lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 10 Dec 2014 12:39:41 -0800
From:	Dave Hansen <dave.hansen@...ux.intel.com>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
CC:	Thomas Gleixner <tglx@...utronix.de>,
	LKML <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	the arch/x86 maintainers <x86@...nel.org>
Subject: Re: [GIT pull] x86 mpx support for 3.19

On 12/10/2014 11:49 AM, Linus Torvalds wrote:
> On Wed, Dec 10, 2014 at 11:41 AM, Dave Hansen
> <dave.hansen@...ux.intel.com> wrote:
>> But, this is the kind of option that we want to be *sure* is enabled
>> unless folks know exactly what they are doing, so we should probably
>> hide it behind CONFIG_EXPERT as well, just as SMEP is.
> 
> I disagree.
> 
> SMEP doesn't have any performance overhead, and SMEP is available in
> processors available today. So SMEP doesn't even have a config option,
> because there is no downside with having it on and enabled.

I misspoke there.  I meant SMAP (I placed MPX below its config option).

> MPX, in contrast, you don't even normally want to run at all as a
> normal user because of the overheads. That's going to be true even
> when it's available.

The overhead of turning the MPX config option on really is tiny.  We
have a few code touch points like around munmap(), but it should not be
noticeable.

One thing we are *not* doing under this config option is actually
instrumenting kernel code or doing any protection of the kernel itself.
 This is only about supporting user applications that are doing MPX.
This set contains no support for doing MPX _inside_ the kernel.

We probably need to mention this explicitly in the config option.  I've
added:

>           This option enables running applications which are
>           instrumented or otherwise use MPX.  It does not use MPX
>           itself inside the kernel or to protect the kernel
>           against bad memory references.


View attachment "x86-mpx-real-config-option.patch" of type "text/x-patch" (1685 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ