On Thu, Apr 02, 2020 at 07:03:28PM +0200, Christophe Leroy wrote: > > What should we do about arm and s390? There we want a cookie passed > > from beginning of block to its end; should that be a return value? > > That was the way I implemented it in January, see > https://patchwork.ozlabs.org/patch/1227926/ > > There was some discussion around that and most noticeable was: > > H. Peter (hpa) said about it: "I have *deep* concern with carrying state in > a "key" variable: it's a direct attack vector for a crowbar attack, > especially since it is by definition live inside a user access region." I share this concern -- we want to keep user/kernel access as static as possible. It should be provable with static analysis, etc (e.g. objtool does this already for x86). Since this doesn't disrupt existing R+W access, I'd prefer the design of this series as-is. -- Kees Cook
