[PATCH RESEND 1/4] uaccess: Add user_read_access_begin/end and user_write_access_begin/end
Kees Cook
keescook at chromium.org
Fri Apr 3 04:38:32 AEDT 2020
On Thu, Apr 02, 2020 at 07:03:28PM +0200, Christophe Leroy wrote:
> > What should we do about arm and s390? There we want a cookie passed
> > from beginning of block to its end; should that be a return value?
>
> That was the way I implemented it in January, see
> https://patchwork.ozlabs.org/patch/1227926/
>
> There was some discussion around that and most noticeable was:
>
> H. Peter (hpa) said about it: "I have *deep* concern with carrying state in
> a "key" variable: it's a direct attack vector for a crowbar attack,
> especially since it is by definition live inside a user access region."
I share this concern -- we want to keep user/kernel access as static as
possible. It should be provable with static analysis, etc (e.g. objtool
does this already for x86).
Since this doesn't disrupt existing R+W access, I'd prefer the design of
this series as-is.
--
Kees Cook
More information about the Linuxppc-dev
mailing list