| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Nov 2020 18:52:55 +0100 From: Alexandre Chartre <alexandre.chartre@...cle.com> To: Andy Lutomirski <luto@...capital.net> Cc: X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [RFC][PATCH 13/24] x86/pti: Extend PTI user mappings On 11/9/20 6:28 PM, Andy Lutomirski wrote: > On Mon, Nov 9, 2020 at 3:22 AM Alexandre Chartre > <alexandre.chartre@...cle.com> wrote: >> >> Extend PTI user mappings so that more kernel entry code can be executed >> with the user page-table. To do so, we need to map syscall and interrupt >> entry code, > > Probably fine. > >> per cpu offsets (__per_cpu_offset, which is used some in >> entry code), > > This likely already leaks due to vulnerable CPUs leaking address space > layout info. I forgot to update the comment, I am not mapping __per_cpu_offset anymore. However, if we do map __per_cpu_offset then we don't need to enforce the ordering in paranoid_entry to switch CR3 before GS. > >> the stack canary, > > That's going to be a very tough sell. > I can get rid of this, but this will require to disable stack-protector for any function that we can call while using the user page-table, like already done in patch 21 (x86/entry: Disable stack-protector for IST entry C handlers). alex.
Powered by blists - more mailing lists