Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752946AbdFLRci (ORCPT ); Mon, 12 Jun 2017 13:32:38 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:34360 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752933AbdFLRcf (ORCPT ); Mon, 12 Jun 2017 13:32:35 -0400 Date: Mon, 12 Jun 2017 19:32:30 +0200 (CEST) From: Thomas Gleixner To: Salvatore Mesoraca cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, kernel-hardening@lists.openwall.com, Brad Spengler , PaX Team , Casey Schaufler , Kees Cook , James Morris , "Serge E. Hallyn" , x86@kernel.org, Ingo Molnar Subject: Re: [PATCH 08/11] Creation of "pagefault_handler_x86" LSM hook In-Reply-To: <1497286620-15027-9-git-send-email-s.mesoraca16@gmail.com> Message-ID: References: <1497286620-15027-1-git-send-email-s.mesoraca16@gmail.com> <1497286620-15027-9-git-send-email-s.mesoraca16@gmail.com> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 434 Lines: 13 On Mon, 12 Jun 2017, Salvatore Mesoraca wrote: > Creation of a new hook to let LSM modules handle user-space pagefaults on > x86. > It can be used to avoid segfaulting the originating process. > If it's the case it can modify process registers before returning. That explains, what you could do with it, but it completely lacks any rationale WHY this is desired and good behaviour and how that is a security feature. Thanks, tglx