Prevent list poison values from being mapped by userspace processes

Kees Cook keescook at chromium.org
Mon Aug 24 12:22:33 PDT 2015


On Mon, Aug 24, 2015 at 12:14 PM, Russell King - ARM Linux
<linux at arm.linux.org.uk> wrote:
> On Mon, Aug 24, 2015 at 11:51:04AM -0700, Kees Cook wrote:
>> On Mon, Aug 24, 2015 at 11:47 AM, Russell King - ARM Linux
>> <linux at arm.linux.org.uk> wrote:
>> > That's something which Catalin indicated that he'll work on.  However,
>> > he said in a public email last week that he won't be around for a while.
>> >
>> > So, I have no immediate solution for LPAE - it looks like LPAE will
>> > require switching the page tables on kernel entry or exit, and again
>> > each and every time we want to perform a userspace access.  How this
>> > is done is not something that has been discussed, and neither do we
>> > yet know how expensive this will be.  There are a number of places in
>> > the kernel where a large number of get_user()s or put_user()s follow
>> > one after each other, which necessitates switching back and forth
>> > multiple times.  We may need to address some of those areas by
>> > converting them to copy_(to|from)_user().
>>
>> By the way, have you looked at grsecurity's implementation of these
>> protections? They've been using domains for a while now, and I think
>> have an LPAE solution as well.
>
> *Sigh*.
>
> No, and I really don't care - if people want to do development work out
> of the mainline kernel and not bother to talk about getting it upstream,
> it's their loss.  As far as I'm concerned, such external work doesn't
> exist.

Sure, I understand, but it's worth at least looking at to compare
feature sets. For example, when doing the W^X kernel memory work, I
looked at both qcom and spender's work, trying to get the best of both
into upstreamable shape.

-Kees

-- 
Kees Cook
Chrome OS Security



More information about the linux-arm-kernel mailing list