Re: CVS commit: src/sys/arch

[Maxime Villard <max%m00nbsd.net@localhost>]

Le 03/08/2017 à 22:38, Joerg Sonnenberger a écrit :
> On Thu, Aug 03, 2017 at 04:20:45PM +0200, Maxime Villard wrote:
> > > I was more thinking in terms of a single page in kernel VA, not in user
> > > VA. That would side step most of the issues with dynamic LDT or having
> > > to patch up the default LDT on context switches. That said, the latter
> > > wouldn't be that difficult either, given that we already do that for the
> > > GDT.
> >
> > Mmh, not sure what you mean. If you mean a page that is a kernel page (in the
> > sense of not having PG_u), then it's a privileged call gate, and we're back
> > on the first issue (being in kernel mode, with user segment registers, and
> > interrupts enabled). If you mean a page this a userland page (with PG_u), but
> > located in the kernel VA range, that's not a good idea: it all of a sudden
> > makes the map less consistent, and it is more complicated since the upper
> > levels of the page tree need to have PG_u too.
>
> I was thinking of a page in the kernel VA range that is accessible for
> userland. I thought we had some of those already for the comm page, but
> I might be misremember.

Ok, so it was my second guess. As I said, I don't think it's a good idea if
we start mixing userland-kernel VAs. As far as I can tell, it is not already
the case - if it were, I would have probably tried to fix it, because it is
error-prone.

> We can also put it at the top of the user VA
> range of course, i.e. where the stack used to originate.

We can; but this would be an executable page at a fixed location, and by
definition it violates ASLR. Even more so if the page happens to contain
instruction patterns suitable for all kinds of exploits...

Maxime