On Tue, Feb 14, 2017 at 05:49:19PM +0000, Ard Biesheuvel wrote: > > > On 14 Feb 2017, at 17:40, Mark Rutland <mark.rutland@xxxxxxx> wrote: > > > >> On Tue, Feb 14, 2017 at 04:15:11PM +0000, Ard Biesheuvel wrote: > >> Having trivial 'off' switches for security features makes me feel > >> uneasy (although this is orthogonal to this patch) > > > > From my PoV, external debuggers are the sole reason to allow rodata=off > > for arm64, and we already allow rodata=off. > > > > > > Indeed. If that is how it works currently, we shouldn't interfere with > it. If we ever get anywhere with the lockdown patches, we should > blacklist this parameter (or rather, not whitelist it, since > blacklisting kernel params to enforce security is infeasible imo) Agreed on all counts! Mark. _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
