On Tue, Feb 16, 2016 at 01:52:33PM -0800, Kees Cook wrote:
On Tue, Feb 16, 2016 at 1:36 PM, David Brown <david.br...@linaro.org> wrote:
Although the arm vDSO is cleanly separated by code/data with the code
being read-only in userspace mappings, the code page is still writable
from the kernel. There have been exploits (such as
http://itszn.com/blog/?p=21) that take advantage of this on x86 to go
from a bad kernel write to full root.
Prevent this specific exploit on arm by putting the vDSO code page in
post-init read-only memory as well.
Is the vdso dynamically built at init time like on x86, or can this
just use .rodata directly?
On ARM, it is patched during init. Arm64's is just plain read-only.
David