Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752691AbeAESrj (ORCPT + 1 other); Fri, 5 Jan 2018 13:47:39 -0500 Received: from mail.kernel.org ([198.145.29.99]:46134 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752214AbeAESrg (ORCPT ); Fri, 5 Jan 2018 13:47:36 -0500 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 49ACD219DC Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org X-Google-Smtp-Source: ACJfBovjXFSQmwRJEcdJ/KunalCh6y/jbFaH2mVYKIXVqy0tZxU63zSxnF/Bc73aiN+ObQX1qwu+pUu146knChDHs28= MIME-Version: 1.0 In-Reply-To: <20180105182354.ishv3rkdsi2fsujs@pd.tnic> References: <17c5ebeb2e00879b0af1a9c32bf37ecdd9b9b31b.1515130397.git.luto@kernel.org> <20180105123329.vnh7hbvigbfv6icd@pd.tnic> <20180105182354.ishv3rkdsi2fsujs@pd.tnic> From: Andy Lutomirski Date: Fri, 5 Jan 2018 10:47:15 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC] selftests/x86: Add test_vsyscall To: Borislav Petkov Cc: Andy Lutomirski , X86 ML , LKML , Kees Cook , Peter Zijlstra , Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Fri, Jan 5, 2018 at 10:23 AM, Borislav Petkov wrote: > On Fri, Jan 05, 2018 at 09:53:16AM -0800, Andy Lutomirski wrote: >> emulate_noread would avoid one exploit technique that Kees saw >> somewhere. And per-process disablement would let a system remain >> compatible with old binaries without reducing security for newer >> binaries. > > Or we can simply say new binaries can switch to the vdso. Because this > way, vsyscall will never really be phased out - new shit will simply > keep using it. As far as I know, new binaries don't use vsycall. The holdouts were musl and Go, and both are fixed. The remaining problem is that, for certain classes of userspace bugs, an attacker can take advantage of the vsyscall page's existence at a fixed address to cause mischief. So opting out of having it be there could be helpful to mitigate attacks.