[PATCH 0/3] Batched user access support

public inbox for linux-arm-kernel@lists.infradead.org 
 help / color / mirror / Atom feed

From: hpa@zytor•com (H. Peter Anvin)
To: linux-arm-kernel@lists•infradead.org
Subject: [PATCH 0/3] Batched user access support
Date: Fri, 18 Dec 2015 10:33:25 -0800	[thread overview]
Message-ID: <56745175.9010006@zytor.com> (raw)
In-Reply-To: <20151218111346.GF30483@arm.com>

On 12/18/15 03:13, Will Deacon wrote:
> 
> From an implementation and performance point of view, this can certainly
> be used by arm64. My only concern is that we increase the region where
> PAN is disabled (that is, user accesses are permitted). Currently, that's
> carefully restricted to the single userspace access, but now it could
> easily include accesses to the kernel stack, perhaps even generated as
> a result of compiler spills.
> 
> I'm pretty unimaginative when it comes to security exploits, but that
> does sound worse than the current implementation from a security
> perspective.
> 

It is, but it is a tradeoff.  It is way better than opening it up for
the entire kernel.  In the end the only real way to avoid this is
compiler support, which I *have* discussed for x86 with the gcc people.
 gcc could avoid the back-to-back on and off and even batch accesses by
moving them into registers.

	-hpa

next prev parent reply	other threads:[~2015-12-18 18:33 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-17 18:33 [PATCH 0/3] Batched user access support Linus Torvalds
2015-12-18  9:44 ` Ingo Molnar
2015-12-18 17:06   ` Linus Torvalds
2015-12-18 11:13 ` Will Deacon
2015-12-18 18:33   ` H. Peter Anvin [this message]
2015-12-18 18:43     ` Linus Torvalds
2015-12-18 19:56 ` Russell King - ARM Linux
2015-12-18 20:18   ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56745175.9010006@zytor.com \
    --to=hpa@zytor$(echo .)com \
    --cc=linux-arm-kernel@lists$(echo .)infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox