| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <dfc3f15d-e992-46a5-8b54-185f05ff6af1@os.amperecomputing.com> Date: Fri, 17 May 2024 09:10:40 -0700 From: Yang Shi <yang@...amperecomputing.com> To: Catalin Marinas <catalin.marinas@....com> Cc: will@...nel.org, scott@...amperecomputing.com, cl@...two.org, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] arm64: mm: force write fault for atomic RMW instructions On 5/14/24 3:53 AM, Catalin Marinas wrote: > On Mon, May 13, 2024 at 09:19:39PM -0600, Yang Shi wrote: >>> That said, I'm not keen on this kernel workaround. If openjdk decides to >>> improve some security and goes for PROT_EXEC-only mappings of its text >>> sections, the above trick will no longer work. >> I noticed futex does replace insns. IIUC, the below sequence should >> can do the trick for exec-only, right? >> >> disable privileged >> read insn with ldxr >> enable privileged > Do you mean not using the unprivileged LDTR as in get_user()? You don't > even need an LDXR, just plain LDR but with the extable entry etc. > > However, with PIE we got proper execute-only permission (not the kind of > fake one where we disabled the PTE_USER bit while keeping PTE_UXN as 0). > So the futex-style approach won't work unless we changed the PIE_E1 > entry for _PAGE_EXECONLY to be PIE_R by the kernel. I see. Thanks. Yes, I did see this works without PIE. As you said in the earlier email, exec-only is not that popular yet. I think we can just ignore it for now. >
Powered by blists - more mailing lists