lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrXTYY2oDSNXapFPX5z=dgZ5ievemoxupO6uD_88h5b90A@mail.gmail.com> Date: Tue, 12 Dec 2017 10:06:51 -0800 From: Andy Lutomirski <luto@...nel.org> To: Peter Zijlstra <peterz@...radead.org> Cc: Andy Lutomirski <luto@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, LKML <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Dave Hansen <dave.hansen@...el.com>, Borislav Petkov <bpetkov@...e.de>, Greg KH <gregkh@...uxfoundation.org>, Kees Cook <keescook@...gle.com>, Hugh Dickins <hughd@...gle.com>, Brian Gerst <brgerst@...il.com>, Josh Poimboeuf <jpoimboe@...hat.com>, Denys Vlasenko <dvlasenk@...hat.com>, Boris Ostrovsky <boris.ostrovsky@...cle.com>, Juergen Gross <jgross@...e.com>, David Laight <David.Laight@...lab.com>, Eduardo Valentin <eduval@...zon.com>, aliguori@...zon.com, Will Deacon <will.deacon@....com>, "linux-mm@...ck.org" <linux-mm@...ck.org> Subject: Re: [patch 05/16] mm: Allow special mappings with user access cleared On Tue, Dec 12, 2017 at 10:05 AM, Peter Zijlstra <peterz@...radead.org> wrote: > On Tue, Dec 12, 2017 at 10:00:08AM -0800, Andy Lutomirski wrote: >> On Tue, Dec 12, 2017 at 9:32 AM, Thomas Gleixner <tglx@...utronix.de> wrote: >> > From: Peter Zijstra <peterz@...radead.org> >> > >> > In order to create VMAs that are not accessible to userspace create a new >> > VM_NOUSER flag. This can be used in conjunction with >> > install_special_mapping() to inject 'kernel' data into the userspace map. >> > >> > Similar to how arch_vm_get_page_prot() allows adding _PAGE_flags to >> > pgprot_t, introduce arch_vm_get_page_prot_excl() which masks >> > _PAGE_flags from pgprot_t and use this to implement VM_NOUSER for x86. >> >> How does this interact with get_user_pages(), etc? > > gup would find the page. These patches do in fact rely on that through > the populate things. > Blech. So you can write(2) from the LDT to a file and you can even sendfile it, perhaps. What happens if it's get_user_page()'d when modify_ldt() wants to free it? This patch series scares the crap out of me.
Powered by blists - more mailing lists