On Thu, Aug 11, 2016 at 8:54 AM, Arnd Bergmann <arnd@xxxxxxxx> wrote: > On Thursday, August 11, 2016 12:06:45 AM CEST Russell King - ARM Linux wrote: >> On Wed, Aug 10, 2016 at 09:41:23PM +0200, Arnd Bergmann wrote: >> > It might be better to start by making the fixed mapping readonly, >> > as KASLR doesn't protect that one at all, and change the TLS >> > code accordingly. >> >> I think that's impossible, because we gave userspace permission to >> read 0xffff0ff0 directly without using __kuser_get_tls. You're >> talking about potentially breaking userspace. >> >> If you disable kuser helpers, then the page becomes read-only and >> invisible to userspace anyway. So, everything is being done there >> which can be done - if you have kuser helpers enabled, then you >> lose some opportunities for these security improvements. > > What I meant was writing to the page through the linear mapping > rather than the virtual mapping at 0xffff0000 so we can leave that > one read-only (I did not consider whether that might cause cache > aliasing problems when reading from the other address). > > Your other point is more important though: if one really cares > about optimizing security here, they probably should disable > kuser helpers completely anyway. > > Kees, is that something you have on your radar already? It wasn't no. I will add it. :) -Kees -- Kees Cook Nexus Security -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
