lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 12 May 2020 10:45:17 -0700
From:   Dave Hansen <dave.hansen@...el.com>
To:     Alexandre Chartre <alexandre.chartre@...cle.com>,
        rkrcmar@...hat.com, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de, hpa@...or.com, dave.hansen@...ux.intel.com,
        luto@...nel.org, peterz@...radead.org, x86@...nel.org,
        linux-mm@...ck.org, linux-kernel@...r.kernel.org
Cc:     pbonzini@...hat.com, konrad.wilk@...cle.com,
        jan.setjeeilers@...cle.com, liran.alon@...cle.com,
        junaids@...gle.com, graf@...zon.de, rppt@...ux.vnet.ibm.com,
        kuzuno@...il.com, mgross@...ux.intel.com
Subject: Re: [RFC v4][PATCH part-1 0/7] ASI - Part I (ASI Infrastructure and
 PTI)

On 5/4/20 7:49 AM, Alexandre Chartre wrote:
> This version 4 of the kernel Address Space Isolation (ASI) RFC. I have
> broken it down into three distinct parts:
> 
>  - Part I: ASI Infrastructure and PTI (this part)
>  - Part II: Decorated Page-Table
>  - Part III: ASI Test Driver and CLI
> 
> Part I is similar to RFCv3 [3] with some small bug fixes. Parts II and III
> extend the initial patchset: part II introduces decorated page-table in
> order to provide convenient page-table management functions, and part III
> provides a driver and CLI for testing ASI (using parts I and II).

These look interesting.  I haven't found any holes in your methods,
although the interrupt depth tracking worries me a bit.  I tried and
failed to do a similar thing with PTI in the NMI path, but you might
have just bested me there. :)

It's very interesting that you've been able to implement PTI underneath
all of this, and the "test driver" is really entertaining!

That said, this is working in some of the nastiest corners of the x86
code and this is going to take quite an investment to get reviewed.  I'm
not *quite* sure it's all worth it.

So, this isn't being ignored, I'm just not quite sure what to do with
it, yet.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ