On Tue, Feb 13, 2018 at 8:09 AM, Laura Abbott <labb...@redhat.com> wrote: > No, arm64 doesn't fixup the aliases, mostly because arm64 uses larger > page sizes which can't be broken down at runtime. CONFIG_PAGE_POISONING > does use 4K pages which could be adjusted at runtime. So yes, you are > right we would have physmap exposure on arm64 as well.
Errr, so that means even modules and kernel code are writable via the arm64 physmap? That seems extraordinarily bad. :( -Kees -- Kees Cook Pixel Security
