From: "H. Peter Anvin" <hpa@linux.intel.com>
To: Andy Lutomirski <luto@amacapital.net>,
Linus Torvalds <torvalds@linux-foundation.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Stefani Seibold <stefani@seibold.net>,
Andreas Brief <Andreas.Brief@rohde-schwarz.com>,
Martin Runge <Martin.Runge@rohde-schwarz.com>
Subject: Re: [x86, vdso] BUG: unable to handle kernel paging request at d34bd000
Date: Mon, 10 Mar 2014 10:24:25 -0700 [thread overview]
Message-ID: <531DF549.2090403@linux.intel.com> (raw)
In-Reply-To: <CALCETrW6CT2ceHiHzMaZUGkwEBFWQEemFS5Fj=V7Wg-cNArMLg@mail.gmail.com>
On 03/10/2014 10:12 AM, Andy Lutomirski wrote:
> On Mon, Mar 10, 2014 at 8:11 AM, Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
>>
>> On Mar 10, 2014 8:01 AM, "H. Peter Anvin" <hpa@linux.intel.com> wrote:
>>>
>>> I have mentioned in the past wanting to move the fixmap to the low part
>>> of the kernel space, because the top isn't really fixed...
>>
>> How about the high part of the user address space, just above the stack?
>> Leave a unmapped page in between, or something. The stack is already
>> randomized, isn't it?
>
> For the !compat_vdso case, I don't like it -- this will put the vdso
> (which is executable) at a constant offset from the stack, which will
> make it much easier to use the vdso to defeat ASLR.
>
> For the compat_vdso case, this only works if the address is *not*
> random, unless we're going to start giving each process its very own
> relocated vdso.
>
I presumed we were talking about compat_vdso, which thus simply turns
into a "don't randomize the vdso flag." A significant side benefit is
that this should make the code more similar.
> For 64-bit, this is an entirely different story. The vsyscall page is
> stuck in the fixmap forever, although I want to add a way for
> userspace to opt out. The vvar page, hpet, etc could move into vmas,
> though. I kind of want to do that anyway to allow processes to turn
> off the ability to read the clock.
Wait... you want to do what?!
-hpa
next prev parent reply other threads:[~2014-03-10 17:24 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-07 1:38 [x86, vdso] BUG: unable to handle kernel paging request at d34bd000 Fengguang Wu
2014-03-07 1:48 ` [x86, vdso] BUG: unable to handle kernel paging request at 91c24000 Fengguang Wu
2014-03-07 7:21 ` [x86, vdso] BUG: unable to handle kernel paging request at d34bd000 Stefani Seibold
2014-03-07 18:56 ` Andy Lutomirski
2014-03-07 21:53 ` Stefani Seibold
2014-03-07 23:07 ` Andy Lutomirski
2014-03-09 8:47 ` Stefani Seibold
2014-03-10 0:16 ` H. Peter Anvin
2014-03-10 3:18 ` Andy Lutomirski
2014-03-10 4:46 ` Andy Lutomirski
2014-03-10 14:59 ` H. Peter Anvin
[not found] ` <CA+55aFwKpBybz9S9A=+tcr1BbdzAbagL30Br2cak2GrdPH=hhA@mail.gmail.com>
2014-03-10 17:12 ` Andy Lutomirski
2014-03-10 17:24 ` H. Peter Anvin [this message]
2014-03-10 17:31 ` Andy Lutomirski
2014-03-10 17:38 ` H. Peter Anvin
2014-03-10 17:46 ` Andy Lutomirski
2014-03-10 17:48 ` H. Peter Anvin
2014-03-10 17:52 ` Andy Lutomirski
2014-03-10 17:58 ` H. Peter Anvin
2014-03-10 18:10 ` Andy Lutomirski
2014-03-10 17:49 ` H. Peter Anvin
2014-03-10 20:03 ` Stefani Seibold
2014-03-10 20:06 ` H. Peter Anvin
2014-03-10 20:19 ` Linus Torvalds
2014-03-10 21:20 ` Linus Torvalds
2014-03-10 21:43 ` Andy Lutomirski
2014-03-10 21:51 ` Dave Jones
2014-03-10 22:59 ` H. Peter Anvin
2014-03-10 23:32 ` [PATCH] x86: Remove CONFIG_X86_OOSTORE Dave Jones
2014-03-11 10:11 ` [x86, vdso] BUG: unable to handle kernel paging request at d34bd000 Ingo Molnar
2014-03-10 21:25 ` stefani
2014-03-10 21:39 ` Linus Torvalds
2014-03-10 21:53 ` stefani
2014-03-10 22:03 ` Andy Lutomirski
2014-03-10 22:36 ` Andy Lutomirski
2014-03-10 23:02 ` H. Peter Anvin
2014-03-10 21:29 ` stefani
2014-03-11 6:02 ` H. Peter Anvin
2014-03-07 8:47 ` Stefani Seibold
2014-03-07 9:15 ` Fengguang Wu
2014-03-07 9:57 ` Stefani Seibold
2014-03-07 10:21 ` Fengguang Wu
2014-03-07 16:06 ` Stefani Seibold
2014-03-07 23:12 ` H. Peter Anvin
2014-03-07 10:36 ` Fengguang Wu
2014-03-07 23:44 ` Fengguang Wu
2014-03-09 8:08 ` Stefani Seibold
2014-03-10 0:00 ` H. Peter Anvin
2014-03-10 19:41 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=531DF549.2090403@linux.intel.com \
--to=hpa@linux.intel.com \
--cc=Andreas.Brief@rohde-schwarz.com \
--cc=Martin.Runge@rohde-schwarz.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=stefani@seibold.net \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.