kees
commented
3 years ago Some of Pengfei Wang's reported bugs, fixed in 2016: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=Pengfei+Wang
Open kees opened 4 years ago
kees
commented
3 years ago Some of Pengfei Wang's reported bugs, fixed in 2016: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=Pengfei+Wang
gregkh
commented
5 months ago "Safefetch" aims to solve this. Kernel can be found at https://github.com/vusec/safefetch and the paper is at https://download.vusec.net/papers/safefetch_sec24.pdf
Turning that into something that could be actually merged would be a great project for people to work on, if they are looking for stuff to do :)
kees
commented
4 months ago It'd be lovely to see this upstreamed. Looks like it at least needs updating; it's based on v5.11.
gatlinnewhouse
commented
3 weeks ago I isolated the commits from the safefetch repo into a patch, applied them to the v5.11 tag in my tree on a new branch. I merged said branch into a v5.12 tag, but still need to test before pushing that branch upstream.
Tests consist of removing the patch mentioned here in order to run the poc against the safefetch patched kernel.
Current testing requires a full Ubuntu VM. My baremetal Arch install failed to boot a safefetch v5.11 kernel, and buildroot/busybox qemu failed to run the poc and produce the relevant dmesg warnings.
I am working to move this forward to a recent rc so I can submit the patch to relevant maintainers. I am also updating to a more recent gcc version, and figuring out a testing setup with buildroot/busybox rootfs.
It'd be nice to find a generalized approach to avoiding double-reads from userspace memory. There are some coccinelle scripts to find these code patterns, but performing some kind of kernel-side caching of userspace memory would be more robust.
Threads: 2016: https://lore.kernel.org/cocci/20160426222442.GA8104@www.outflux.net/ 2017: https://lore.kernel.org/lkml/20170109231323.GA89642@beast/