| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Mar 2016 08:07:53 -0700 From: Khalid Aziz <khalid.aziz@...cle.com> To: David Miller <davem@...emloft.net> Cc: corbet@....net, akpm@...ux-foundation.org, dingel@...ux.vnet.ibm.com, zhenzhang.zhang@...wei.com, bob.picco@...cle.com, kirill.shutemov@...ux.intel.com, aneesh.kumar@...ux.vnet.ibm.com, aarcange@...hat.com, arnd@...db.de, sparclinux@...r.kernel.org, rob.gardner@...cle.com, mhocko@...e.cz, chris.hyser@...cle.com, richard@....at, vbabka@...e.cz, koct9i@...il.com, oleg@...hat.com, gthelen@...gle.com, jack@...e.cz, xiexiuqi@...wei.com, Vineet.Gupta1@...opsys.com, luto@...nel.org, ebiederm@...ssion.com, bsegall@...gle.com, geert@...ux-m68k.org, dave@...olabs.net, adobriyan@...il.com, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org, linux-arch@...r.kernel.org, linux-api@...r.kernel.org Subject: Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI) On 03/05/2016 09:07 PM, David Miller wrote: > From: Khalid Aziz <khalid.aziz@...cle.com> > Date: Wed, 2 Mar 2016 13:39:37 -0700 > >> In this >> first implementation I am enabling ADI for hugepages only >> since these pages are locked in memory and hence avoid the >> issue of saving and restoring tags. > > This makes the feature almost entire useless. > > Non-hugepages must be in the initial implementation. Hi David, Thanks for the feedback. I will get this working for non-hugepages as well. ADI state of each VMA region is already stored in the VMA itself in my first implementation, so I do not lose it when the page is swapped out. The trouble is ADI version tags for each VMA region have to be stored on the swapped out pages since the ADI version tags are flushed when TLB entry for a page is flushed. When that page is brought back in, its version tags have to be set up again. Version tags are set on cacheline boundary and hence there can be multiple version tags for a single page. Version tags have to be stored in the swap space somehow along with the page. I can start out with allowing ADI to be enabled only on pages locked in memory. > >> + PR_ENABLE_SPARC_ADI - Enable ADI checking in all pages in the address >> + range specified. The pages in the range must be already >> + locked. This operation enables the TTE.mcd bit for the >> + pages specified. arg2 is the starting address for address >> + range and must be page aligned. arg3 is the length of >> + memory address range and must be a multiple of page size. > > I strongly dislike this interface, and it makes the prtctl cases look > extremely ugly and hide to the casual reader what the code is actually > doing. > > This is an mprotect() operation, so add a new flag bit and implement > this via mprotect please. That is an interesting idea. Adding a PROT_ADI protection to mprotect() sounds cleaner. There are three steps to enabling ADI - (1) set PSTATE.mcde bit which is not tied to any VMA, (2) set TTE.mcd for each VMA, and (3) set the version tag on cacheline using MCD ASI. I can combine steps 1 and 2 in one mprotect() call. That will leave PR_GET_SPARC_ADICAPS and PR_GET_SPARC_ADI_STATUS prctl commands still to be implemented. PR_SET_SPARC_ADI is also used to check if the process has PSTATE.mcde bit set. I could use PR_GET_SPARC_ADI_STATUS to do that where return values of 0 and 1 mean the same as before and possibly add return value of 2 to mean PSTATE.mcde is not set? > > Then since you are guarenteed to have a consistent ADI setting for > every single VMA region, you never "lose" the ADI state when you swap > out. It's implicit in the VMA itself, because you'll store in the VMA > that this is an ADI region. > > I also want this enabled unconditionally, without any Kconfig knobs. > I can remove CONFIG_SPARC_ADI. It does mean this code will be built into 32-bit kernels as well but it will be inactive code. Thanks, Khalid
Powered by blists - more mailing lists