Re: [PATCH 24/30] x86, kaiser: disable native VSYSCALL

From: Andy Lutomirski
Date: Thu Nov 09 2017 - 14:04:28 EST

Next message: Andy Lutomirski: "Re: [RFC PATCH for 4.15 5/6] membarrier: x86: Provide core serializing command"
Previous message: Mario.Limonciello: "RE: [PATCH v2 2/2] platform/x86: dell-*wmi*: Relay failed initial probe to dependent drivers"
In reply to: Dave Hansen: "[PATCH 24/30] x86, kaiser: disable native VSYSCALL"
Next in thread: Dave Hansen: "Re: [PATCH 24/30] x86, kaiser: disable native VSYSCALL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 8, 2017 at 11:47 AM, Dave Hansen
<dave.hansen@xxxxxxxxxxxxxxx> wrote:
>
> From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
>
> The VSYSCALL page is mapped by kernel page tables at a kernel address.
> It is troublesome to support with KAISER in place, so disable the
> native case.
>
> Also add some help text about how KAISER might affect the emulation
> case as well.

Can you re-explain why this is helpful?

Also, I'm about to send patches that may cause a rethinking of how
KAISER handles the fixmap.

--Andy

>
> Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> Cc: Moritz Lipp <moritz.lipp@xxxxxxxxxxxxxx>
> Cc: Daniel Gruss <daniel.gruss@xxxxxxxxxxxxxx>
> Cc: Michael Schwarz <michael.schwarz@xxxxxxxxxxxxxx>
> Cc: Richard Fellner <richard.fellner@xxxxxxxxxxxxxxxxx>
> Cc: Andy Lutomirski <luto@xxxxxxxxxx>
> Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Cc: Kees Cook <keescook@xxxxxxxxxx>
> Cc: Hugh Dickins <hughd@xxxxxxxxxx>
> Cc: x86@xxxxxxxxxx
>
> ---
>
> b/arch/x86/Kconfig | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff -puN arch/x86/Kconfig~kaiser-no-vsyscall arch/x86/Kconfig
> --- a/arch/x86/Kconfig~kaiser-no-vsyscall 2017-11-08 10:45:39.157681370 -0800
> +++ b/arch/x86/Kconfig 2017-11-08 10:45:39.162681370 -0800
> @@ -2231,6 +2231,9 @@ choice
>
> config LEGACY_VSYSCALL_NATIVE
> bool "Native"
> + # The VSYSCALL page comes from the kernel page tables
> + # and is not available when KAISER is enabled.
> + depends on ! KAISER
> help
> Actual executable code is located in the fixed vsyscall
> address mapping, implementing time() efficiently. Since
> @@ -2248,6 +2251,11 @@ choice
> exploits. This configuration is recommended when userspace
> still uses the vsyscall area.
>
> + When KAISER is enabled, the vsyscall area will become
> + unreadable. This emulation option still works, but KAISER
> + will make it harder to do things like trace code using the
> + emulation.
> +
> config LEGACY_VSYSCALL_NONE
> bool "None"
> help
> _

Next message: Andy Lutomirski: "Re: [RFC PATCH for 4.15 5/6] membarrier: x86: Provide core serializing command"
Previous message: Mario.Limonciello: "RE: [PATCH v2 2/2] platform/x86: dell-*wmi*: Relay failed initial probe to dependent drivers"
In reply to: Dave Hansen: "[PATCH 24/30] x86, kaiser: disable native VSYSCALL"
Next in thread: Dave Hansen: "Re: [PATCH 24/30] x86, kaiser: disable native VSYSCALL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]