On Thursday, August 11, 2016 12:06:45 AM CEST Russell King - ARM Linux wrote: > On Wed, Aug 10, 2016 at 09:41:23PM +0200, Arnd Bergmann wrote: > > It might be better to start by making the fixed mapping readonly, > > as KASLR doesn't protect that one at all, and change the TLS > > code accordingly. > > I think that's impossible, because we gave userspace permission to > read 0xffff0ff0 directly without using __kuser_get_tls. You're > talking about potentially breaking userspace. > > If you disable kuser helpers, then the page becomes read-only and > invisible to userspace anyway. So, everything is being done there > which can be done - if you have kuser helpers enabled, then you > lose some opportunities for these security improvements. What I meant was writing to the page through the linear mapping rather than the virtual mapping at 0xffff0000 so we can leave that one read-only (I did not consider whether that might cause cache aliasing problems when reading from the other address). Your other point is more important though: if one really cares about optimizing security here, they probably should disable kuser helpers completely anyway. Kees, is that something you have on your radar already? Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
