Re: [PATCH v4 09/10] x86-64: Randomize int 0xcc magic al values atboot
From: Ingo Molnar
Date: Tue May 31 2011 - 12:43:34 EST
* Andrew Lutomirski <luto@xxxxxxx> wrote:
> On Tue, May 31, 2011 at 11:56 AM, Andrew Lutomirski <luto@xxxxxxx> wrote:
> > We could scrap int 0xcc entirely and emulate on page fault, but that
> > is slower and has other problems (like breaking anything that thinks
> > it can look at a call target in a binary and dereference that
> > address).
> >
> > Here's a possibly dumb/evil idea:
> >
> > Put real syscalls in the vsyscall page but mark the page NX. Then
> > emulate the vsyscalls on the PF_INSTR fault when userspace jumps to
> > the correct address but send SIGSEGV for the wrong address.
> >
> > Down side: it's even more complexity for the same silly case.
>
> Scratch that. It's incompatible with keeping time() fast for now.
If we can find another fault than #PF then it will be similarly fast
to an INT $0xCC so please at least investigate this route.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/