From: "H. Peter Anvin" <hpa@linux.intel.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Stefani Seibold <stefani@seibold.net>,
Andreas Brief <Andreas.Brief@rohde-schwarz.com>,
Martin Runge <Martin.Runge@rohde-schwarz.com>
Subject: Re: [x86, vdso] BUG: unable to handle kernel paging request at d34bd000
Date: Mon, 10 Mar 2014 10:38:30 -0700 [thread overview]
Message-ID: <531DF896.8010305@linux.intel.com> (raw)
In-Reply-To: <CALCETrV+3yCfOCJzRKN-woOyp2RF_=dW1V=9CwpYTUNGAiLoNQ@mail.gmail.com>
On 03/10/2014 10:31 AM, Andy Lutomirski wrote:
>>
>>> For 64-bit, this is an entirely different story. The vsyscall page is
>>> stuck in the fixmap forever, although I want to add a way for
>>> userspace to opt out. The vvar page, hpet, etc could move into vmas,
>>> though. I kind of want to do that anyway to allow processes to turn
>>> off the ability to read the clock.
>>
>> Wait... you want to do what?!
>
> This isn't even my idea:
>
> commit 8fb402bccf203ecca8f9e0202b8fd3c937dece6f
> Author: Erik Bosman <ebn310@few.vu.nl>
> Date: Fri Apr 11 18:54:17 2008 +0200
>
> generic, x86: add prctl commands PR_GET_TSC and PR_SET_TSC
>
> This patch adds prctl commands that make it possible
> to deny the execution of timestamp counters in userspace.
> If this is not implemented on a specific architecture,
> prctl will return -EINVAL.
>
> Currently anything that tries to use the vdso will just crash if you
> do that, and it fails to turn off direct HPET access. Fixing this
> might be nice, but the current vvar implementation makes it
> impossible. If you want to stick something in a seccomp sandbox and
> make it very difficult for it to exploit timing side channels, then
> this is important :)
>
Yes, we'd have to switch the vdso to using syscall access. Doing that
from inside a system call is... "interesting".
-hpa
next prev parent reply other threads:[~2014-03-10 17:38 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-07 1:38 [x86, vdso] BUG: unable to handle kernel paging request at d34bd000 Fengguang Wu
2014-03-07 1:48 ` [x86, vdso] BUG: unable to handle kernel paging request at 91c24000 Fengguang Wu
2014-03-07 7:21 ` [x86, vdso] BUG: unable to handle kernel paging request at d34bd000 Stefani Seibold
2014-03-07 18:56 ` Andy Lutomirski
2014-03-07 21:53 ` Stefani Seibold
2014-03-07 23:07 ` Andy Lutomirski
2014-03-09 8:47 ` Stefani Seibold
2014-03-10 0:16 ` H. Peter Anvin
2014-03-10 3:18 ` Andy Lutomirski
2014-03-10 4:46 ` Andy Lutomirski
2014-03-10 14:59 ` H. Peter Anvin
[not found] ` <CA+55aFwKpBybz9S9A=+tcr1BbdzAbagL30Br2cak2GrdPH=hhA@mail.gmail.com>
2014-03-10 17:12 ` Andy Lutomirski
2014-03-10 17:24 ` H. Peter Anvin
2014-03-10 17:31 ` Andy Lutomirski
2014-03-10 17:38 ` H. Peter Anvin [this message]
2014-03-10 17:46 ` Andy Lutomirski
2014-03-10 17:48 ` H. Peter Anvin
2014-03-10 17:52 ` Andy Lutomirski
2014-03-10 17:58 ` H. Peter Anvin
2014-03-10 18:10 ` Andy Lutomirski
2014-03-10 17:49 ` H. Peter Anvin
2014-03-10 20:03 ` Stefani Seibold
2014-03-10 20:06 ` H. Peter Anvin
2014-03-10 20:19 ` Linus Torvalds
2014-03-10 21:20 ` Linus Torvalds
2014-03-10 21:43 ` Andy Lutomirski
2014-03-10 21:51 ` Dave Jones
2014-03-10 22:59 ` H. Peter Anvin
2014-03-10 23:32 ` [PATCH] x86: Remove CONFIG_X86_OOSTORE Dave Jones
2014-03-11 10:11 ` [x86, vdso] BUG: unable to handle kernel paging request at d34bd000 Ingo Molnar
2014-03-10 21:25 ` stefani
2014-03-10 21:39 ` Linus Torvalds
2014-03-10 21:53 ` stefani
2014-03-10 22:03 ` Andy Lutomirski
2014-03-10 22:36 ` Andy Lutomirski
2014-03-10 23:02 ` H. Peter Anvin
2014-03-10 21:29 ` stefani
2014-03-11 6:02 ` H. Peter Anvin
2014-03-07 8:47 ` Stefani Seibold
2014-03-07 9:15 ` Fengguang Wu
2014-03-07 9:57 ` Stefani Seibold
2014-03-07 10:21 ` Fengguang Wu
2014-03-07 16:06 ` Stefani Seibold
2014-03-07 23:12 ` H. Peter Anvin
2014-03-07 10:36 ` Fengguang Wu
2014-03-07 23:44 ` Fengguang Wu
2014-03-09 8:08 ` Stefani Seibold
2014-03-10 0:00 ` H. Peter Anvin
2014-03-10 19:41 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=531DF896.8010305@linux.intel.com \
--to=hpa@linux.intel.com \
--cc=Andreas.Brief@rohde-schwarz.com \
--cc=Martin.Runge@rohde-schwarz.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=stefani@seibold.net \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.