Re: [PATCH] x86_64, asm: Work around AMD SYSRET SS descriptor attribute issue

From: Linus Torvalds
Date: Mon Apr 27 2015 - 12:00:14 EST


On Mon, Apr 27, 2015 at 8:46 AM, Borislav Petkov <bp@xxxxxxxxx> wrote:
>
> Right, what about the false positives:

Anybody who tries to return to kernel addresses with sysret is
suspect. It's more likely to be an attack vector than anything else
(ie somebody who is trying to take advantage of a CPU bug).

I don't think there are any false positives. The only valid sysret
targets are in normal user space.

There's the "vsyscall" area, I guess, but we are actively discouraging
people from using it (it's emulated by default) and using iret to
return from it is fine if somebody ends up using it natively. It was a
mistake to have fixed addresses with known code in it, so I don't
think we should care.

We've had the inexact version for a long time, and the exact canonical
address check hasn't even hit my tree yet. I wouldn't worry about it.

And since we haven't even merged the "better check for canonical
addresses" it cannot even be a regression if we never really use it.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/