| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Sep 2014 14:31:03 -0700 From: Dave Hansen <dave.hansen@...el.com> To: Thomas Gleixner <tglx@...utronix.de> CC: Qiaowei Ren <qiaowei.ren@...el.com>, "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...hat.com>, x86@...nel.org, linux-mm@...ck.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v8 00/10] Intel MPX support On 09/12/2014 12:21 PM, Thomas Gleixner wrote: > On Thu, 11 Sep 2014, Dave Hansen wrote: >> +When #BR fault is produced due to invalid entry, bounds table will be >> +created in kernel on demand and kernel will not transfer this fault to >> +userspace. So usersapce can't receive #BR fault for invalid entry, and >> +it is not also necessary for users to create bounds tables by themselves. >> + >> +Certainly users can allocate bounds tables and forcibly point the bounds >> +directory at them through XSAVE instruction, and then set valid bit >> +of bounds entry to have this entry valid. But we have no way to track >> +the memory usage of these user-created bounds tables. In regard to this, >> +this behaviour is outlawed here. > > So what's the point of declaring it outlawed? Nothing as far as I can > see simply because you cannot enforce it. This is possible and people > simply will do it. All that we want to get across is: if the kernel didn't make the mess, we're not going to clean it up. Userspace is free to do whatever the heck it wants. But, if it wants the kernel to clean up the bounds tables, it needs to follow the rules we're laying out here. I think it boils down to two rules: 1. Don't move the bounds directory without telling the kernel. 2. The kernel will not free any memory which it did not allocate. >> +2) We will not support the case that multiple bounds directory entries >> +are pointed at the same bounds table. >> + >> +Users can be allowed to take multiple bounds directory entries and point >> +them at the same bounds table. See more information "Intel(R) Architecture >> +Instruction Set Extensions Programming Reference" (9.3.4). >> + >> +If userspace did this, it will be possible for kernel to unmap an in-use >> +bounds table since it does not recognize sharing. So this behavior is >> +also outlawed here. > > Again, this is nothing you can enforce and just saying its outlawed > does not prevent user space from doing it and then sending hard to > decode bug reports where it complains about mappings silently > vanishing under it. > > So all you can do here is to write up a rule set how well behaving > user space is supposed to use this facility and the kernel side of it. "Outlaw" was probably the wrong word. I completely agree that all we can do is set up a set of rules for what well-behaved userspace is expected to do. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists