Re: [PATCH 0/4 POC] Allow executing code and syscalls in another address space

From: Andy Lutomirski
Date: Fri Jul 02 2021 - 18:45:05 EST

Next message: Linus Torvalds: "Re: [GIT PULL] first round of SCSI updates for the 5.13+ merge window"
Previous message: kernel test robot: "Re: [PATCH 2/2] media: rc: introduce Meson IR blaster driver"
In reply to: Jann Horn: "Re: [PATCH 0/4 POC] Allow executing code and syscalls in another address space"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/13/21 10:52 PM, Andrei Vagin wrote:

> process_vm_exec has two modes:
>
> * Execute code in an address space of a target process and stop on any
> signal or system call.

We already have a perfectly good context switch mechanism: context
switches. If you execute code, you are basically guaranteed to be
subject to being hijacked, which means you pretty much can't allow
syscalls. But there's a lot of non-syscall state, and I think context
switching needs to be done with extreme care.

(Just as example, suppose you switch mms, then set %gs to point to the
LDT, then switch back. Now you're in a weird state. With %ss the plot
is a bit thicker. And there are emulated vsyscalls and such.)

If you, PeterZ, and the UMCG could all find an acceptable, efficient way
to wake-and-wait so you can switch into an injected task in the target
process and switch back quickly, then I think a much nicer solution will
become available.

>
> * Execute a system call in an address space of a target process.

I could get behind this, but there are plenty of cans of worms to watch
out for. Serious auditing would be needed.

Next message: Linus Torvalds: "Re: [GIT PULL] first round of SCSI updates for the 5.13+ merge window"
Previous message: kernel test robot: "Re: [PATCH 2/2] media: rc: introduce Meson IR blaster driver"
In reply to: Jann Horn: "Re: [PATCH 0/4 POC] Allow executing code and syscalls in another address space"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]