Re: [PATCH v4 8/8] x86, vdso: mark vDSO read-only after init

From: Andy Lutomirski
Date: Tue Jan 19 2016 - 14:09:39 EST

On Tue, Jan 19, 2016 at 10:08 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> The vDSO does not need to be writable after __init, so mark it as
> __ro_after_init. The result kills the exploit method of writing to the
> vDSO from kernel space resulting in userspace executing the modified code,
> as shown here to bypass SMEP restrictions:
> The memory map (with added vDSO address reporting) shows the vDSO moving
> into read-only memory:

Acked-by: Andy Lutomirski <luto@xxxxxxxxxx>