From: Andrew Lutomirski <luto@mit.edu>
To: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Andi Kleen <andi@firstfloor.org>,
x86@kernel.org, linux-kernel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <eric.dumazet@gmail.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Borislav Petkov <bp@amd64.org>
Subject: Re: [PATCH v4 0/6] Micro-optimize vclock_gettime
Date: Tue, 17 May 2011 07:11:06 -0400 [thread overview]
Message-ID: <BANLkTimpEfb3P9FWgrCDwSSVr6RA8nXb5w@mail.gmail.com> (raw)
In-Reply-To: <20110517080029.GB22093@elte.hu>
On Tue, May 17, 2011 at 4:00 AM, Ingo Molnar <mingo@elte.hu> wrote:
>
> * Thomas Gleixner <tglx@linutronix.de> wrote:
>
>> > see if I can persuade Uli to take accept a glibc patch to stop calling it
>> > in future static glibc versions.
>>
>> How wide spread is this in reality on 64bit systems ?
>>
>> IOW, what's the damage if we take a trap and emulate it in the most painful
>> way we can come up with ?
I dunno. I'll measure it.
>
> Well, how does that differ from having the real syscall instruction there? How
> are we going to filter real (old-)glibc calls from exploits?
Because there are only four vsyscalls: vgettimeofday, vtime, vgetcpu,
and venosys. None of them have side-effects, so they only allow an
attacker to write something to user memory somewhere. The
implementation of vgettimeofday needs a syscall instruction internally
for its fallback, which means that an attack could jump there instead
of to the start of the vsyscall implementation.
>
> If it can be filtered in a meaningful way then we should just do that and
> perhaps offer a (default enabled) .config COMPAT_VDSO_EMU=y switch to turn the
> emulation off.
>
> That way we keep the ABI and also have a way out for users who *really* need
> this to work in a performant way.
Yeah, that probably makes more sense. It'll make for an uglier
diffstat, though -- there's a lot of ugly duplicate code around to
make vgettimeofday and vgetcpu work.
--Andy
>
> Thanks,
>
> Ingo
>
next prev parent reply other threads:[~2011-05-17 11:11 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-16 16:00 [PATCH v4 0/6] Micro-optimize vclock_gettime Andy Lutomirski
2011-05-16 16:00 ` [PATCH v4 1/6] x86-64: Clean up vdso/kernel shared variables Andy Lutomirski
2011-05-16 17:23 ` Borislav Petkov
2011-05-16 17:34 ` Andrew Lutomirski
2011-05-16 16:00 ` [PATCH v4 2/6] x86-64: Remove unnecessary barrier in vread_tsc Andy Lutomirski
2011-05-16 16:01 ` [PATCH v4 3/6] x86-64: Don't generate cmov " Andy Lutomirski
2011-05-16 16:01 ` [PATCH v4 4/6] x86-64: vclock_gettime(CLOCK_MONOTONIC) can't ever see nsec < 0 Andy Lutomirski
2011-05-16 16:01 ` [PATCH v4 5/6] x86-64: Move vread_tsc into a new file with sensible options Andy Lutomirski
2011-05-16 16:01 ` [PATCH v4 6/6] x86-64: Turn off -pg and turn on -foptimize-sibling-calls for vDSO Andy Lutomirski
2011-05-16 16:09 ` [PATCH v4 0/6] Micro-optimize vclock_gettime Andi Kleen
2011-05-16 16:25 ` Thomas Gleixner
2011-05-16 16:49 ` Andi Kleen
2011-05-16 17:05 ` Andrew Lutomirski
2011-05-16 20:22 ` Andi Kleen
2011-05-16 21:28 ` Andrew Lutomirski
2011-05-16 21:53 ` Thomas Gleixner
2011-05-16 22:17 ` Andrew Lutomirski
2011-05-16 22:40 ` Thomas Gleixner
2011-05-17 8:00 ` Ingo Molnar
2011-05-17 11:11 ` Andrew Lutomirski [this message]
2011-05-17 11:36 ` Ingo Molnar
2011-05-17 18:31 ` Andy Lutomirski
2011-05-17 19:27 ` Ingo Molnar
2011-05-17 21:31 ` Andi Kleen
2011-05-17 22:59 ` Thomas Gleixner
2011-05-18 3:18 ` Andrew Lutomirski
2011-05-18 7:30 ` Thomas Gleixner
2011-05-18 8:31 ` Ingo Molnar
2011-05-18 11:30 ` Andrew Lutomirski
2011-05-18 12:10 ` Ingo Molnar
2011-05-17 7:56 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BANLkTimpEfb3P9FWgrCDwSSVr6RA8nXb5w@mail.gmail.com \
--to=luto@mit.edu \
--cc=a.p.zijlstra@chello.nl \
--cc=andi@firstfloor.org \
--cc=bp@amd64.org \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).