lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87myq9i2xk.fsf@basil.nowhere.org>
Date:	10 Feb 2008 10:19:35 +0100
From:	Andi Kleen <andi@...stfloor.org>
To:	Thomas Gleixner <tglx@...utronix.de>
Cc:	mingo@...e.hu, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] [3/5] CPA: Make advised protection check truly advisory

Thomas Gleixner <tglx@...utronix.de> writes:

> 2) I care about RO as much as I care about the NX correctness. That's
> the same logic and the same problem. If we have overlapping regions,
> then we need to split large pages. Otherwise both protections are
> useless to a certain degree.

That's laudable of you if you care about that so deeply, but then please just
fix try_preserve_large_page() to do that correctly.

But I suspect you will need some sort of range check for this anyways 
so applying  my patchkit as the foundation for your fix is probably
not a bad idea. I hope we can agree on the simple fact that without
ranges large pages cannot be handled correctly.
 
> 3) For correctness reasons I even ponder to make the NX/RO mandatory.

That might make sense for cpa, but is not a good idea for 
sharing these checks with init_memory_mapping() which was the main goal
for my patchkit. I plan to do some further changes in that 
area, but that first requires sharing of that code.

There you don't want to get into the mess of handling 4K pages for these 
boundaries because they are later split up anyways by cpa for the DEBUG_RODATA
case. You've previously complained about other code reimplementing
pageattr code and doing fine grained 4K splits in init_memory_mapping()
would be exactly that so I assume you wouldn't like that either.

That is why I only wanted to apply the required checks there,
to leave the exact work for later.

You have not previously commented on that aspect so I assume
it's ok for you.

-Andi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ