Hi Hugh,
On Wed, Dec 19, 2018 at 01:12:58PM -0800, Hugh Dickins wrote:
> > is_cow_mapping() returns true if the VM_MAYWRITE flag is set and
> > VM_SHARED is not set - this suggests a private & potentially-writable
> > area, right? That fits in nicely with an area we'd want to COW. Why then
> >
On Wed, 19 Dec 2018, Paul Burton wrote:
> On Sat, Dec 15, 2018 at 11:19:37AM -0800, Andy Lutomirski wrote:
> > The really simple but possibly suboptimal fix is to get rid of
> > VM_WRITE and to use get_user_pages(..., FOLL_FORCE) to write to it.
>
> I actually wound up trying this route because
Hello,
On Sat, Dec 15, 2018 at 11:19:37AM -0800, Andy Lutomirski wrote:
> The really simple but possibly suboptimal fix is to get rid of
> VM_WRITE and to use get_user_pages(..., FOLL_FORCE) to write to it.
I actually wound up trying this route because it seemed like it would
produce a nice
Hi,
On Mon, Dec 17, 2018 at 01:55:28AM +, Maciej W. Rozycki wrote:
> As to actual implementations I believe all the Cavium Octeon line CPUs
> (David, please correct me if I am wrong) have no FPU and they have vendor
> extensions beyond the base ISA + ASE instruction set. Arguably you
On Sun, 16 Dec 2018, Rich Felker wrote:
> So in theory it's possible that there's a cpu model with fancy new
> core instructions but no fpu. In this case, you would need the
> capability to emulate or execute-out-of-line these instructions. But I
> have no idea if such cpu models actually exist.
On Sun, Dec 16, 2018 at 10:59:19AM -0800, Andy Lutomirski wrote:
> On Sun, Dec 16, 2018 at 10:13 AM Rich Felker wrote:
> >
> > On Sun, Dec 16, 2018 at 01:50:13PM +, Maciej W. Rozycki wrote:
> > > On Sat, 15 Dec 2018, Rich Felker wrote:
> > >
> > >
> > > It doesn't help that information about
On Sun, 16 Dec 2018, Andy Lutomirski wrote:
> > I think it suffices to emulate what compilers generate in delay slots,
> > which should be fairly minimal and stable. At the very least we could
> > enumerate everything GCC and LLVM already emit there, and get them to
> > upstream a policy of not
On Sun, Dec 16, 2018 at 10:13 AM Rich Felker wrote:
>
> On Sun, Dec 16, 2018 at 01:50:13PM +, Maciej W. Rozycki wrote:
> > On Sat, 15 Dec 2018, Rich Felker wrote:
> >
> >
> > It doesn't help that information about that is scattered across many
> > documents. You can check for the NODS flag
On Sun, Dec 16, 2018 at 1:22 AM Paul Burton wrote:
>
> Hi Andy,
>
> On Sat, Dec 15, 2018 at 11:19:37AM -0800, Andy Lutomirski wrote:
> > Some security researchers pointed out that writing to the delay slot
> > emulation page is a great exploit technique on MIPS. It was
> > introduced in:
> >
> >
On Sun, Dec 16, 2018 at 01:50:13PM +, Maciej W. Rozycki wrote:
> On Sat, 15 Dec 2018, Rich Felker wrote:
>
> > > I think "trivial" is an understatement, you at least need to decode the
> > > delay-slot instruction enough to tell privileged and user instructions
> > > apart and send SIGILL
On Sat, Dec 15, 2018 at 09:26:45PM +, Paul Burton wrote:
> > The really nice but less compatible fix would be to let processes or
> > even the whole system opt out by promising not to put anything in FPU
> > branch delay slots, of course.
>
> The ultimate fix comes with a switch to the
On Sat, 15 Dec 2018, Rich Felker wrote:
> > I think "trivial" is an understatement, you at least need to decode the
> > delay-slot instruction enough to tell privileged and user instructions
> > apart and send SIGILL where appropriate. Some user instructions send
> > exceptions too and you
On Sun, Dec 16, 2018 at 02:15:38AM +, Maciej W. Rozycki wrote:
> On Sat, 15 Dec 2018, Rich Felker wrote:
>
> > > A possibly nicer way to accomplish more or less the same thing would
> > > be to allocate the area with _install_special_mapping() and arrange to
> > > keep a reference to the
On Sat, 15 Dec 2018, Rich Felker wrote:
> > A possibly nicer way to accomplish more or less the same thing would
> > be to allocate the area with _install_special_mapping() and arrange to
> > keep a reference to the struct page around.
> >
> > The really nice but less compatible fix would be to
On Sat, Dec 15, 2018 at 11:19:37AM -0800, Andy Lutomirski wrote:
> Hi all-
>
> Some security researchers pointed out that writing to the delay slot
> emulation page is a great exploit technique on MIPS. It was
> introduced in:
>
> commit 432c6bacbd0c16ec210c43da411ccc3855c4c010
> Author: Paul
Hi Andy,
On Sat, Dec 15, 2018 at 11:19:37AM -0800, Andy Lutomirski wrote:
> Some security researchers pointed out that writing to the delay slot
> emulation page is a great exploit technique on MIPS. It was
> introduced in:
>
> commit 432c6bacbd0c16ec210c43da411ccc3855c4c010
> Author: Paul
Hi all-
Some security researchers pointed out that writing to the delay slot
emulation page is a great exploit technique on MIPS. It was
introduced in:
commit 432c6bacbd0c16ec210c43da411ccc3855c4c010
Author: Paul Burton
Date: Fri Jul 8 11:06:19 2016 +0100
MIPS: Use per-mm page to
17 matches
Mail list logo