[PATCH] ARM: tls: remove covert channel via TPIDRURW

Michał Mirosław mirqus at gmail.com
Mon Jan 16 13:25:48 EST 2012


W dniu 16 stycznia 2012 19:17 użytkownik Will Deacon
<will.deacon at arm.com> napisał:
> On Mon, Jan 16, 2012 at 06:14:27PM +0000, Michał Mirosław wrote:
>> 2012/1/16 Will Deacon <will.deacon at arm.com>:
>> > TPIDRURW is a user read/write register forming part of the group of
>> > thread registers in more recent versions of the ARM architecture (~v6+).
>> >
>> > Currently, the kernel does not touch this register, which allows tasks
>> > to communicate covertly by reading and writing to the register without
>> > context-switching affecting its contents.
>> >
>> > This patch clears TPIDRURW when TPIDRURO is updated via the set_tls
>> > macro, which is called directly from __switch_to. Since the current
>> > behaviour makes the register useless to userspace as far as thread
>> > pointers are concerned, simply clearing the register (rather than saving
>> > and restoring it) will not cause any problems to userspace.
>> So why not fix it instead of leaving it useless?
> Could do, but since nobody is asking for it and it would become part of the
> user-ABI if we did preserve it, I don't see the need right now.
>
> Do you have a compelling use-case for this register?

Not really.

Clearing the register will allow a thread to notice when it gets
switched. I don't know if that's an issue, though.

Best Regards,
Michał Mirosław



More information about the linux-arm-kernel mailing list