| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Feb 2018 11:48:38 -0800
From: Kees Cook <keescook@...omium.org>
To: Laura Abbott <labbott@...hat.com>
Cc: Jann Horn <jannh@...gle.com>, Igor Stoppa <igor.stoppa@...wei.com>,
Boris Lukashev <blukashev@...pervictus.com>,
Christopher Lameter <cl@...ux.com>,
Matthew Wilcox <willy@...radead.org>,
Jerome Glisse <jglisse@...hat.com>,
Michal Hocko <mhocko@...nel.org>,
Christoph Hellwig <hch@...radead.org>,
linux-security-module <linux-security-module@...r.kernel.org>,
Linux-MM <linux-mm@...ck.org>,
kernel list <linux-kernel@...r.kernel.org>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>
Subject: Re: arm64 physmap (was Re: [kernel-hardening] [PATCH 4/6] Protectable Memory)
On Wed, Feb 14, 2018 at 11:06 AM, Laura Abbott <labbott@...hat.com> wrote:
> fixed. Modules yes are not fully protected. The conclusion from past
> experience has been that we cannot safely break down larger page sizes
> at runtime like x86 does. We could theoretically
> add support for fixing up the alias if PAGE_POISONING is enabled but
> I don't know who would actually use that in production. Performance
> is very poor at that point.
XPFO forces 4K pages on the physmap[1] for similar reasons. I have no
doubt about performance changes, but I'd be curious to see real
numbers. Did anyone do benchmarks on just the huge/4K change? (Without
also the XPFO overhead?)
If this, XPFO, and PAGE_POISONING all need it, I think we have to
start a closer investigation. :)
-Kees
[1] http://www.openwall.com/lists/kernel-hardening/2017/09/07/13
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists