| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <AA645D3A-5FB0-4768-977F-D0725AE5CEC7@oracle.com>
Date: Mon, 6 Mar 2017 16:13:30 -0800
From: Anthony Yznaga <anthony.yznaga@...cle.com>
To: Khalid Aziz <khalid.aziz@...cle.com>
Cc: davem@...emloft.net, corbet@....net, viro@...iv.linux.org.uk,
nitin.m.gupta@...cle.com, mike.kravetz@...cle.com,
akpm@...ux-foundation.org, mingo@...nel.org,
kirill.shutemov@...ux.intel.com, adam.buchbinder@...il.com,
hughd@...gle.com, minchan@...nel.org, chris.hyser@...cle.com,
atish.patra@...cle.com, cmetcalf@...lanox.com, atomlin@...hat.com,
jslaby@...e.cz, joe@...ches.com, paul.gortmaker@...driver.com,
mhocko@...e.com, lstoakes@...il.com, jack@...e.cz,
dave.hansen@...ux.intel.com, vbabka@...e.cz,
dan.j.williams@...el.com, iamjoonsoo.kim@....com,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
sparclinux@...r.kernel.org, linux-mm@...ck.org,
Khalid Aziz <khalid@...ehiking.org>
Subject: Re: [PATCH v6 4/4] sparc64: Add support for ADI (Application Data Integrity)
> On Feb 28, 2017, at 10:35 AM, Khalid Aziz <khalid.aziz@...cle.com> wrote:
>
> diff --git a/arch/sparc/kernel/etrap_64.S b/arch/sparc/kernel/etrap_64.S
> index 1276ca2..7be33bf 100644
> --- a/arch/sparc/kernel/etrap_64.S
> +++ b/arch/sparc/kernel/etrap_64.S
> @@ -132,7 +132,33 @@ etrap_save: save %g2, -STACK_BIAS, %sp
> stx %g6, [%sp + PTREGS_OFF + PT_V9_G6]
> stx %g7, [%sp + PTREGS_OFF + PT_V9_G7]
> or %l7, %l0, %l7
> - sethi %hi(TSTATE_TSO | TSTATE_PEF), %l0
> +661: sethi %hi(TSTATE_TSO | TSTATE_PEF), %l0
> + /*
> + * If userspace is using ADI, it could potentially pass
> + * a pointer with version tag embedded in it. To maintain
> + * the ADI security, we must enable PSTATE.mcde. Userspace
> + * would have already set TTE.mcd in an earlier call to
> + * kernel and set the version tag for the address being
> + * dereferenced. Setting PSTATE.mcde would ensure any
> + * access to userspace data through a system call honors
> + * ADI and does not allow a rogue app to bypass ADI by
> + * using system calls. Setting PSTATE.mcde only affects
> + * accesses to virtual addresses that have TTE.mcd set.
> + * Set PMCDPER to ensure any exceptions caused by ADI
> + * version tag mismatch are exposed before system call
> + * returns to userspace. Setting PMCDPER affects only
> + * writes to virtual addresses that have TTE.mcd set and
> + * have a version tag set as well.
> + */
> + .section .sun_m7_1insn_patch, "ax"
> + .word 661b
> + sethi %hi(TSTATE_TSO | TSTATE_PEF | TSTATE_MCDE), %l0
> + .previous
> +661: nop
> + .section .sun_m7_1insn_patch, "ax"
> + .word 661b
> + .word 0xaf902001 /* wrpr %g0, 1, %pmcdper */
Since PMCDPER is never cleared, setting it here is quickly going to set it on all CPUs and then become an expensive "nop" that burns ~50 cycles each time through etrap. Consider setting it at boot time and when a CPU is DR'd into the system.
Anthony
Powered by blists - more mailing lists