On Fri, Jan 5, 2018 at 10:30 AM, Borislav Petkov <[email protected]> wrote: > On Fri, Jan 05, 2018 at 10:01:23AM -0800, Andy Lutomirski wrote: >> Yes. There are very clever tools like 'pin' that instrument a binary >> by decoding all the instructions it executes and generating an >> instrumented copy. If that binary calls into the vDSO, the vDSO gets >> decoded and instrumented (which works fine). If the binary calls into >> the vsyscall page, it still needs to work. So the vsyscall page >> contains machine code that actually works (even if it's NX) to support >> these tools. The authors and users of the tools yelled loudly in an >> earlier version of the vsyscall emulation code that didn't support >> this use case. > > It rings a bell... > >> The root cause here is that 4.4 is KAISER, not KPTI. The >> kaiser_set_shadow_pgd() function is a steaming pile of shit, and this >> is a known bug in it. > > Tell me about it. > > We found out last night it breaks EFI too, see: > > https://lkml.kernel.org/r/[email protected] > > To put it mildly, this new PTI et al crap will bring us a lot of fun in > the coming year. I tell ya, a year from now we'll be dealing with the > fallout from this. > >> I have zero desire to hack up some stupid special case in there. For >> the modern KPTI kernels, I rewrote that function entirely to be much >> simpler and much more correct. >> >> It should be straightforward to kludge something up, though, but I'm >> not volunteering. > > Yeah, I think adding _PAGE_RW into the mix should fix it but I need to > give it a try first. >
Not _PAGE_RW. Probably _PAGE_USER somewhere in the hierarchy.
