| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Mar 2014 10:46:48 -0700 From: Andy Lutomirski <luto@...capital.net> To: "H. Peter Anvin" <hpa@...ux.intel.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Stefani Seibold <stefani@...bold.net>, Andreas Brief <Andreas.Brief@...de-schwarz.com>, Martin Runge <Martin.Runge@...de-schwarz.com> Subject: Re: [x86, vdso] BUG: unable to handle kernel paging request at d34bd000 On Mon, Mar 10, 2014 at 10:38 AM, H. Peter Anvin <hpa@...ux.intel.com> wrote: > On 03/10/2014 10:31 AM, Andy Lutomirski wrote: >>> >>>> For 64-bit, this is an entirely different story. The vsyscall page is >>>> stuck in the fixmap forever, although I want to add a way for >>>> userspace to opt out. The vvar page, hpet, etc could move into vmas, >>>> though. I kind of want to do that anyway to allow processes to turn >>>> off the ability to read the clock. >>> >>> Wait... you want to do what?! >> >> This isn't even my idea: >> >> commit 8fb402bccf203ecca8f9e0202b8fd3c937dece6f >> Author: Erik Bosman <ebn310@....vu.nl> >> Date: Fri Apr 11 18:54:17 2008 +0200 >> >> generic, x86: add prctl commands PR_GET_TSC and PR_SET_TSC >> >> This patch adds prctl commands that make it possible >> to deny the execution of timestamp counters in userspace. >> If this is not implemented on a specific architecture, >> prctl will return -EINVAL. >> >> Currently anything that tries to use the vdso will just crash if you >> do that, and it fails to turn off direct HPET access. Fixing this >> might be nice, but the current vvar implementation makes it >> impossible. If you want to stick something in a seccomp sandbox and >> make it very difficult for it to exploit timing side channels, then >> this is important :) >> > > Yes, we'd have to switch the vdso to using syscall access. Doing that > from inside a system call is... "interesting". It's a little less interesting if it just involves changing a vma. It's still tricky, though -- would each struct mm have its own struct file for the vvar page? Can this be done with some vm_operations_struct magic? There are possible races, too, though -- another thread could access the thing concurrently with a syscall. It might be nice in general for there to be a /dev/vdso and for the vdso to literally be a mapping of that device node. I bet that CRIU would appreciate this. (The mmap flags would be a little odd, since different pages have different protections.) Anyway, this is totally off topic for the current issue :) --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists