lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <56DD9949.1000106@oracle.com>
Date:	Mon, 7 Mar 2016 08:07:53 -0700
From:	Khalid Aziz <khalid.aziz@...cle.com>
To:	David Miller <davem@...emloft.net>
Cc:	corbet@....net, akpm@...ux-foundation.org,
	dingel@...ux.vnet.ibm.com, zhenzhang.zhang@...wei.com,
	bob.picco@...cle.com, kirill.shutemov@...ux.intel.com,
	aneesh.kumar@...ux.vnet.ibm.com, aarcange@...hat.com,
	arnd@...db.de, sparclinux@...r.kernel.org, rob.gardner@...cle.com,
	mhocko@...e.cz, chris.hyser@...cle.com, richard@....at,
	vbabka@...e.cz, koct9i@...il.com, oleg@...hat.com,
	gthelen@...gle.com, jack@...e.cz, xiexiuqi@...wei.com,
	Vineet.Gupta1@...opsys.com, luto@...nel.org, ebiederm@...ssion.com,
	bsegall@...gle.com, geert@...ux-m68k.org, dave@...olabs.net,
	adobriyan@...il.com, linux-doc@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org,
	linux-arch@...r.kernel.org, linux-api@...r.kernel.org
Subject: Re: [PATCH v2] sparc64: Add support for Application Data Integrity
 (ADI)

On 03/05/2016 09:07 PM, David Miller wrote:
> From: Khalid Aziz <khalid.aziz@...cle.com>
> Date: Wed,  2 Mar 2016 13:39:37 -0700
>
>> 	In this
>> 	first implementation I am enabling ADI for hugepages only
>> 	since these pages are locked in memory and hence avoid the
>> 	issue of saving and restoring tags.
>
> This makes the feature almost entire useless.
>
> Non-hugepages must be in the initial implementation.

Hi David,

Thanks for the feedback. I will get this working for non-hugepages as 
well. ADI state of each VMA region is already stored in the VMA itself 
in my first implementation, so I do not lose it when the page is swapped 
out. The trouble is ADI version tags for each VMA region have to be 
stored on the swapped out pages since the ADI version tags are flushed 
when TLB entry for a page is flushed. When that page is brought back in, 
its version tags have to be set up again. Version tags are set on 
cacheline boundary and hence there can be multiple version tags for a 
single page. Version tags have to be stored in the swap space somehow 
along with the page. I can start out with allowing ADI to be enabled 
only on pages locked in memory.

>
>> +	PR_ENABLE_SPARC_ADI - Enable ADI checking in all pages in the address
>> +		range specified. The pages in the range must be already
>> +		locked. This operation enables the TTE.mcd bit for the
>> +		pages specified. arg2 is the starting address for address
>> +		range and must be page aligned. arg3 is the length of
>> +		memory address range and must be a multiple of page size.
>
> I strongly dislike this interface, and it makes the prtctl cases look
> extremely ugly and hide to the casual reader what the code is actually
> doing.
>
> This is an mprotect() operation, so add a new flag bit and implement
> this via mprotect please.

That is an interesting idea. Adding a PROT_ADI protection to mprotect() 
sounds cleaner. There are three steps to enabling ADI - (1) set 
PSTATE.mcde bit which is not tied to any VMA, (2) set TTE.mcd for each 
VMA, and (3) set the version tag on cacheline using MCD ASI. I can 
combine steps 1 and 2 in one mprotect() call. That will leave 
PR_GET_SPARC_ADICAPS and PR_GET_SPARC_ADI_STATUS prctl commands still to 
be implemented. PR_SET_SPARC_ADI is also used to check if the process 
has PSTATE.mcde bit set. I could use PR_GET_SPARC_ADI_STATUS to do that 
where return values of 0 and 1 mean the same as before and possibly add 
return value of 2 to mean PSTATE.mcde is not set?

>
> Then since you are guarenteed to have a consistent ADI setting for
> every single VMA region, you never "lose" the ADI state when you swap
> out.  It's implicit in the VMA itself, because you'll store in the VMA
> that this is an ADI region.
>
> I also want this enabled unconditionally, without any Kconfig knobs.
>

I can remove CONFIG_SPARC_ADI. It does mean this code will be built into 
32-bit kernels as well but it will be inactive code.

Thanks,
Khalid



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ