On Tue, Jan 13, 2015 at 08:57:09PM -0700, Theo de Raadt wrote: > Mike Larkin has been slow at informing the world, despite my prodding. > Probably started working on something else cool... > > So.. I am going to take it upon myself to sing praise to him, and > hopefully he'll let me off lightly! > > Over the last two months Mike modified the amd64 kernel to follow the > W^X principles. It started as a humble exercise to fix the .rodata > segment, and kind of went crazy. As a result, no part of the kernel > address space is writeable and executable simultaneously. At least > that is the idea, modulo mistakes. Final attention to detail (which > some of you experienced in buggy drafts in snapshots) was to make the > MP and ACPI trampolines follow W^X, furthermore they are unmapped when > not required. > > Some further amd64-specific page attribute improvements snuck in. Too > complicated to describe simply. > > I followed along for the ride and improved the situation on other > architectures, mostly MI improvements so the right requests would be > made to the MD layers. Final picture is many architectures were > improved, but amd64 and sparc64 look the best due to MMU features > available to service the W^X model. The entire safety model is also > improved by a limited form of kernel ASLR (the code segment does not > move around yet, but data and page table ASLR is fairly good. There > are some known pages, but hopefully fewer in the future). >
Thanks Theo for the encouragement along the way. It did indeed start with .rodata, but then we ended up fixing a ton more; probably a dozen different places needed tightening up. i386 is next, but that requires a PAE paging model and compatible CPU. I've got the PAE mode booting but it's not ready for prime time yet. -ml
