| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 5 Aug 2012 01:10:51 +0100 From: "Dr. David Alan Gilbert" <dave@...blig.org> To: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com> Cc: Andrea Arcangeli <aarcange@...hat.com>, Hugh Dickins <hughd@...gle.com>, Peter Zijlstra <peterz@...radead.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Rik van Riel <riel@...hat.com>, Andrew Morton <akpm@...ux-foundation.org>, Nick Piggin <npiggin@...nel.dk>, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, linux-mm@...ck.org Subject: Re: [RFC] page-table walkers vs memory order * Paul E. McKenney (paulmck@...ux.vnet.ibm.com) wrote: > On Sat, Aug 04, 2012 at 11:59:10PM +0100, Dr. David Alan Gilbert wrote: <snip> > > A compiler could decide to dereference it using a non-faulting load, > > do the calculations or whatever on the returned value of the non-faulting > > load, and then check whether the load actually faulted, and whether the > > address matched the prediction before it did a store based on it's > > guess. > > Or the compiler could record a recovery address in a per-thread variable > before doing the speculative reference. The page-fault handler could > consult the per-thread variable and take appropriate action. The difference is that I'd expect a compiler writer to think that they've got a free hand in terms of instruction usage that the OS/library doesn't see - if it's in the instruction manual and it's marked as user space and non-faulting I'd say it's fair game; once they know that they're going to take a fault or mark pages specially then they already know they're going to have to cooperate with the OS, or worry about what other normal library calls are going to do. (A bit of googling seems to suggest IA64 and SPARC have played around with non-faulting load optimisations, but I can't tell how much.) > But both this approach and your approach are vulnerable to things like > having the speculation area mapped to (say) MMIO space. Not good! Not good for someone doing MMIO, but from an evil-compiler point of view, they might well assume that a pointer is to memory unless someone has made an effort to tell them otherwise (not that there is a good standard to do that). > So I am with Andrea on this one -- there would need to be some handshake > between kernel and compiler to avoid messing with possibly-unsafe > mappings. And I am still not much in favor of value speculation. ;-) Dave -- -----Open up your eyes, open up your mind, open up your code ------- / Dr. David Alan Gilbert | Running GNU/Linux | Happy \ \ gro.gilbert @ treblig.org | | In Hex / \ _________________________|_____ http://www.treblig.org |_______/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists