| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 29 May 2011 18:01:16 +0200 From: Mikael Pettersson <mikpe@...uu.se> To: Andrew Lutomirski <luto@....edu> Cc: Mikael Pettersson <mikpe@...uu.se>, Ingo Molnar <mingo@...e.hu>, Thomas Gleixner <tglx@...utronix.de>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, x86@...nel.org, LKML <linux-kernel@...r.kernel.org> Subject: Re: [GIT pull] x86 vdso updates Andrew Lutomirski writes: > On Sun, May 29, 2011 at 10:39 AM, Mikael Pettersson <mikpe@...uu.se> wrote: > > Ingo Molnar writes: > > > > > > * Andrew Lutomirski <luto@....edu> wrote: > > > > > > > On Fri, May 27, 2011 at 7:36 AM, Andrew Lutomirski <luto@....edu> wrote: > > > > > 3. Add int 0xcc and use it from vgettimeofday. It will SIGSEGV if > > > > > called from a user address (so it has no risk of ever becoming ABI) > > > > > and it will do gettimeofday if called from the right address. (I like > > ... > > > > Make it a real syscall but with extra constraints. It would have the > > > > same calling convention as the syscall instruction, but it would turn > > > > into SIGKILL if the calling address isn't in the VSYSCALL page > > > > This will make things difficult for user-space dynamic binary instrumentation > > applications, since these normally execute generated code at different > > addresses than the original code. > > > > Is there a safe fallback for this particular vsyscall? > > All of the vsyscalls have vDSO versions that work like any other code. Easiest would be if we can simply map int $0xcc with rAX==FOO to syscall or int 0x80 with rAX==BAR. We currently don't even know about the vDSO, it's all just user-space code to us. > Alternatively, if the dynamic instrumentation code knew about > vsyscalls, it could just not instrument addresses in the vsyscall > page. Not instrumenting code is not an option, unless we can prove that the code in question has no relevant side-effects or unexpected control-flow. (Where "side-effects" relate both to the integrity of the instrumentation engine and the application-specific payload it's attaching to the code.) > What existing applications would get broken? My concern is ThreadSpotter, but any user-space dynamic binary instrumentation engine that instruments down to the raw kernel interface (syscall/sysenter/int instructions) would have a problem with syscalls that only work at specific addresses. Anyway, if I can map that vsyscall to a plain proper syscall, then I'm OK. /Mikael -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists