On 03/10/2014 10:31 AM, Andy Lutomirski wrote: >> >>> For 64-bit, this is an entirely different story. The vsyscall page is >>> stuck in the fixmap forever, although I want to add a way for >>> userspace to opt out. The vvar page, hpet, etc could move into vmas, >>> though. I kind of want to do that anyway to allow processes to turn >>> off the ability to read the clock. >> >> Wait... you want to do what?! > > This isn't even my idea: > > commit 8fb402bccf203ecca8f9e0202b8fd3c937dece6f > Author: Erik Bosman <ebn...@few.vu.nl> > Date: Fri Apr 11 18:54:17 2008 +0200 > > generic, x86: add prctl commands PR_GET_TSC and PR_SET_TSC > > This patch adds prctl commands that make it possible > to deny the execution of timestamp counters in userspace. > If this is not implemented on a specific architecture, > prctl will return -EINVAL. > > Currently anything that tries to use the vdso will just crash if you > do that, and it fails to turn off direct HPET access. Fixing this > might be nice, but the current vvar implementation makes it > impossible. If you want to stick something in a seccomp sandbox and > make it very difficult for it to exploit timing side channels, then > this is important :) >
Yes, we'd have to switch the vdso to using syscall access. Doing that from inside a system call is... "interesting". -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/