On Thu, Sep 06, 2018 at 08:24:32AM -0700, John Baldwin wrote: > On 9/6/18 7:54 AM, Shawn Webb wrote: > > On Thu, Sep 06, 2018 at 02:03:10PM +0000, Alexander Motin wrote: > >> Author: mav > >> Date: Thu Sep 6 14:03:10 2018 > >> New Revision: 338494 > >> URL: https://svnweb.freebsd.org/changeset/base/338494 > >> > >> Log: > >> Add missing copyin() to access LUN and port ioctl arguments. > >> > >> Somehow this was working even after PTI in, at least on amd64, and got > >> broken by something only very recently. > > > > Is anyone investigating why the direct access still worked? > > PTI doesn't disable kernel access to user pages, it only disables > translation of kernel virtual addresses while in user mode. The thing that > catches this type of access is SMAP (which was only recently enabled on > x86).
Whoops. Blonde moment. I blame the lack of caffeine in my body when I wrote the email. Too many acronyms to keep track of when tired. ;) Thanks for the clarification. -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: [email protected] GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
