| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZkNCsT0dGwOyap7M@arm.com> Date: Tue, 14 May 2024 11:53:37 +0100 From: Catalin Marinas <catalin.marinas@....com> To: Yang Shi <yang@...amperecomputing.com> Cc: will@...nel.org, scott@...amperecomputing.com, cl@...two.org, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] arm64: mm: force write fault for atomic RMW instructions On Mon, May 13, 2024 at 09:19:39PM -0600, Yang Shi wrote: > > That said, I'm not keen on this kernel workaround. If openjdk decides to > > improve some security and goes for PROT_EXEC-only mappings of its text > > sections, the above trick will no longer work. > > I noticed futex does replace insns. IIUC, the below sequence should > can do the trick for exec-only, right? > > disable privileged > read insn with ldxr > enable privileged Do you mean not using the unprivileged LDTR as in get_user()? You don't even need an LDXR, just plain LDR but with the extable entry etc. However, with PIE we got proper execute-only permission (not the kind of fake one where we disabled the PTE_USER bit while keeping PTE_UXN as 0). So the futex-style approach won't work unless we changed the PIE_E1 entry for _PAGE_EXECONLY to be PIE_R by the kernel. -- Catalin
Powered by blists - more mailing lists