On Fri, Feb 14, 2025 at 12:24 AM Jennifer Miller wrote:
> On Thu, Feb 13, 2025 at 09:24:18PM +, Andrew Cooper wrote:
> > On 13/02/2025 7:23 pm, Jann Horn wrote:
> > > How would we actually do that overwriting and restoring of
> > > KERNEL_GS_BASE? Would we need
On Thu, Feb 13, 2025 at 9:53 PM Kees Cook wrote:
> On Thu, Feb 13, 2025 at 08:41:16PM +, Andrew Cooper wrote:
> > On 13/02/2025 8:28 pm, Kees Cook wrote:
> > > On Thu, Feb 13, 2025 at 01:31:30AM +, Andrew Cooper wrote:
> > Assuming this is an issue you all feel is worth addressing, I
On Thu, Feb 13, 2025 at 7:15 AM Jennifer Miller wrote:
> On Wed, Feb 12, 2025 at 11:29:02PM +0100, Jann Horn wrote:
> > +Andy Lutomirski (X86 entry code maintainer)
> >
> > On Wed, Feb 12, 2025 at 10:08 PM Jennifer Miller wrote:
> > > As part of a recently accep
On Thu, Feb 13, 2025 at 2:31 AM Andrew Cooper wrote:
> >> Assuming this is an issue you all feel is worth addressing, I will
> >> continue working on providing a patch. I'm concerned though that the
> >> overhead from adding a wrmsr on both syscall entry and exit to
> >> overwrite and restore the
+Andy Lutomirski (X86 entry code maintainer)
On Wed, Feb 12, 2025 at 10:08 PM Jennifer Miller wrote:
> As part of a recently accepted paper we demonstrated that syscall
> entrypoints can be misused on x86-64 systems to generically bypass
> FineIBT/KERNEL_IBT from forwards-edge control flow hijack
On Mon, Feb 10, 2025 at 7:36 PM Valentin Schneider wrote:
> What if isolated CPUs unconditionally did a TLBi as late as possible in
> the stack right before returning to userspace? This would mean that upon
> re-entering the kernel, an isolated CPU's TLB wouldn't contain any kernel
> range transla
On Fri, Jan 17, 2025 at 4:25 PM Valentin Schneider wrote:
> On 14/01/25 19:16, Jann Horn wrote:
> > On Tue, Jan 14, 2025 at 6:51 PM Valentin Schneider
> > wrote:
> >> vunmap()'s issued from housekeeping CPUs are a relatively common source of
> >> interf
On Tue, Jan 14, 2025 at 6:51 PM Valentin Schneider wrote:
> vunmap()'s issued from housekeeping CPUs are a relatively common source of
> interference for isolated NOHZ_FULL CPUs, as they are hit by the
> flush_tlb_kernel_range() IPIs.
>
> Given that CPUs executing in userspace do not access data i
On Fri, Dec 6, 2024 at 11:13 AM Kevin Brodsky wrote:
> This is a proposal to leverage protection keys (pkeys) to harden
> critical kernel data, by making it mostly read-only. The series includes
> a simple framework called "kpkeys" to manipulate pkeys for in-kernel use,
> as well as a page table h
On Thu, Aug 29, 2024 at 2:38 AM Kees Cook wrote:
> On Tue, Aug 27, 2024 at 09:09:49PM -0700, Juefei Pu wrote:
> > Hello,
> > We found the following null-pointer-dereference issue using syzkaller
> > on Linux v6.10.
>
> In seccomp! Yikes.
>
> > Unfortunately, the syzkaller failed to generate a repr
On Thu, Aug 29, 2024 at 2:38 AM Kees Cook wrote:
> On Tue, Aug 27, 2024 at 09:09:49PM -0700, Juefei Pu wrote:
> > Hello,
> > We found the following null-pointer-dereference issue using syzkaller
> > on Linux v6.10.
>
> In seccomp! Yikes.
>
> > Unfortunately, the syzkaller failed to generate a repr
On Thu, Jun 20, 2024 at 11:23 PM Javier Carrasco
wrote:
>
> Use the struct_size macro to calculate the size of the tll, which
> includes a trailing flexible array.
>
> Signed-off-by: Javier Carrasco
>
> ---
> The memory allocation used to be carried out in two steps:
>
> tll = devm_kzalloc(dev, s
On Mon, Mar 4, 2024 at 3:02 AM Jiangfeng Xiao wrote:
> When the last instruction of a noreturn function is a call
> to another function, the return address falls outside
> of the function boundary. This seems to cause kernel
> to interrupt the backtrace.
[...]
> Delete __noreturn from usercopy_abo
On Sun, Feb 18, 2024 at 8:47 AM Greg KH wrote:
>
> On Sun, Feb 18, 2024 at 03:35:01PM +0800, Guixiong Wei wrote:
> > From: Guixiong Wei
> >
> > Restrict non-privileged user access to /sys/kernel/notes to
> > avoid security attack.
> >
> > The non-privileged users have read access to notes. The no
On Wed, Nov 1, 2023 at 11:57 AM Mickaël Salaün wrote:
> On Tue, Oct 31, 2023 at 09:40:59PM +0100, Stefan Bavendiek wrote:
> > On Tue, Oct 24, 2023 at 11:07:14AM -0500, Serge E. Hallyn wrote:
> > > In 2005, before namespaces were upstreamed, I posted the 'bsdjail' LSM,
> > > which briefly made it i
On Wed, Oct 25, 2023 at 7:22 PM Serge E. Hallyn wrote:
>
> On Wed, Oct 25, 2023 at 07:10:07PM +0200, Jann Horn wrote:
> > On Tue, Oct 24, 2023 at 3:46 PM Serge E. Hallyn wrote:
> > > Disabling them altogether would break lots of things depending on them,
> > >
On Tue, Oct 24, 2023 at 3:46 PM Serge E. Hallyn wrote:
> Disabling them altogether would break lots of things depending on them,
> like X :) (@/tmp/.X11-unix/X0).
FWIW, X can connect over both filesystem-based unix domain sockets and
abstract unix domain sockets. When a normal X client tries to
On Fri, Sep 29, 2023 at 7:29 PM Kees Cook wrote:
> On Fri, Sep 29, 2023 at 05:42:11PM +0200, Gustavo A. R. Silva wrote:
> > `struct urb` is a flexible structure, which means that it contains a
> > flexible-array member at the bottom. This could potentially lead to an
> > overwrite of the object `w
On Fri, Sep 29, 2023 at 5:42 PM Gustavo A. R. Silva
wrote:
> `struct urb` is a flexible structure, which means that it contains a
> flexible-array member at the bottom. This could potentially lead to an
> overwrite of the object `wq` at run-time with the contents of `urb`.
>
> Fix this by placing
19 matches
Mail list logo
