lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 31 Aug 2017 10:38:30 -0600
From:   Khalid Aziz <khalid.aziz@...cle.com>
To:     David Miller <davem@...emloft.net>
Cc:     anthony.yznaga@...cle.com, dave.hansen@...ux.intel.com,
        corbet@....net, bob.picco@...cle.com, steven.sistare@...cle.com,
        pasha.tatashin@...cle.com, mike.kravetz@...cle.com,
        mingo@...nel.org, nitin.m.gupta@...cle.com,
        kirill.shutemov@...ux.intel.com, tom.hromatka@...cle.com,
        eric.saint.etienne@...cle.com, allen.pais@...cle.com,
        cmetcalf@...lanox.com, akpm@...ux-foundation.org,
        geert@...ux-m68k.org, tklauser@...tanz.ch, atish.patra@...cle.com,
        vijay.ac.kumar@...cle.com, peterz@...radead.org, mhocko@...e.com,
        jack@...e.cz, lstoakes@...il.com, hughd@...gle.com,
        thomas.tai@...cle.com, paul.gortmaker@...driver.com,
        ross.zwisler@...ux.intel.com, dave.jiang@...el.com,
        willy@...radead.org, ying.huang@...el.com, zhongjiang@...wei.com,
        minchan@...nel.org, vegard.nossum@...cle.com,
        imbrenda@...ux.vnet.ibm.com, aneesh.kumar@...ux.vnet.ibm.com,
        aarcange@...hat.com, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, sparclinux@...r.kernel.org,
        linux-mm@...ck.org, khalid@...ehiking.org
Subject: Re: [PATCH v7 9/9] sparc64: Add support for ADI (Application Data
 Integrity)

On 08/30/2017 06:09 PM, David Miller wrote:
> From: Khalid Aziz <khalid.aziz@...cle.com>
> Date: Wed, 30 Aug 2017 17:23:37 -0600
> 
>> That is an interesting idea. This would enable TSTATE_MCDE on all
>> threads of a process as soon as one thread enables it. If we consider
>> the case where the parent creates a shared memory area and spawns a
>> bunch of threads. These threads access the shared memory without ADI
>> enabled. Now one of the threads decides to enable ADI on the shared
>> memory. As soon as it does that, we enable TSTATE_MCDE across all
>> threads and since threads are all using the same TTE for the shared
>> memory, every thread becomes subject to ADI verification. If one of
>> the other threads was in the middle of accessing the shared memory, it
>> will get a sigsegv. If we did not enable TSTATE_MCDE across all
>> threads, it could have continued execution without fault. In other
>> words, updating TSTATE_MCDE across all threads will eliminate the
>> option of running some threads with ADI enabled and some not while
>> accessing the same shared memory. This could be necessary at least for
>> short periods of time before threads can communicate with each other
>> and all switch to accessing shared memory with ADI enabled using same
>> tag. Does that sound like a valid use case or am I off in the weeds
>> here?
> 
> A threaded application needs to synchronize and properly orchestrate
> access to shared memory.
> 
> When a change is made to a mappping, in this case setting ADI
> attributes, it's being done for the address space not the thread.
> 
> And the address space is shared amongst threads.
> 
> Therefore ADI is not really a per-thread property but rather
> a per-address-space property.
> 

That does make sense.

Thanks,
Khalid

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ