tag:blogger.com,1999:blog-385094692918992828.post8133942170313035448..comments2022-10-18T15:59:36.194-07:00Comments on SIMPLE IS BETTER: Implement software-based SMEP with Non-Execute (NX) bit in page tables to secure kernel/user virtual memory address space.Anababahttp://www.blogger.com/profile/12583828764274874899noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-385094692918992828.post-3516335242799298372014-11-21T03:46:45.889-08:002014-11-21T03:46:45.889-08:00as i said earlier, this code has been in PaX for o...as i said earlier, this code has been in PaX for over a year now already, look for STRONGUDEREF to find most of the related code.PaX Teamhttp://pax.grsecurity.netnoreply@blogger.comtag:blogger.com,1999:blog-385094692918992828.post-21336286810615188282014-11-20T21:38:58.891-08:002014-11-20T21:38:58.891-08:00Ok, It seems that I saw UDEREF/amd64 with PCID/INV...Ok, It seems that I saw UDEREF/amd64 with PCID/INVPCID support<br />in the patch http://grsecurity.net/stable/grsecurity-3.0-3.14.24-201411150026.patch Anababahttps://www.blogger.com/profile/12583828764274874899noreply@blogger.comtag:blogger.com,1999:blog-385094692918992828.post-78569477975944314732014-11-20T21:32:38.865-08:002014-11-20T21:32:38.865-08:00I see.. let me know after you've done that. So...I see.. let me know after you've done that. So, the code patch is ready for use/testing as you mentioned, right? Anababahttps://www.blogger.com/profile/12583828764274874899noreply@blogger.comtag:blogger.com,1999:blog-385094692918992828.post-85875232136864160942014-11-20T19:40:42.686-08:002014-11-20T19:40:42.686-08:00that's because i haven't written it yet ;)...that's because i haven't written it yet ;), but it'll be on the grsecurity blog.PaX Teamhttp://pax.grsecurity.netnoreply@blogger.comtag:blogger.com,1999:blog-385094692918992828.post-17450802598799799522014-11-20T18:02:52.834-08:002014-11-20T18:02:52.834-08:00That's great!
Could you share me with the link...That's great!<br />Could you share me with the link of that blog for CR4.PCID? I didn't get it by asking google searching :(Anababahttps://www.blogger.com/profile/12583828764274874899noreply@blogger.comtag:blogger.com,1999:blog-385094692918992828.post-3548712918141381602014-11-20T08:14:32.580-08:002014-11-20T08:14:32.580-08:00> not sure if this is OK
this is how UDEREF/am...> not sure if this is OK<br /><br />this is how UDEREF/amd64 works actually when PCID support is detected ;).PaX Teamhttp://pax.grsecurity.netnoreply@blogger.comtag:blogger.com,1999:blog-385094692918992828.post-32658190010817436112014-11-18T17:15:09.426-08:002014-11-18T17:15:09.426-08:00>>> "of interest may be that for abo...>>> "of interest may be that for about a year now UDEREF/amd64 also uses PCID/INVPCID when available (though i have yet to blog about that part ;)." <br />this is interested. recently I also have idea to use PCID (process context ID) to separate kernel/user virtual address space, for example, using different CR3 (with different PCID field) for user and kernel address base pointer even for the same process. not sure if this is OK. It seems ARM can use TTBR0 and TTBR0 to separate privileged and unprivileged space (I'm a newbie for ARM)<br /><br />>> "https://forums.grsecurity.net/viewtopic.php?f=7&t=3292" <br />this is a great post, I read this when I started to read MMU arch in ARM architecture :) <br /><br />Anababahttps://www.blogger.com/profile/12583828764274874899noreply@blogger.comtag:blogger.com,1999:blog-385094692918992828.post-20739414690098161592014-11-18T13:07:07.814-08:002014-11-18T13:07:07.814-08:00a few more comments:
1.the SMEP sort of equivalen...a few more comments:<br /><br />1.the SMEP sort of equivalent is more like KERNEXEC/i386, and SMAP is more like UDEREF/i386.<br />2. on amd64 the water is muddier as UDEREF implements part of KERNEXEC (the non-exec userland sub-feature).<br />3. of interest may be that for about a year now UDEREF/amd64 also uses PCID/INVPCID when available (though i have yet to blog about that part ;).<br />4. there's also an ARM implementation of both features that uses various paging tricks by spender (https://forums.grsecurity.net/viewtopic.php?f=7&t=3292).PaX Teamhttp://pax.grsecurity.netnoreply@blogger.comtag:blogger.com,1999:blog-385094692918992828.post-82564348223535128882014-11-17T17:16:04.057-08:002014-11-17T17:16:04.057-08:00Thanks for sharing, that would be good. I thought ...Thanks for sharing, that would be good. I thought it only implemented smep with segment/limit feature. :)Anababahttps://www.blogger.com/profile/12583828764274874899noreply@blogger.comtag:blogger.com,1999:blog-385094692918992828.post-72740010975985868922014-11-17T09:20:05.341-08:002014-11-17T09:20:05.341-08:00you should probably study PaX and its UDEREF/KERNE...you should probably study PaX and its UDEREF/KERNEXEC features as all this has been implemented for years now ;)PaX Teamhttp://pax.grsecurity.netnoreply@blogger.com