From: Andy Lutomirski <luto@kernel.org>
To: x86@kernel.org
Cc: LKML <linux-kernel@vger.kernel.org>, Andy Lutomirski <luto@kernel.org>
Subject: [PATCH 0/5] vsyscall xonly mode
Date: Mon, 10 Jun 2019 13:25:26 -0700 [thread overview]
Message-ID: <cover.1560198181.git.luto@kernel.org> (raw)
Hi all-
This adds a new "xonly" mode for vsyscalls and makes it the default.
xonly is a bit more secure -- Kees knows about an exploit that relied on
read access to the vsyscall page. It's also nicer from a paging
perspective, as it doesn't require user access to any of the kernel
address space as far as the CPU is concerned. This would, for example,
allow a much simpler implementation of per-process vsyscall disabling.
Andy Lutomirski (5):
x86/vsyscall: Remove the vsyscall=native documentation
x86/vsyscall: Add a new vsyscall=xonly mode
x86/vsyscall: Document odd #PF's error code for vsyscalls
selftests/x86/vsyscall: Verify that vsyscall=none blocks execution
x86/vsyscall: Change the default vsyscall mode to xonly
.../admin-guide/kernel-parameters.txt | 11 ++-
arch/x86/Kconfig | 32 ++++---
arch/x86/entry/vsyscall/vsyscall_64.c | 19 ++++-
arch/x86/mm/fault.c | 7 ++
tools/testing/selftests/x86/test_vsyscall.c | 83 +++++++++++++------
5 files changed, 107 insertions(+), 45 deletions(-)
--
2.21.0
next reply other threads:[~2019-06-10 20:25 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-10 20:25 Andy Lutomirski [this message]
2019-06-10 20:25 ` [PATCH 1/5] x86/vsyscall: Remove the vsyscall=native documentation Andy Lutomirski
2019-06-10 20:25 ` [PATCH 2/5] x86/vsyscall: Add a new vsyscall=xonly mode Andy Lutomirski
2019-06-10 20:43 ` Kees Cook
2019-06-13 19:08 ` Andy Lutomirski
2019-06-10 20:25 ` [PATCH 3/5] x86/vsyscall: Document odd #PF's error code for vsyscalls Andy Lutomirski
2019-06-10 20:40 ` Kees Cook
2019-06-13 19:07 ` Andy Lutomirski
2019-06-10 20:25 ` [PATCH 4/5] selftests/x86/vsyscall: Verify that vsyscall=none blocks execution Andy Lutomirski
2019-06-10 20:25 ` [PATCH 5/5] x86/vsyscall: Change the default vsyscall mode to xonly Andy Lutomirski
2019-06-10 20:44 ` Kees Cook
2019-06-13 19:14 ` Andy Lutomirski
2019-06-14 5:19 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1560198181.git.luto@kernel.org \
--to=luto@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.