On Tue, May 3, 2016 at 2:43 PM, Dave Hansen <dave.han...@intel.com> wrote: > On 05/03/2016 02:31 PM, Andy Lutomirski wrote: >> Having actually read the erratum: how can this affect Linux at all >> under any scenario where user code hasn't already completely >> compromised the kernel? >> >> I.e. why do we care about this erratum? > > First of all, with SMEP, it doesn't affect us. At all. > > Without SMEP, there would have to be a page accessible to userspace that > the kernel executes instructions from. The only thing that I can think > of that's normally user-accessible and not _controlled_ by userspace is > the VDSO. But the kernel never actually executes from it, so it doesn't > matter here. > > I've heard reports of (but no actual cases in the wild of) folks > remapping kernel text to be user-accessible so that userspace can > execute it, or of having the kernel jump into user-provided libraries. > Those are both obviously bonkers and would only be done with out-of-tree > gunk, but even if somebody did that, they would be safe from the > erratum, with this workaround. > >
I'm not convinced this is worth adding any code for, though. If someone adds out of tree crap that does this and manually turns off SMEP, I think they should get to keep both pieces. Frankly, I think I'd *prefer* if the kernel crashed when calling user addresses like that just to discourage it. -- Andy Lutomirski AMA Capital Management, LLC
