On Mon, Nov 9, 2015 at 3:45 PM, Davide Libenzi <[email protected]> wrote:
> On Mon, Nov 9, 2015 at 3:41 PM, Davide Libenzi <[email protected]> > wrote: > >> More importantly, what happens if the user picks an address close to the >>> border of the an area where it does not have access, but the string goes >>> into that area. For instance, in copy_to_user, I think the user could >>> pick UWLIM - 1, then trick the kernel into writing above that into >>> memory that is read-only. >>> >> >> The code assume that there is one (at least) separation page between user >> and kernel VMAs. >> Should have made it more clear. >> > > Never mind, sorry, that needs fixing. > Counter never mind ☺ that would have worked, but I changed the code to remove the usual page red zone. About the unlikely on *src/*dst, it's not even 1/8 or 7/8 actually. The thing is, in a loop like that, to not pay the branch miss the first time. The ones after that, while within that loop, at that time, are predicated using the dynamic branch predictor, because even one entry there, overrides the i-know-nothing-about initial static branch hint. -- You received this message because you are subscribed to the Google Groups "Akaros" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
