lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 11 Feb 2009 16:23:42 +0100
From:	Ingo Molnar <mingo@...e.hu>
To:	Pengfei Hu <hpfei.cn@...il.com>
Cc:	Vegard Nossum <vegard.nossum@...il.com>, akpm@...ux-foundation.org,
	torvalds@...ux-foundation.org, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org
Subject: Re: Using module private memory to simulate microkernel's memory
	protection


* Ingo Molnar <mingo@...e.hu> wrote:

> * Pengfei Hu <hpfei.cn@...il.com> wrote:
> 
> > >
> > > Hm, are you aware of the kmemcheck project?
> > >
> > >        Ingo
> > >
> > 
> > Frankly, I only know this project's name. Just when I nearly finished
> > this patch, I browsed http://git.kernel.org/ first time. I am only a
> > beginner in Linux kernel. Maybe I should first discuss before write
> > code. But I think it is not too late.
> > 
> > Can you tell me more about this project? I realy appreciate it.
> 
> Sure:

More info: kmemcheck was written by Vegard Nossum (and released more than
a year ago) and it uses similar principles as your patch: it enforces
memory usage constraints via pagetable access bits.

More description about kmemcheck can be found in the following LWN article:

  http://lwn.net/Articles/260068/

I think your idea of limiting execution to individual modules could perhaps
be combined with kmemcheck. It's the same general principle.

The difference is that your patch calls back from the page fault handler and
modifies the monitored pte's to present, brings in a TLB and then it modifies
it to not present. So the page can be accessed up until the TLB gets flushed.

Kmemcheck uses debug traps to execute a single instruction, and thus gets
finer grained control of what is visible to a task.

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ