Re: [kernel-hardening] [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode

From: Daniel Gruss
Date: Mon May 08 2017 - 10:19:59 EST

Next message: Javier GonzÃlez: "Re: Large latency on blk_queue_enter"
Previous message: Andrey Smirnov: "[PATCH] usb: chipidea: imx: Do not access CLKONOFF on i.MX51"
In reply to: Thomas Garnier: "Re: [kernel-hardening] [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 08.05.2017 16:09, Thomas Garnier wrote:

Just to correct my answer here as well: Although we experimented with fixed
mappings for per-cpu addresses, the current patch does not incorporate this
yet, so it indeed still leaks. However, it is not a severe problem. The
mapping of the required (per-cpu) variables would be at a fixed location in
the user CR3, instead of the ones that are used in the kernel.

Why do you think it should be at a fixed location in the user CR3? I
see that you just mirror the entries. You also mirror
__entry_text_start / __entry_text_end which is part of the binary so
will leak the base address of the kernel. Maybe I am missing
something.

As I said, the current patch does not incorporate this yet, so yes, this part currently still leaks because we did not implement it yet.

Next message: Javier GonzÃlez: "Re: Large latency on blk_queue_enter"
Previous message: Andrey Smirnov: "[PATCH] usb: chipidea: imx: Do not access CLKONOFF on i.MX51"
In reply to: Thomas Garnier: "Re: [kernel-hardening] [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]