Re: UVM and the NULL page

To: Wolfgang Solfrank <Wolfgang%Solfrank.net@localhost>
Subject: Re: UVM and the NULL page
From: David Laight <david%l8s.co.uk@localhost>
Date: Thu, 29 Dec 2016 20:41:00 +0000

On Tue, Dec 27, 2016 at 02:12:59PM +0100, Wolfgang Solfrank wrote:
> Hi,
> 
> >Any cpu that doesn't require special instructions for copyin/out
> >is susceptible to user processes mapping code to address 0 and
> >converting a kernel 'jump through unset pointer' from a panic
> >into a massive security hole (executing process code with the
> >'supervisor' bit set).
> 
> Only if you do a naive implementation of copyin/out. Nothing prevents
> you from implementing copyin/out on these cpus by mapping only the
> relevant part of the user address space at some reserved address
> (maybe even one page at a time), do the copying and then unmap the
> user space part. No reason to share the user address space all the
> time.

That requires you do a full 'pmap' change on every system call
entry and exit - which will slow things down somewhat.
You don't even want to invalidate the use tlb.

	David

-- 
David Laight: david%l8s.co.uk@localhost

References:
- Re: UVM and the NULL page
  - From: Pierre Pronchery
- Re: UVM and the NULL page
  - From: Maxime Villard
- Re: UVM and the NULL page
  - From: Joerg Sonnenberger
- Re: UVM and the NULL page
  - From: Paul Goyette
- Re: UVM and the NULL page
  - From: Wolfgang Solfrank
- Re: UVM and the NULL page
  - From: Maxime Villard
- Re: UVM and the NULL page
  - From: Thor Lancelot Simon
- Re: UVM and the NULL page
  - From: Eduardo Horvath
- Re: UVM and the NULL page
  - From: David Laight
- Re: UVM and the NULL page
  - From: Wolfgang Solfrank

Prev by Date: Re: vrele vs. syncer deadlock
Next by Date: Another kvm user can go away?
Previous by Thread: Re: UVM and the NULL page
Next by Thread: Re: UVM and the NULL page
Indexes:

Home | Main Index | Thread Index | Old Index