Re: [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-range patch

* Rusty Russell <[email protected]> wrote:

> AFAICT we'll pay one extra TLB entry for this patch.  Zach had a patch 
> which left the vsyscall page at the top of memory (minus hole for 
> hypervisor) and patched the ELF header at boot.

i'd suggest the solution from exec-shield (which has been there for a 
long time), which also randomizes the vsyscall vma. Exploits are already 
starting to use the vsyscall page (with predictable addresses) to 
circumvent randomization, it provides 'interesting' instructions to act 
as a syscall-functionality building block. Moving that address to 
another predictable place solves the virtualization problem, but doesnt 
solve the address-space randomization problem.

	Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-range patch
    • From: Rusty Russell <[email protected]>
  • Re: [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-range patch
    • From: Zachary Amsden <[email protected]>

• References:
  • [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-range patch
    • From: Rusty Russell <[email protected]>

• Prev by Date: SDIO - crc check of previous command failed
• Next by Date: Re: acpi_power_off doesn't
• Previous by thread: [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-range patch
• Next by thread: Re: [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-range patch
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]