Re: [PATCH v4 8/8] x86, vdso: mark vDSO read-only after init

From: Andy Lutomirski
Date: Tue Jan 19 2016 - 14:09:39 EST

Next message: Pablo Neira Ayuso: "Re: [PATCH v3] netfilter: nf_conntrack: use safer way to lock all buckets"
Previous message: Craig Gallek: "Re: Crash with SO_REUSEPORT and ef456144da8ef507c8cf504284b6042e9201a05c"
In reply to: Kees Cook: "[PATCH v4 8/8] x86, vdso: mark vDSO read-only after init"
Next in thread: H. Peter Anvin: "Re: [PATCH v4 8/8] x86, vdso: mark vDSO read-only after init"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 19, 2016 at 10:08 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> The vDSO does not need to be writable after __init, so mark it as
> __ro_after_init. The result kills the exploit method of writing to the
> vDSO from kernel space resulting in userspace executing the modified code,
> as shown here to bypass SMEP restrictions: http://itszn.com/blog/?p=21
>
> The memory map (with added vDSO address reporting) shows the vDSO moving
> into read-only memory:

Acked-by: Andy Lutomirski <luto@xxxxxxxxxx>

Next message: Pablo Neira Ayuso: "Re: [PATCH v3] netfilter: nf_conntrack: use safer way to lock all buckets"
Previous message: Craig Gallek: "Re: Crash with SO_REUSEPORT and ef456144da8ef507c8cf504284b6042e9201a05c"
In reply to: Kees Cook: "[PATCH v4 8/8] x86, vdso: mark vDSO read-only after init"
Next in thread: H. Peter Anvin: "Re: [PATCH v4 8/8] x86, vdso: mark vDSO read-only after init"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]