On Tue, Feb 16, 2016 at 9:20 PM, David Brown <david.brown@xxxxxxxxxx> wrote: > On Tue, Feb 16, 2016 at 01:52:33PM -0800, Kees Cook wrote: >> >> On Tue, Feb 16, 2016 at 1:36 PM, David Brown <david.brown@xxxxxxxxxx> >> wrote: >>> >>> Although the arm vDSO is cleanly separated by code/data with the code >>> being read-only in userspace mappings, the code page is still writable >>> from the kernel. There have been exploits (such as >>> http://itszn.com/blog/?p=21) that take advantage of this on x86 to go >>> from a bad kernel write to full root. >>> >>> Prevent this specific exploit on arm by putting the vDSO code page in >>> post-init read-only memory as well. >> >> >> Is the vdso dynamically built at init time like on x86, or can this >> just use .rodata directly? > > > On ARM, it is patched during init. Arm64's is just plain read-only. Okay, great. I've added this to my postinit-readonly series (which I just refreshed and sent out again...) -Kees -- Kees Cook Chrome OS & Brillo Security -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
