Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752290AbeAERxj (ORCPT + 1 other); Fri, 5 Jan 2018 12:53:39 -0500 Received: from mail.kernel.org ([198.145.29.99]:39800 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752115AbeAERxi (ORCPT ); Fri, 5 Jan 2018 12:53:38 -0500 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D028B21869 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org X-Google-Smtp-Source: ACJfBouqCleGB5eGCJIOfXI2l5dKh8GlbTUnym3min70ZFCEUcDicYTfFVcssBRAHYUNBzf/nceBs2rSVuqDDTqpIl4= MIME-Version: 1.0 In-Reply-To: <20180105123329.vnh7hbvigbfv6icd@pd.tnic> References: <17c5ebeb2e00879b0af1a9c32bf37ecdd9b9b31b.1515130397.git.luto@kernel.org> <20180105123329.vnh7hbvigbfv6icd@pd.tnic> From: Andy Lutomirski Date: Fri, 5 Jan 2018 09:53:16 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC] selftests/x86: Add test_vsyscall To: Borislav Petkov Cc: Andy Lutomirski , X86 ML , LKML , Kees Cook , Peter Zijlstra , Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Fri, Jan 5, 2018 at 4:33 AM, Borislav Petkov wrote: > On Thu, Jan 04, 2018 at 09:38:37PM -0800, Andy Lutomirski wrote: >> Also, I want to add vsyscall=emulate_noread that makes the vsyscall >> page be --x. And I want to add a per-process option to turn off >> vsyscalls. > > What for? > > It sounds like a bunch of work for something which is deprecated > anyway... > emulate_noread would avoid one exploit technique that Kees saw somewhere. And per-process disablement would let a system remain compatible with old binaries without reducing security for newer binaries.