From: Ingo Molnar <mingo@elte.hu>
To: Andrew Lutomirski <luto@mit.edu>
Cc: Andi Kleen <andi@firstfloor.org>,
x86@kernel.org, Thomas Gleixner <tglx@linutronix.de>,
linux-kernel@vger.kernel.org, Jesper Juhl <jj@chaosbits.net>,
Borislav Petkov <bp@alien8.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Arjan van de Ven <arjan@infradead.org>,
Jan Beulich <JBeulich@novell.com>,
richard -rw- weinberger <richard.weinberger@gmail.com>,
Mikael Pettersson <mikpe@it.uu.se>
Subject: Re: [PATCH v4 10/10] x86-64: Add CONFIG_UNSAFE_VSYSCALLS to feature-removal-schedule
Date: Tue, 31 May 2011 22:24:50 +0200 [thread overview]
Message-ID: <20110531202450.GA28731@elte.hu> (raw)
In-Reply-To: <BANLkTinQ-y-g_3OKOWwOJ-sWxjJgh_G-=Q@mail.gmail.com>
* Andrew Lutomirski <luto@mit.edu> wrote:
> [Sorry, possible resend.]
>
> On 5/31/11, Ingo Molnar <mingo@elte.hu> wrote:
> >
> > * Ingo Molnar <mingo@elte.hu> wrote:
> >
> >> [...] solution that filters the caller RIP at the generic syscall
> >> entry point and checks RCX against the 'expected' SYSCALL
> >> instruction address, which is the (per task) vdso-address +
> >> constant-offset.
> >
> > Note that this solution would allow the vsyscall page to be
> > 'filtered' to the 3 allowed system calls rather efficiently, via a
> > second level check.
> >
> > This second check does not affect the fastpath, and it could be put
> > behind a CONFIG_COMPAT_VSYSCALL deprecation define once glibc does
> > not put vsyscall references anywhere - but we could even keep it
> > around forever, as this way it's defanged permanently.
> >
>
> Are you thinking about the 32-bit vDSO? I think that 64-bit code puts
> syscalls instructions all over the place.
Yeah, it does in a few dozen places so RCX filtering would only work
if we 'knew' about glibc's syscall range (it's available from the
vma) and restricted syscalls to that boundary.
... which makes this solution rather fragile so i think we can
disregard it.
Thanks,
Ingo
next prev parent reply other threads:[~2011-05-31 20:25 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-31 14:13 [PATCH v4 00/10] Remove syscall instructions at fixed addresses Andy Lutomirski
2011-05-31 14:13 ` [PATCH v4 01/10] x86-64: Fix alignment of jiffies variable Andy Lutomirski
2011-05-31 14:14 ` [PATCH v4 02/10] x86-64: Document some of entry_64.S Andy Lutomirski
2011-05-31 14:14 ` [PATCH v4 03/10] x86-64: Give vvars their own page Andy Lutomirski
2011-05-31 17:17 ` Louis Rilling
2011-05-31 14:14 ` [PATCH v4 04/10] x86-64: Remove kernel.vsyscall64 sysctl Andy Lutomirski
2011-05-31 14:14 ` [PATCH v4 05/10] x86-64: Map the HPET NX Andy Lutomirski
2011-05-31 14:14 ` [PATCH v4 06/10] x86-64: Remove vsyscall number 3 (venosys) Andy Lutomirski
2011-05-31 14:14 ` [PATCH v4 07/10] x86-64: Fill unused parts of the vsyscall page with 0xcc Andy Lutomirski
2011-05-31 14:14 ` [PATCH v4 08/10] x86-64: Emulate legacy vsyscalls Andy Lutomirski
2011-05-31 15:35 ` Ingo Molnar
2011-05-31 14:14 ` [PATCH v4 09/10] x86-64: Randomize int 0xcc magic al values at boot Andy Lutomirski
2011-05-31 15:40 ` Ingo Molnar
2011-05-31 15:56 ` Andrew Lutomirski
2011-05-31 16:10 ` Andrew Lutomirski
2011-05-31 16:43 ` Ingo Molnar
2011-05-31 16:42 ` Ingo Molnar
2011-05-31 18:08 ` Andrew Lutomirski
2011-05-31 14:14 ` [PATCH v4 10/10] x86-64: Add CONFIG_UNSAFE_VSYSCALLS to feature-removal-schedule Andy Lutomirski
2011-05-31 18:34 ` Andi Kleen
2011-05-31 18:57 ` Thomas Gleixner
2011-05-31 18:59 ` Andrew Lutomirski
2011-05-31 19:28 ` Ingo Molnar
2011-05-31 19:36 ` Ingo Molnar
2011-05-31 20:05 ` Andrew Lutomirski
2011-05-31 20:24 ` Ingo Molnar [this message]
2011-08-06 20:18 ` [PATCH v3 " Andrew Lutomirski
2011-06-08 8:50 ` [PATCH v4 " Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110531202450.GA28731@elte.hu \
--to=mingo@elte.hu \
--cc=JBeulich@novell.com \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=arjan@infradead.org \
--cc=bp@alien8.de \
--cc=jj@chaosbits.net \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@mit.edu \
--cc=mikpe@it.uu.se \
--cc=richard.weinberger@gmail.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox