tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: UVM and the NULL page



On Tue, Dec 27, 2016 at 02:12:59PM +0100, Wolfgang Solfrank wrote:
> Hi,
> 
> >Any cpu that doesn't require special instructions for copyin/out
> >is susceptible to user processes mapping code to address 0 and
> >converting a kernel 'jump through unset pointer' from a panic
> >into a massive security hole (executing process code with the
> >'supervisor' bit set).
> 
> Only if you do a naive implementation of copyin/out. Nothing prevents
> you from implementing copyin/out on these cpus by mapping only the
> relevant part of the user address space at some reserved address
> (maybe even one page at a time), do the copying and then unmap the
> user space part. No reason to share the user address space all the
> time.

That requires you do a full 'pmap' change on every system call
entry and exit - which will slow things down somewhat.
You don't even want to invalidate the use tlb.

	David

-- 
David Laight: david%l8s.co.uk@localhost


Home | Main Index | Thread Index | Old Index