Hi! > This is a prototype of espfix for the 64-bit kernel. espfix is a > workaround for the architectural definition of IRET, which fails to > restore bits [31:16] of %esp when returning to a 16-bit stack > segment. We have a workaround for the 32-bit kernel, but that > implementation doesn't work for 64 bits.
Just to understand the consequences -- we leak 16 bit of kernel data to the userspace, right? Because it is %esp, we know that we leak stack address, which is not too sensitive, but will make kernel address randomization less useful...? > The 64-bit implementation works like this: > > Set up a ministack for each CPU, which is then mapped 65536 times > using the page tables. This implementation uses the second-to-last > PGD slot for this; with a 64-byte espfix stack this is sufficient for > 2^18 CPUs (currently we support a max of 2^13 CPUs.) 16-bit stack segments on 64-bit machine. Who still uses it? Dosemu? Wine? Would the solution be to disallow that? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/