that's how i ran across this one, the size overflow plugin has an assert on functions with over 31 args, we never hit it before. now the real beauty is in the callers ;).
5
one wonders whether this professional beauty was let in to win the longest arg list award in linux: git.kernel.org/pub/scm/linux…
6
27
3
48
just stumbled upon another expertly reviewed KSPP commit: git.kernel.org/pub/scm/linux…. hint: ctrl-f is your friend to find this a few lines below: git.kernel.org/pub/scm/linux…
2
2
11
and of course if they're now supposed to swallow the perf impact of KAISER/PTI, they can just switch to a 64 bit kernel and call it a day. whatever way i look at it, we're covered, unlike upstream. really a shame for you guys having spent so much time and still come up short...
i backported our UDEREF/amd64 solution to 4.4 since it's a natural fit for address space separation (have had the logic for other purposes since 2009 or so). as for i386, how do you know if the segmentation based approach fails on CPUs that aren't 64 bit capable?
1
is it just me or did SPECTRE manifest @halvarflake's "weird machine" concept in real hardware? i hope someone's already working on a paper about the computational power of this machine.
5
2
9
i coined ASLR back in 2001 when i actually created it. you should know better since you were also around (sous bock? :). i also added ET_EXEC randomization on top of ET_DYN (PIE these days) because you said it wasn't possible... good memories!
2
7
7
never said you did. however you should then also know that PTI is missing key infrastructure that makes it impossible implement UDEREF.
2
this is what UDEREF/amd64 in PaX has been doing for years, you even knew of it not long ago: events.linuxfoundation.org/s… (slides 29/30)
2
3
6
the remote vs. local distinction made sense until 'remotely' an attacker couldn't program a UTM whereas he could do so 'locally'. browsers+javascript changed that and thus the boundaries blurred. ASLR was designed for the remote case only (and with known limitations even there).
1
if you mean the TLB hacking based PAGEEXEC method, its origins are somewhere else as mentioned in pax.grsecurity.net/docs/page… ;)
1
3
are you sure that PTI fixes this side channel? thing is, physically indexed caches don't really care which virtual address space the access comes from...
1
2
8
your baseline should be a tree that doesn't have even the preparatory patches for PTI, say 4.14.8/4.15-rc3(?) or earlier. also make sure your benchmark pegs the cores at 100% instead of waiting for I/O.
1
looks like we have a fix finally for nitter.vloup.ch/paxteam/status/9… ... only in time for lkml.org/lkml/2017/12/28/64 . maybe the holidays aren't the best time for such deep changes...
So now we know the answer to this: nitter.vloup.ch/grsecurity/statu…
It took two stable releases to fix this obvious double free and boot crash on systems using IPMI: git.kernel.org/pub/scm/linux…
3
4
