lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <56E091F5.6090509@mellanox.com>
Date:	Wed, 9 Mar 2016 16:13:25 -0500
From:	Chris Metcalf <cmetcalf@...lanox.com>
To:	Andy Lutomirski <luto@...capital.net>
CC:	Kees Cook <keescook@...omium.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Christoph Lameter <cl@...ux.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Viresh Kumar <viresh.kumar@...aro.org>,
	Ingo Molnar <mingo@...nel.org>,
	Steven Rostedt <rostedt@...dmis.org>,
	Tejun Heo <tj@...nel.org>,
	"Gilad Ben Yossef" <giladb@...hip.com>,
	Will Deacon <will.deacon@....com>,
	Rik van Riel <riel@...hat.com>,
	Frederic Weisbecker <fweisbec@...il.com>,
	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	X86 ML <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>,
	Catalin Marinas <catalin.marinas@....com>,
	Peter Zijlstra <peterz@...radead.org>
Subject: Re: [PATCH v10 09/12] arch/x86: enable task isolation functionality

On 3/9/2016 4:07 PM, Andy Lutomirski wrote:
> On Wed, Mar 9, 2016 at 1:05 PM, Chris Metcalf <cmetcalf@...lanox.com> wrote:
>> On 3/9/2016 3:58 PM, Andy Lutomirski wrote:
>>>> My preference would be not to have to require all task-isolation users
>>>>> to also figure out all the complexities of creating BPF programs, so
>>>>> my intention is to have task isolation automatically generate a BPF
>>>>> program (just allowing prctl/exit/exit_group and failing everything
>>>>> else with SIGSYS).  To support having it work this way, I open up
>>>>> the seccomp stuff a little so that kernel clients can effectively
>>>>> push/pop a BPF program into seccomp:
>>> That sounds like a great use case for the new libtaskisolation that
>>> someone is surely writing:)
>>
>> Happily, task isolation is so simple an API that all that is needed is a
>> prctl().
>>
>> ... Unless somehow a requirement to inflict a huge blob of eBPF into the
>> kernel just to use task isolation safely is added, of course :-)
> BPF, not eBPF.  Also, it's a tiny blob.
>
> And this still has nothing to do with using it safely.  This has to do
> with catching your own bugs.

Fair enough, I suppose.  But I was exaggerating for effect: I still think that
this is something that can be easily hidden under the prctl() to avoid adding
a noticeable burden on users who want to be able to catch bugs.  (And
those bugs can come from third-party libraries in complex code; the amount
of code in a task-isolation driver is not always easily audited, so having this
kind of a backstop can be pretty useful.)

If you think the basic direction of the previous patch is sound, I'll spin
up the code that hooks it into task isolation, and we can see more directly
whether the tradeoff of a bit more code in the kernel seems worth it.

-- 
Chris Metcalf, Mellanox Technologies
http://www.mellanox.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ