On Mon, Apr 27, 2015 at 8:46 AM, Borislav Petkov <b...@alien8.de> wrote: > > Right, what about the false positives:
Anybody who tries to return to kernel addresses with sysret is suspect. It's more likely to be an attack vector than anything else (ie somebody who is trying to take advantage of a CPU bug). I don't think there are any false positives. The only valid sysret targets are in normal user space. There's the "vsyscall" area, I guess, but we are actively discouraging people from using it (it's emulated by default) and using iret to return from it is fine if somebody ends up using it natively. It was a mistake to have fixed addresses with known code in it, so I don't think we should care. We've had the inexact version for a long time, and the exact canonical address check hasn't even hit my tree yet. I wouldn't worry about it. And since we haven't even merged the "better check for canonical addresses" it cannot even be a regression if we never really use it. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/