Re: [PATCH 07/32] mm: Bring back vmalloc_exec

From: Kent Overstreet
Date: Mon Jun 19 2023 - 20:42:02 EST

Next message: Danilo Krummrich: "[PATCH drm-next v5 00/14] [RFC] DRM GPUVA Manager & Nouveau VM_BIND UAPI"
Previous message: Yang Li: "[PATCH -next] RISC-V: KVM: Remove unneeded semicolon"
In reply to: Kees Cook: "Re: [PATCH 07/32] mm: Bring back vmalloc_exec"
Next in thread: Mark Rutland: "Re: [PATCH 07/32] mm: Bring back vmalloc_exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 19, 2023 at 12:45:43PM -0700, Kees Cook wrote:
> I think there's a misunderstanding here about the threat model I'm
> interested in protecting against for JITs. While making sure the VM of a
> JIT is safe in itself, that's separate from what I'm concerned about.
>
> The threat model is about flaws _elsewhere_ in the kernel that can
> leverage the JIT machinery to convert a "write anything anywhere anytime"
> exploit primitive into an "execute anything" primitive. Arguments can
> be made to say "a write anything flaw means the total collapse of the
> security model so there's no point defending against it", but both that
> type of flaw and the slippery slope argument don't stand up well to
> real-world situations.

Hey Kees, thanks for the explanation - I don't think this is a concern
for what bcachefs is doing, since we're not doing a full jit. The unpack
functions we generate only write to the 40 bytes pointed to by rsi; not
terribly useful as an execute anything primitive :)

Next message: Danilo Krummrich: "[PATCH drm-next v5 00/14] [RFC] DRM GPUVA Manager & Nouveau VM_BIND UAPI"
Previous message: Yang Li: "[PATCH -next] RISC-V: KVM: Remove unneeded semicolon"
In reply to: Kees Cook: "Re: [PATCH 07/32] mm: Bring back vmalloc_exec"
Next in thread: Mark Rutland: "Re: [PATCH 07/32] mm: Bring back vmalloc_exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]