| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Mar 2016 10:53:23 -0800 From: Andy Lutomirski <luto@...capital.net> To: Khalid Aziz <khalid.aziz@...cle.com> Cc: Dave Hansen <dave.hansen@...ux.intel.com>, Rob Gardner <rob.gardner@...cle.com>, David Miller <davem@...emloft.net>, Jonathan Corbet <corbet@....net>, Andrew Morton <akpm@...ux-foundation.org>, dingel@...ux.vnet.ibm.com, bob.picco@...cle.com, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>, Andrea Arcangeli <aarcange@...hat.com>, Arnd Bergmann <arnd@...db.de>, sparclinux@...r.kernel.org, Michal Hocko <mhocko@...e.cz>, chris.hyser@...cle.com, Richard Weinberger <richard@....at>, Vlastimil Babka <vbabka@...e.cz>, Konstantin Khlebnikov <koct9i@...il.com>, Oleg Nesterov <oleg@...hat.com>, Greg Thelen <gthelen@...gle.com>, Jan Kara <jack@...e.cz>, xiexiuqi@...wei.com, Vineet.Gupta1@...opsys.com, Andrew Lutomirski <luto@...nel.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, Benjamin Segall <bsegall@...gle.com>, Geert Uytterhoeven <geert@...ux-m68k.org>, Davidlohr Bueso <dave@...olabs.net>, Alexey Dobriyan <adobriyan@...il.com>, "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-mm@...ck.org" <linux-mm@...ck.org>, linux-arch <linux-arch@...r.kernel.org>, Linux API <linux-api@...r.kernel.org> Subject: Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI) On Mon, Mar 7, 2016 at 10:39 AM, Khalid Aziz <khalid.aziz@...cle.com> wrote: > On 03/07/2016 11:12 AM, Dave Hansen wrote: >> >> On 03/07/2016 09:53 AM, Andy Lutomirski wrote: >>> >>> Also, what am I missing? Tying these tags to the physical page seems >>> like a poor design to me. This seems really awkward to use. >> >> >> Yeah, can you describe the structures that store these things? Surely >> the hardware has some kind of lookup tables for them and stores them in >> memory _somewhere_. >> > > Version tags are tied to virtual addresses, not physical pages. > > Where exactly are the tags stored is part of processor architecture and I am > not privy to that. MMU stores these lookup tables somewhere and uses it to > authenticate access to virtual addresses. It really is irrelevant to kernel > how MMU implements access controls as long as we have access to the > knowledge of how to use it. > Can you translate this for people who don't know all the SPARC acronyms? x86 has an upcoming feature called protection keys. A page of virtual memory has a protection key, which is a number from 0 through 16. The master copy is in the PTE, i.e. page table entry, which is a software-managed data structure in memory and is exactly the thing that Linux calls "pte". The processor can cache that value in the TLB (translation lookaside buffer), which is a hardware cache that caches PTEs. On access to a page of virtual memory, the processor does a certain calculation involving a new register called PKRU and the protection key and may deny access. Hopefully that description makes sense even to people completely unfamiliar with x86. Can you try something similar for SPARC? So far I'm lost, because you've said that the ADI tag is associated with a VA, but it has to match for aliases, and you've mentioned a bunch of acronyms, and I have no clue what's going on. --Andy
Powered by blists - more mailing lists