On Tuesday, June 21, 2016 2:32:28 PM CEST Rik van Riel wrote: > On Tue, 2016-06-21 at 10:13 -0700, Kees Cook wrote: > > On Tue, Jun 21, 2016 at 9:59 AM, Andy Lutomirski <luto@xxxxxxxxxxxxxx > > > wrote: > > > > > > I'm tempted to explicitly disallow VM_NO_GUARD in the vmalloc > > > range. > > > It has no in-tree users for non-fixed addresses right now. > > What about the lack of pre-range guard page? That seems like a > > critical feature for this. > > If VM_NO_GUARD is disallowed, and every vmalloc area has > a guard area behind it, then every subsequent vmalloc area > will have a guard page ahead of it. > > I think disallowing VM_NO_GUARD will be all that is required. > > The only thing we may want to verify on the architectures that > we care about is that there is nothing mapped immediately before > the start of the vmalloc range, otherwise the first vmalloced > area will not have a guard page below it. FWIW, ARM has an 8MB guard area between the linear mapping of physical memory and the start of the vmalloc area. I have not checked any of the other architectures though. Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
