Dmitry Safonov <0x7f454...@gmail.com> wrote:
> 2018-02-16 7:11 GMT+00:00 Cyrill Gorcunov :
>> On Thu, Feb 15, 2018 at 11:29:42PM +, Andy Lutomirski wrote:
>> ...
>> +bool pti_handle_segment_not_present(long error_code)
>> +{
>> + if (!static_cpu_has(X86_FEATURE_PTI))
>> +
2018-02-16 7:11 GMT+00:00 Cyrill Gorcunov :
> On Thu, Feb 15, 2018 at 11:29:42PM +, Andy Lutomirski wrote:
> ...
>> >>> +bool pti_handle_segment_not_present(long error_code)
>> >>> +{
>> >>> + if (!static_cpu_has(X86_FEATURE_PTI))
>> >>> + return false;
>> >>> +
>> >>> +
2018-02-15 20:02 GMT+00:00 Andy Lutomirski :
> On Thu, Feb 15, 2018 at 4:36 PM, Nadav Amit wrote:
>> Based on the understanding that there should be no way for userspace to
>> address the kernel-space from compatibility mode, disable it while
>> running in compatibility mode as long as the 64-bit
>> On Feb 15, 2018, at 4:08 PM, Linus Torvalds
>> wrote:
>>
>> On Thu, Feb 15, 2018 at 3:29 PM, Andy Lutomirski wrote:
>>
>> It's possible we could get away with adding the prctl but making the
>> default be that only the bitness that matches the program being run is
>> allowed. After all,
On Thu, Feb 15, 2018 at 11:29:42PM +, Andy Lutomirski wrote:
...
> >>> +bool pti_handle_segment_not_present(long error_code)
> >>> +{
> >>> + if (!static_cpu_has(X86_FEATURE_PTI))
> >>> + return false;
> >>> +
> >>> + if ((unsigned short)error_code != GDT_ENTRY_DEFAULT
Andy Lutomirski wrote:
> On Fri, Feb 16, 2018 at 12:42 AM, Linus Torvalds
> wrote:
>> On Thu, Feb 15, 2018 at 4:22 PM, Nadav Amit wrote:
>>> It is not too pretty, I agree, but it should do the work. There is only one
>>> problematic descriptor that can be used to switch from compatibility-mode
On Fri, Feb 16, 2018 at 12:42 AM, Linus Torvalds
wrote:
> On Thu, Feb 15, 2018 at 4:22 PM, Nadav Amit wrote:
>>
>> It is not too pretty, I agree, but it should do the work. There is only one
>> problematic descriptor that can be used to switch from compatibility-mode to
>> long-mode in the GDT (L
On Thu, Feb 15, 2018 at 4:22 PM, Nadav Amit wrote:
>
> It is not too pretty, I agree, but it should do the work. There is only one
> problematic descriptor that can be used to switch from compatibility-mode to
> long-mode in the GDT (LDT descriptors always have the L-bit cleared).
> Changing the d
On 16/02/2018 00:08, Linus Torvalds wrote:
> On Thu, Feb 15, 2018 at 3:29 PM, Andy Lutomirski wrote:
>> Linus, how would you feel about, by default, preventing 64-bit
>> programs from long-jumping to __USER32_CS and vice versa?
> How? It's a standard GDT entry. Are you going to start switching the
Linus Torvalds wrote:
> On Thu, Feb 15, 2018 at 3:29 PM, Andy Lutomirski wrote:
>> It's possible we could get away with adding the prctl but making the
>> default be that only the bitness that matches the program being run is
>> allowed. After all, it's possible that CRIU is literally the only
On Thu, Feb 15, 2018 at 3:29 PM, Andy Lutomirski wrote:
>
> It's possible we could get away with adding the prctl but making the
> default be that only the bitness that matches the program being run is
> allowed. After all, it's possible that CRIU is literally the only
> program that switches bit
On Thu, Feb 15, 2018 at 8:58 PM, Nadav Amit wrote:
> Andy Lutomirski wrote:
>
>> On Thu, Feb 15, 2018 at 4:36 PM, Nadav Amit wrote:
>>> Based on the understanding that there should be no way for userspace to
>>> address the kernel-space from compatibility mode, disable it while
>>> running in co
Andy Lutomirski wrote:
> On Thu, Feb 15, 2018 at 4:36 PM, Nadav Amit wrote:
>> Based on the understanding that there should be no way for userspace to
>> address the kernel-space from compatibility mode, disable it while
>> running in compatibility mode as long as the 64-bit code segment of the
On Thu, Feb 15, 2018 at 4:36 PM, Nadav Amit wrote:
> Based on the understanding that there should be no way for userspace to
> address the kernel-space from compatibility mode, disable it while
> running in compatibility mode as long as the 64-bit code segment of the
> user is not used.
>
> Reenab
Based on the understanding that there should be no way for userspace to
address the kernel-space from compatibility mode, disable it while
running in compatibility mode as long as the 64-bit code segment of the
user is not used.
Reenabling PTI is performed by restoring NX-bits to the userspace
map
15 matches
Mail list logo