DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 49ACD219DC
MIME-Version: 1.0
In-Reply-To: <20180105182354.ishv3rkdsi2fsujs@pd.tnic>
References: <17c5ebeb2e00879b0af1a9c32bf37ecdd9b9b31b.1515130397.git.luto@kernel.org>
 <20180105123329.vnh7hbvigbfv6icd@pd.tnic> <CALCETrXMSBGM89Ziti-+p71NB6xyXHri1ewJZ50Yt+qw0kbnig@mail.gmail.com>
 <20180105182354.ishv3rkdsi2fsujs@pd.tnic>
From: Andy Lutomirski <luto@kernel.org>
Date: Fri, 5 Jan 2018 10:47:15 -0800
Message-ID: <CALCETrWNqFuCCGoh2C72F4ZOoXXSNXtxAzN6eDiQZZXF_U2mbw@mail.gmail.com>
Subject: Re: [RFC] selftests/x86: Add test_vsyscall
To: Borislav Petkov <bp@alien8.de>
Cc: Andy Lutomirski <luto@kernel.org>, X86 ML <x86@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org

On Fri, Jan 5, 2018 at 10:23 AM, Borislav Petkov <bp@alien8.de> wrote:
> On Fri, Jan 05, 2018 at 09:53:16AM -0800, Andy Lutomirski wrote:
>> emulate_noread would avoid one exploit technique that Kees saw
>> somewhere.  And per-process disablement would let a system remain
>> compatible with old binaries without reducing security for newer
>> binaries.
>
> Or we can simply say new binaries can switch to the vdso. Because this
> way, vsyscall will never really be phased out - new shit will simply
> keep using it.

As far as I know, new binaries don't use vsycall.  The holdouts were
musl and Go, and both are fixed.

The remaining problem is that, for certain classes of userspace bugs,
an attacker can take advantage of the vsyscall page's existence at a
fixed address to cause mischief.  So opting out of having it be there
could be helpful to mitigate attacks.