On Fri, 19 Jul 2024 13:42:40 +0100 Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote: > On Fri, Jul 19, 2024 at 07:58:40AM -0400, Mary Strodl wrote: > > Maybe some of the stuff the driver does right now could be moved into > > vmalloc? In other words, we could provide a different function that > > allocates an executable page, copies memory into it, then marks it > > read-only. Would that do better to alleviate concerns? > > No. We are not running arbitrary x86 code. That is a security > nightmare. Sure, if such a thing were to be done we'd want it localized within the driver rather than offered globally. But if there was some hack within the driver to do this, what problems might that cause? What are the scenarios?
