Re: [PATCH 0/4 POC] Allow executing code and syscalls in another address space
From: Andy Lutomirski
Date: Fri Jul 02 2021 - 18:45:05 EST
On 4/13/21 10:52 PM, Andrei Vagin wrote:
> process_vm_exec has two modes:
>
> * Execute code in an address space of a target process and stop on any
> signal or system call.
We already have a perfectly good context switch mechanism: context
switches. If you execute code, you are basically guaranteed to be
subject to being hijacked, which means you pretty much can't allow
syscalls. But there's a lot of non-syscall state, and I think context
switching needs to be done with extreme care.
(Just as example, suppose you switch mms, then set %gs to point to the
LDT, then switch back. Now you're in a weird state. With %ss the plot
is a bit thicker. And there are emulated vsyscalls and such.)
If you, PeterZ, and the UMCG could all find an acceptable, efficient way
to wake-and-wait so you can switch into an injected task in the target
process and switch back quickly, then I think a much nicer solution will
become available.
>
> * Execute a system call in an address space of a target process.
I could get behind this, but there are plenty of cans of worms to watch
out for. Serious auditing would be needed.