On Wed, May 11, 2016 at 3:40 PM, Andi Kleen <a...@linux.intel.com> wrote: >> However, I would tend to agree: RIE should only be needed on 32-bit >> since 64-bit started its life knowing about no-exec permissions. > > NX was not in the original AMD K8 chips. Was only added some time later.
So we should retain this behavior for all of 64-bit? >> set_personality_64bit()'s (which is confusingly just an initializer >> and not called during the personality() syscall) comment about this >> makes no sense to me: >> >> /* TBD: overwrites user setup. Should have two bits. >> But 64bit processes have always behaved this way, >> so it's not too bad. The main problem is just that >> 32bit childs are affected again. */ >> current->personality &= ~READ_IMPLIES_EXEC; > > What does not make sense? I just don't have enough context to make sense of it. What two bits? Always behaved what way?Affected by what? -Kees -- Kees Cook Chrome OS & Brillo Security