On Tue, Jan 19, 2016 at 10:08 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > The vDSO does not need to be writable after __init, so mark it as > __ro_after_init. The result kills the exploit method of writing to the > vDSO from kernel space resulting in userspace executing the modified code, > as shown here to bypass SMEP restrictions: http://itszn.com/blog/?p=21 > > The memory map (with added vDSO address reporting) shows the vDSO moving > into read-only memory: Acked-by: Andy Lutomirski <luto@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
