Re: [kernel-hardening] [PATCH 4/6] Protectable Memory

From: Kees Cook
Date: Tue Feb 13 2018 - 16:43:56 EST


On Tue, Feb 13, 2018 at 8:09 AM, Laura Abbott <labbott@xxxxxxxxxx> wrote:
> No, arm64 doesn't fixup the aliases, mostly because arm64 uses larger
> page sizes which can't be broken down at runtime. CONFIG_PAGE_POISONING
> does use 4K pages which could be adjusted at runtime. So yes, you are
> right we would have physmap exposure on arm64 as well.

Errr, so that means even modules and kernel code are writable via the
arm64 physmap? That seems extraordinarily bad. :(

-Kees

--
Kees Cook
Pixel Security