KSPP / linux

Linux kernel source tree (Kernel Self Protection Project)
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
Other
82 stars 5 forks source link

Harden userfaultfd against kernel-only access stalls #36

Closed kees closed 3 years ago

kees commented 4 years ago

There are attacks that depend on using userfaultfd to stall copy_from_user() calls to get precise timing and heap grooming. (For example https://duasynt.com/blog/linux-kernel-heap-spray) In order to defend against this, userfaultfd need to learn not to block accesses originating from the kernel itself.

Proposed series:

https://lore.kernel.org/lkml/20200211225547.235083-1-dancol@google.com/

kees commented 3 years ago

v5.11's commit d0d4730ac2e404a5b0da9a87ef38c73e51cb1664 implements the unprivileged_userfaultfd sysctl knob, which defaults to safe.