| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Mar 2022 05:31:58 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Andy Lutomirski' <luto@...nel.org>,
Bharata B Rao <bharata@....com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
CC: "linux-mm@...ck.org" <linux-mm@...ck.org>,
the arch/x86 maintainers <x86@...nel.org>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
"shuah@...nel.org" <shuah@...nel.org>,
Oleg Nesterov <oleg@...hat.com>,
"ananth.narayan@....com" <ananth.narayan@....com>
Subject: RE: [RFC PATCH v0 0/6] x86/AMD: Userspace address tagging
From: Andy Lutomirski
> Sent: 21 March 2022 22:30
> On Thu, Mar 10, 2022, at 3:15 AM, Bharata B Rao wrote:
> > Hi,
> >
> > This patchset makes use of Upper Address Ignore (UAI) feature available
> > on upcoming AMD processors to provide user address tagging support for x86/AMD.
> >
> > UAI allows software to store a tag in the upper 7 bits of a logical
> > address [63:57]. When enabled, the processor will suppress the
> > traditional canonical address checks on the addresses. More information
> > about UAI can be found in section 5.10 of 'AMD64 Architecture
> > Programmer's Manual, Vol 2: System Programming' which is available from
> >
> > https://bugzilla.kernel.org/attachment.cgi?id=300549
>
> I hate to be a pain, but I'm really not convinced that this feature is suitable for Linux. There are
> a few reasons:
>
> Right now, the concept that the high bit of an address determines whether it's a user or a kernel
> address is fairly fundamental to the x86_64 (and x86_32!) code. It may not be strictly necessary to
> preserve this, but violating it would require substantial thought. With UAI enabled, kernel and user
> addresses are, functionally, interleaved. This makes things like access_ok checks, and more generally
> anything that operates on a range of addresses, behave potentially quite differently. A lot of
> auditing of existing code would be needed to make it safe.
>
> UAI looks like it wasn't intended to be context switched and, indeed, your series doesn't context
> switch it. As far as I'm concerned, this is an error, and if we support UAI at all, we should context
> switch it. Yes, this will be slow, perhaps painfully slow. AMD knows how to fix it by, for example,
> reading the Intel SDM. By *not* context switching UAI, we force it on for all user code, including
> unsuspecting user code, as well as for kernel code. Do we actually want it on for kernel code? With
> LAM, in contrast, the semantics for kernel pointers vs user pointers actually make sense and can be
> set per mm, which will make things like io_uring (in theory) do the right thing.
You also need the kernel to be able to use the 'tagged'
addresses to access userspace - ie without having to
mask off any tag.
This is really for the same reason they want hardware
support for tagged addresses to avoid having to 'untag'
before calling library routines.
I'm not even sure which address the page fault handler
should see - it will need to the difference between a
normal process using a non-canonical address and a PF
on a tagged address.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists