lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4f93b106-53fc-40df-4c9b-c26490be24c8@intel.com>
Date:   Fri, 18 Sep 2020 14:17:03 -0700
From:   Dave Hansen <dave.hansen@...el.com>
To:     "H.J. Lu" <hjl.tools@...il.com>, Pavel Machek <pavel@....cz>
Cc:     Yu-cheng Yu <yu-cheng.yu@...el.com>,
        the arch/x86 maintainers <x86@...nel.org>,
        "H. Peter Anvin" <hpa@...or.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
        Linux-MM <linux-mm@...ck.org>,
        linux-arch <linux-arch@...r.kernel.org>,
        Linux API <linux-api@...r.kernel.org>,
        Arnd Bergmann <arnd@...db.de>,
        Andy Lutomirski <luto@...nel.org>,
        Balbir Singh <bsingharora@...il.com>,
        Borislav Petkov <bp@...en8.de>,
        Cyrill Gorcunov <gorcunov@...il.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Eugene Syromiatnikov <esyr@...hat.com>,
        Florian Weimer <fweimer@...hat.com>,
        Jann Horn <jannh@...gle.com>, Jonathan Corbet <corbet@....net>,
        Kees Cook <keescook@...omium.org>,
        Mike Kravetz <mike.kravetz@...cle.com>,
        Nadav Amit <nadav.amit@...il.com>,
        Oleg Nesterov <oleg@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Randy Dunlap <rdunlap@...radead.org>,
        "Ravi V. Shankar" <ravi.v.shankar@...el.com>,
        Vedvyas Shanbhogue <vedvyas.shanbhogue@...el.com>,
        Dave Martin <Dave.Martin@....com>,
        Weijiang Yang <weijiang.yang@...el.com>
Subject: Re: [PATCH v12 8/8] x86: Disallow vsyscall emulation when CET is
 enabled

On 9/18/20 2:06 PM, H.J. Lu wrote:
> On Fri, Sep 18, 2020 at 2:00 PM Pavel Machek <pavel@....cz> wrote:
>> On Fri 2020-09-18 12:32:57, Dave Hansen wrote:
>>> On 9/18/20 12:23 PM, Yu-cheng Yu wrote:
>>>> Emulation of the legacy vsyscall page is required by some programs
>>>> built before 2013.  Newer programs after 2013 don't use it.
>>>> Disable vsyscall emulation when Control-flow Enforcement (CET) is
>>>> enabled to enhance security.
>>> How does this "enhance security"?
>>>
>>> What is the connection between vsyscall emulation and CET?
>> Boom.
>>
>> We don't break compatibility by default, and you should not tell
>> people to enable CET by default if you plan to do this.
>>
> Nothing will be broken.   CET enabled applications don't use/need
> vsyscall emulation.

Hi H.J.,

Could you explain your logic a bit more thoroughly, please?

I also suspect that Pavel was confused by your changelog where you said
that you do this when "CET is enabled".  Does enabled in this context mean:
1. Just CET support compiled in, or
2. Compiled in and on CET hardware, or
3. Compiled in to the kernel enabled in the app and running on CET
   hardware?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ