On Thu, Apr 02, 2020 at 12:26:52PM -0700, Linus Torvalds wrote: > On Thu, Apr 2, 2020 at 11:36 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > Yup, I think it's a weakness of the ARM implementation and I'd like to > > not extend it further. AFAIK we should never nest, but I would not be > > surprised at all if we did. > > Wel, at least the user_access_begin/end() sections can't nest. objtool > verifies and warns about that on x86. Right, yes, I mentioned that earlier in the thread. I meant I wasn't 100% sure about ARM's corner cases. I would _hope_ it doesn't. > > If we were looking at a design goal for all architectures, I'd like > > to be doing what the public PaX patchset > > We already do better than PaX ever did. Seriously. Mainline has long > since passed their hacky garbage. I was just speaking to design principles in this area: if the "enable" is called when already enabled, Something Is Wrong. :) (And one thing still missing in this general subject is that x86 still lacks SMAP emulation. And yes, I understand it's just not been a priority for anyone that can work on it, but it is still a gap.) -- Kees Cook
