From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id BA7B7B2F for ; Mon, 23 Jan 2017 21:53:40 +0000 (UTC) Received: from mail-vk0-f51.google.com (mail-vk0-f51.google.com [209.85.213.51]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B61E114F for ; Mon, 23 Jan 2017 21:53:39 +0000 (UTC) Received: by mail-vk0-f51.google.com with SMTP id t8so100124214vke.3 for ; Mon, 23 Jan 2017 13:53:39 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: <31033.1485168526@warthog.procyon.org.uk> <5024.1485203788@warthog.procyon.org.uk> From: Andy Lutomirski Date: Mon, 23 Jan 2017 13:53:18 -0800 Message-ID: To: Matthew Wilcox Content-Type: text/plain; charset=UTF-8 Cc: Greg Kroah-Hartman , Josh Armour , "ksummit-discuss@lists.linuxfoundation.org" , "linux-mm@kvack.org" Subject: Re: [Ksummit-discuss] security-related TODO items? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Mon, Jan 23, 2017 at 12:59 PM, Matthew Wilcox wrote: > Why put it in the user address space? As I said earlier in this thread, we > want the facility to run code from kernel addresses in user mode, limited to > only being able to access its own stack and the user addresses. Of course it > should also be able to make syscalls, like mmap. Would you believe I've already started prototyping this (the kernel-code-in-user-mode part, not the execve part)? As a practical matter, though, I think the implementation would be *much* simpler if code running in user mode sees user addresses. Otherwise we'd end up with very messy and constrained code on single-address-space arches like x86 and we might not be able to implement it at all on split-address-space arches like s390. That being said, writing a bit of PIC code that parses the ELF file, finds some unused address space, and relocates itself out of the way shouldn't be *that* hard. --Andy