[PATCH v3 00/30] arm64: support WXN and entry with MMU enabled
Kees Cook
keescook at chromium.org
Tue Apr 12 09:59:20 PDT 2022
On Mon, Apr 11, 2022 at 11:47:54AM +0200, Ard Biesheuvel wrote:
> - allow WXN to be enabled (with an opt-out) so writable mappings are
> never executable;
Besides all the rest of this series's awesomeness; this really stands
out to me. I didn't even know this was a feature in aarch64. Nice! I
really like the idea of having this enabled -- anything executing out of
a writable mapping should already be considered a mistake (and tons of
work over the last 2 decades has already gone into making stuff this
doesn't happen in both the kernel and userspace). We could even make a
new LKDTM test for this. (Right now stuff like EXEC_DATA just verifies
that the .data segment doesn't have the X bit... but adding something
like EXEC_WXN where a memory region is made explicitly W+X, and it
_still_ can't be executed would be great.)
Cool!
-Kees
--
Kees Cook
More information about the linux-arm-kernel
mailing list