lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <675f660edd10b8f461c57323aff0891711a4cf6a.camel@infradead.org>
Date: Thu, 04 Jul 2024 12:11:16 +0100
From: David Woodhouse <dwmw2@...radead.org>
To: Roman Kagan <rkagan@...zon.de>, linux-kernel@...r.kernel.org
Cc: Shuah Khan <shuah@...nel.org>, Dragan Cvetic <dragan.cvetic@....com>, 
 Fares Mehanna <faresx@...zon.de>, Alexander Graf <graf@...zon.de>, Derek
 Kiernan <derek.kiernan@....com>,  linux-kselftest@...r.kernel.org,
 nh-open-source@...zon.com, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
 linux-mm@...ck.org, Andrew Morton <akpm@...ux-foundation.org>, Arnd
 Bergmann <arnd@...db.de>
Subject: Re: [PATCH RFC 0/3] add support for mm-local memory allocations

On Fri, 2024-06-21 at 22:14 +0200, Roman Kagan wrote:
> 
> Compared to the approach used in the orignal series, where a dedicated kernel
> address range and thus a dedicated PGD was used for mm-local allocations, the
> one proposed here may have certain drawbacks, in particular
> 
> - using user addresses for kernel memory may violate assumptions in various
>   parts of kernel code which we may not have identified with smoke tests we did
> 
> - the allocated addresses are guessable by the userland (ATM they are even
>   visible in /proc/PID/maps but that's fixable) which may weaken the security
>   posture

I think this approach makes sense as it's generic and applies
immediately to all architectures. I'm slightly uncomfortable about
using userspace addresses though, and the special cases that it
introduces.

I'd like to see a per-arch ARCH_HAS_PROCLOCAL_PGD so that it *can* be
put back into a dedicated address range where possible.

Looking forward to the x86 KVM code from before being dusted off and
put on top of this, and also the Arm version of same. A test driver and
test case is all very well, but it's less exciting than the real use
case :)

Download attachment "smime.p7s" of type "application/pkcs7-signature" (5965 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ