Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752080AbdIUA2O (ORCPT ); Wed, 20 Sep 2017 20:28:14 -0400 Received: from mga07.intel.com ([134.134.136.100]:64239 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751762AbdIUA2N (ORCPT ); Wed, 20 Sep 2017 20:28:13 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.42,422,1500966000"; d="scan'208";a="1016787904" Subject: Re: [PATCH v6 03/11] mm, x86: Add support for eXclusive Page Frame Ownership (XPFO) To: Tycho Andersen , linux-kernel@vger.kernel.org References: <20170907173609.22696-1-tycho@docker.com> <20170907173609.22696-4-tycho@docker.com> Cc: linux-mm@kvack.org, kernel-hardening@lists.openwall.com, Marco Benatto , Juerg Haefliger , x86@kernel.org From: Dave Hansen Message-ID: <9ca0ef74-b409-2eae-07f8-9fd7d83989a5@intel.com> Date: Wed, 20 Sep 2017 17:28:11 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <20170907173609.22696-4-tycho@docker.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 262 Lines: 4 At a high level, does this approach keep an attacker from being able to determine the address of data in the linear map, or does it keep them from being able to *exploit* it? Can you have a ret2dir attack if the attacker doesn't know the address, for instance?