From: Stefani Seibold <stefani@seibold.net>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Peter Anvin <hpa@linux.intel.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andreas Brief <Andreas.Brief@rohde-schwarz.com>,
Martin Runge <Martin.Runge@rohde-schwarz.com>
Subject: Re: [x86, vdso] BUG: unable to handle kernel paging request at d34bd000
Date: Mon, 10 Mar 2014 21:03:24 +0100 [thread overview]
Message-ID: <1394481804.980.9.camel@wall-e.seibold.net> (raw)
In-Reply-To: <CALCETrW6CT2ceHiHzMaZUGkwEBFWQEemFS5Fj=V7Wg-cNArMLg@mail.gmail.com>
Am Montag, den 10.03.2014, 10:12 -0700 schrieb Andy Lutomirski:
> On Mon, Mar 10, 2014 at 8:11 AM, Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> >
> > On Mar 10, 2014 8:01 AM, "H. Peter Anvin" <hpa@linux.intel.com> wrote:
> >>
> >> I have mentioned in the past wanting to move the fixmap to the low part
> >> of the kernel space, because the top isn't really fixed...
> >
> > How about the high part of the user address space, just above the stack?
> > Leave a unmapped page in between, or something. The stack is already
> > randomized, isn't it?
>
> For the !compat_vdso case, I don't like it -- this will put the vdso
> (which is executable) at a constant offset from the stack, which will
> make it much easier to use the vdso to defeat ASLR.
>
> For the compat_vdso case, this only works if the address is *not*
> random, unless we're going to start giving each process its very own
> relocated vdso.
>
> >
> > That would actually be preferable in a few ways, notably not having to mark
> > page directories user accessible in the kennel space area.
>
> Is that where the rabid pte dogs live?
>
> We can already avoid making fixmap pages user-accessible in the
> !compat_vdso case for 32-bit tasks -- the vdso lives in a couple of
> more-or-less ordinary vmas.
>
What is now the next step? Kick out the compat VDSO? Or should i
implement the dual VDSO. And what is now the preferred way to map the
VDSO into the user space? Using install_special_mapping() or map it
beyond the user stack?
The is easiest and fastest way to get a working result is to do the non
compat VDSO only mapping using install_special_mapping(). The dual VDSO
would take a little bit more time.
It would be great to have first a consensus about the design before i
start to implement ;-)
- Stefani
next prev parent reply other threads:[~2014-03-10 20:03 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-07 1:38 [x86, vdso] BUG: unable to handle kernel paging request at d34bd000 Fengguang Wu
2014-03-07 1:48 ` [x86, vdso] BUG: unable to handle kernel paging request at 91c24000 Fengguang Wu
2014-03-07 7:21 ` [x86, vdso] BUG: unable to handle kernel paging request at d34bd000 Stefani Seibold
2014-03-07 18:56 ` Andy Lutomirski
2014-03-07 21:53 ` Stefani Seibold
2014-03-07 23:07 ` Andy Lutomirski
2014-03-09 8:47 ` Stefani Seibold
2014-03-10 0:16 ` H. Peter Anvin
2014-03-10 3:18 ` Andy Lutomirski
2014-03-10 4:46 ` Andy Lutomirski
2014-03-10 14:59 ` H. Peter Anvin
[not found] ` <CA+55aFwKpBybz9S9A=+tcr1BbdzAbagL30Br2cak2GrdPH=hhA@mail.gmail.com>
2014-03-10 17:12 ` Andy Lutomirski
2014-03-10 17:24 ` H. Peter Anvin
2014-03-10 17:31 ` Andy Lutomirski
2014-03-10 17:38 ` H. Peter Anvin
2014-03-10 17:46 ` Andy Lutomirski
2014-03-10 17:48 ` H. Peter Anvin
2014-03-10 17:52 ` Andy Lutomirski
2014-03-10 17:58 ` H. Peter Anvin
2014-03-10 18:10 ` Andy Lutomirski
2014-03-10 17:49 ` H. Peter Anvin
2014-03-10 20:03 ` Stefani Seibold [this message]
2014-03-10 20:06 ` H. Peter Anvin
2014-03-10 20:19 ` Linus Torvalds
2014-03-10 21:20 ` Linus Torvalds
2014-03-10 21:43 ` Andy Lutomirski
2014-03-10 21:51 ` Dave Jones
2014-03-10 22:59 ` H. Peter Anvin
2014-03-10 23:32 ` [PATCH] x86: Remove CONFIG_X86_OOSTORE Dave Jones
2014-03-11 10:11 ` [x86, vdso] BUG: unable to handle kernel paging request at d34bd000 Ingo Molnar
2014-03-10 21:25 ` stefani
2014-03-10 21:39 ` Linus Torvalds
2014-03-10 21:53 ` stefani
2014-03-10 22:03 ` Andy Lutomirski
2014-03-10 22:36 ` Andy Lutomirski
2014-03-10 23:02 ` H. Peter Anvin
2014-03-10 21:29 ` stefani
2014-03-11 6:02 ` H. Peter Anvin
2014-03-07 8:47 ` Stefani Seibold
2014-03-07 9:15 ` Fengguang Wu
2014-03-07 9:57 ` Stefani Seibold
2014-03-07 10:21 ` Fengguang Wu
2014-03-07 16:06 ` Stefani Seibold
2014-03-07 23:12 ` H. Peter Anvin
2014-03-07 10:36 ` Fengguang Wu
2014-03-07 23:44 ` Fengguang Wu
2014-03-09 8:08 ` Stefani Seibold
2014-03-10 0:00 ` H. Peter Anvin
2014-03-10 19:41 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1394481804.980.9.camel@wall-e.seibold.net \
--to=stefani@seibold.net \
--cc=Andreas.Brief@rohde-schwarz.com \
--cc=Martin.Runge@rohde-schwarz.com \
--cc=hpa@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.