| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Nov 2017 11:03:28 -0800 From: Andrew Waterman <andrew@...ive.com> To: linux-kernel@...r.kernel.org Subject: Re: [patches] RE: [PATCH 3/4] RISC-V: Flush I$ when making a dirty page executable On Wed, Nov 22, 2017 at 9:38 AM, Palmer Dabbelt <palmer@...ive.com> wrote: > On Tue, 21 Nov 2017 08:57:07 PST (-0800), David.Laight@...LAB.COM wrote: >> >> From: Palmer Dabbelt >>> >>> Sent: 20 November 2017 18:58 >>> >>> The RISC-V ISA allows for instruction caches that are not coherent WRT >>> stores, even on a single hart. As a result, we need to explicitly flush >>> the instruction cache whenever marking a dirty page as executable in >>> order to preserve the correct system behavior. >> >> >> Isn't the I-flush only needed if there has been an unmap since the >> previous I-flush? >> Since code is rarely unmapped (exec and driver unload come to mind) >> the I-flush won't be needed very often. > > > There's nothing in the RISC-V ISA that prevents the instruction cache from > caching read-only (or even unmapped!) pages. Instructions fetched this > manner could never commit, but they could fill up the icache with garbage. > I believe that means we need to flush on dirty->execute, but if I'm wrong > I'm happy to change it. Palmer is right about the ISA semantics; a FENCE.I needs to be executed before executing any code that has been (physically) modified, because any physical address could reside stale in the I$, regardless of past virtual-memory permissions. The approach we took to handle this (executing FENCE.I when a phsyically dirty page becomes executable) is also used by the arm64 port.
Powered by blists - more mailing lists