Re: [RFC][PATCH] linux-2.6.4-pre1_vsyscall-gtod_B3-part3 (3/3)

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Andrea Arcangeli <andrea@suse.de>
To: john stultz <johnstul@us.ibm.com>
Cc: Ulrich Drepper <drepper@redhat.com>,
	lkml <linux-kernel@vger.kernel.org>, Andi Kleen <ak@suse.de>,
	Jamie Lokier <jamie@shareable.org>,
	"Martin J. Bligh" <mbligh@aracnet.com>,
	Wim Coekaerts <wim.coekaerts@oracle.com>,
	Joel Becker <Joel.Becker@oracle.com>,
	Chris McDermott <lcm@us.ibm.com>
Subject: Re: [RFC][PATCH] linux-2.6.4-pre1_vsyscall-gtod_B3-part3 (3/3)
Date: Thu, 4 Mar 2004 04:14:09 +0100	[thread overview]
Message-ID: <20040304031409.GC4922@dualathlon.random> (raw)
In-Reply-To: <1078368197.10076.252.camel@cog.beaverton.ibm.com>

On Wed, Mar 03, 2004 at 06:43:18PM -0800, john stultz wrote:
> On Wed, 2004-03-03 at 18:16, Ulrich Drepper wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Andrea Arcangeli wrote:
> > 
> > > This is just like the kernel patches people proposes when they get
> > > vmalloc LDT allocation failure, because they run with the i686 glibc
> > > instead of the only possibly supported i586 configuration. It makes no
> > > sense to hide a glibc inefficiency
> > 
> > You apparently still haven't gotten any clue since your whining the last
> > time around.  Absolute addresses are a fatal mistake.
> 
> Before we start up this larger debate again, might there be some short
> term solution for my patch that would satisfy both of you?

For a production release short term solutions like this would be ok, but
the mainline source that will fork off in 2.7 should have the best
design IMHO, and the same for glibc.

> If I understand the earlier arguments, if we're going to have the
> dynamically relocated segments at some point, I agree that absolute
> addresses are going to have problems. However, if I'm not mistaken, this
> problem already exists w/ the vsyscall-sysenter code, correct? 

this is exactly my point, the fixed address trouble mentioned by Ulirch
make little sense to me because of this (especially in reply to the ldt
part).

and in practice the sysenter instruction is already at a fixed address
in any 2.6 kernel out there (yeah, we could change that number without
breaking glibc, but the attacker won't care less).

> What is the plan for avoiding the absolute address issue there? If I
> implemented the vsyscall-gettimeofday code in a similar manner (as
> Andrea suggested), could the planned solution for vsyscall-sysenter be
> applied here as well?

I think yes but thinking twice my preferred way is not to pass another
variable address to userspace (that was the first solution that come to
mind, and I wrote that just to show there's no real "fixed address"
trouble). Fixed _offsets_ (not virtual addresses) are perfectly fine
w.r.t. security. So we can just assume the vgettimeofday is at a fixed
offset after the vsysenter code. This should result in the most
efficient code possible while providing flexiblity to the address like
vsysenter does (vgettimeofday will move together with vsysenter).
However it could be the second value in elf is a cleaner way to pass the
vgettimeofday address, I don't mind either ways.

thanks.

next prev parent reply	other threads:[~2004-03-04  3:13 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-03-04  0:11 [RFC][PATCH] vsyscall-gtod_B3 (0/3) john stultz
2004-03-04  0:12 ` [RFC][PATCH] linux-2.6.4-pre1_vsyscall-gtod_B3-part1 (1/3) john stultz
2004-03-04  0:13   ` [RFC][PATCH] linux-2.6.4-pre1_vsyscall-gtod_B3-part2 (2/3) john stultz
2004-03-04  0:14     ` [RFC][PATCH] linux-2.6.4-pre1_vsyscall-gtod_B3-part3 (3/3) john stultz
2004-03-04  0:55       ` Andrea Arcangeli
2004-03-04  2:16         ` Ulrich Drepper
2004-03-04  2:43           ` john stultz
2004-03-04  3:14             ` Andrea Arcangeli [this message]
2004-03-04  8:09             ` Ulrich Drepper
2004-03-04 19:02               ` john stultz
2004-03-04  2:47           ` Andrea Arcangeli
2004-03-04  2:54             ` john stultz
2004-03-04  3:15               ` Andrea Arcangeli
2004-03-04  8:57               ` Jakub Jelinek
2004-03-04 16:45                 ` Andrea Arcangeli
2004-03-04  8:00         ` Jamie Lokier
2004-03-04  8:37           ` Jakub Jelinek
2004-03-04 17:48             ` Andrea Arcangeli
2004-03-04  0:15 ` [RFC] vsyscall-gtod_test_B3.tar.gz john stultz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040304031409.GC4922@dualathlon.random \
    --to=andrea@suse.de \
    --cc=Joel.Becker@oracle.com \
    --cc=ak@suse.de \
    --cc=drepper@redhat.com \
    --cc=jamie@shareable.org \
    --cc=johnstul@us.ibm.com \
    --cc=lcm@us.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mbligh@aracnet.com \
    --cc=wim.coekaerts@oracle.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox