:15:11PM +0000, Ard Biesheuvel wrote:
> >> Having trivial 'off' switches for security features makes me feel
> >> uneasy (although this is orthogonal to this patch)
> >
> > From my PoV, external debuggers are the sole reason to allow rodata=off
> > for arm64, and we already allow rodata=off.
> >
> >
>
> Indeed. If that is how it works currently, we shouldn't interfere with
> it. If we ever get anywhere with the lockdown patches, we should
> blacklist this parameter (or rather, not whitelist it, since
> blacklisting kernel params to enforce security is infeasible imo)
Agreed on all counts!
Mark.
More information about the linux-arm-kernel
mailing list