From: Ingo Molnar <mingo@elte.hu>
To: Andy Lutomirski <luto@MIT.EDU>
Cc: x86@kernel.org, Thomas Gleixner <tglx@linutronix.de>,
linux-kernel@vger.kernel.org, Jesper Juhl <jj@chaosbits.net>,
Borislav Petkov <bp@alien8.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Arjan van de Ven <arjan@infradead.org>,
Jan Beulich <JBeulich@novell.com>,
richard -rw- weinberger <richard.weinberger@gmail.com>,
Mikael Pettersson <mikpe@it.uu.se>
Subject: Re: [PATCH v2 08/10] x86-64: Emulate vsyscalls
Date: Mon, 30 May 2011 09:46:08 +0200 [thread overview]
Message-ID: <20110530074608.GD27557@elte.hu> (raw)
In-Reply-To: <07445623494a3d9f02581eb06326420f5f443043.1306724657.git.luto@mit.edu>
* Andy Lutomirski <luto@MIT.EDU> wrote:
> There's a fair amount of code in the vsyscall page, and who knows
> what will happen if an exploit jumps into the middle of it. Reduce
> the risk by replacing most of it with short magic incantations that
> are useless if entered in the middle. This change can be disabled
> by CONFIG_UNSAFE_VSYSCALLS (default y).
btw., please flip the default or consider removing the option
altogether.
We want to improve security and we want safe vsyscalls the default,
and it's no good if we make it too easy for users to keep the fire
door open all the time! :-)
Thanks,
Ingo
next prev parent reply other threads:[~2011-05-30 7:46 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-30 3:48 [PATCH v2 00/10] Remove syscall instructions at fixed addresses Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 01/10] x86-64: Fix alignment of jiffies variable Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 02/10] x86-64: Give vvars their own page Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 03/10] x86-64: Remove kernel.vsyscall64 sysctl Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 04/10] x86-64: Replace vsyscall gettimeofday fallback with int 0xcc Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 05/10] x86-64: Map the HPET NX Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 06/10] x86-64: Remove vsyscall number 3 (venosys) Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 07/10] x86-64: Fill unused parts of the vsyscall page with 0xcc Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 08/10] x86-64: Emulate vsyscalls Andy Lutomirski
2011-05-30 7:35 ` Borislav Petkov
2011-05-30 10:43 ` Andrew Lutomirski
2011-05-30 7:46 ` Ingo Molnar [this message]
2011-05-30 10:57 ` Andrew Lutomirski
2011-05-30 10:59 ` Ingo Molnar
2011-05-30 11:35 ` Andrew Lutomirski
2011-05-30 12:15 ` Ingo Molnar
2011-05-30 12:25 ` Andrew Lutomirski
2011-05-30 14:12 ` Ingo Molnar
2011-05-30 7:51 ` Jan Beulich
2011-05-30 8:07 ` Ingo Molnar
2011-05-31 2:29 ` Andrew Lutomirski
2011-05-30 3:48 ` [PATCH v2 09/10] x86-64: Randomize int 0xcc magic al values at boot Andy Lutomirski
2011-05-30 3:48 ` [PATCH v2 10/10] x86-64: Document some of entry_64.S Andy Lutomirski
2011-05-30 7:59 ` Borislav Petkov
2011-05-30 10:40 ` Andrew Lutomirski
2011-05-30 10:50 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110530074608.GD27557@elte.hu \
--to=mingo@elte.hu \
--cc=JBeulich@novell.com \
--cc=akpm@linux-foundation.org \
--cc=arjan@infradead.org \
--cc=bp@alien8.de \
--cc=jj@chaosbits.net \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@MIT.EDU \
--cc=mikpe@it.uu.se \
--cc=richard.weinberger@gmail.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.