From: Mark Rutland <mark.rutland@arm.com>
To: Tycho Andersen <tycho@docker.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
kernel-hardening@lists.openwall.com,
Marco Benatto <marco.antonio.780@gmail.com>,
Juerg Haefliger <juerg.haefliger@canonical.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [kernel-hardening] [PATCH v6 05/11] arm64/mm: Add support for XPFO
Date: Thu, 14 Sep 2017 19:22:08 +0100 [thread overview]
Message-ID: <20170914182205.GA1711@remoulade> (raw)
In-Reply-To: <20170907173609.22696-6-tycho@docker.com>
Hi,
On Thu, Sep 07, 2017 at 11:36:03AM -0600, Tycho Andersen wrote:
> From: Juerg Haefliger <juerg.haefliger@canonical.com>
>
> Enable support for eXclusive Page Frame Ownership (XPFO) for arm64 and
> provide a hook for updating a single kernel page table entry (which is
> required by the generic XPFO code).
>
> v6: use flush_tlb_kernel_range() instead of __flush_tlb_one()
>
> CC: linux-arm-kernel@lists.infradead.org
> Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
> Signed-off-by: Tycho Andersen <tycho@docker.com>
> ---
> arch/arm64/Kconfig | 1 +
> arch/arm64/mm/Makefile | 2 ++
> arch/arm64/mm/xpfo.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 61 insertions(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index dfd908630631..44fa44ef02ec 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -121,6 +121,7 @@ config ARM64
> select SPARSE_IRQ
> select SYSCTL_EXCEPTION_TRACE
> select THREAD_INFO_IN_TASK
> + select ARCH_SUPPORTS_XPFO
A bit of a nit, but this list is (intended to be) organised alphabetically.
Could you please try to retain that?
i.e. place this between ARCH_SUPPORTS_NUMA_BALANCING and
ARCH_WANT_COMPAT_IPC_PARSE_VERSION.
> help
> ARM 64-bit (AArch64) Linux support.
>
> diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile
> index 9b0ba191e48e..22e5cab543d8 100644
> --- a/arch/arm64/mm/Makefile
> +++ b/arch/arm64/mm/Makefile
> @@ -11,3 +11,5 @@ KASAN_SANITIZE_physaddr.o += n
>
> obj-$(CONFIG_KASAN) += kasan_init.o
> KASAN_SANITIZE_kasan_init.o := n
> +
> +obj-$(CONFIG_XPFO) += xpfo.o
> diff --git a/arch/arm64/mm/xpfo.c b/arch/arm64/mm/xpfo.c
> new file mode 100644
> index 000000000000..678e2be848eb
> --- /dev/null
> +++ b/arch/arm64/mm/xpfo.c
> @@ -0,0 +1,58 @@
> +/*
> + * Copyright (C) 2017 Hewlett Packard Enterprise Development, L.P.
> + * Copyright (C) 2016 Brown University. All rights reserved.
> + *
> + * Authors:
> + * Juerg Haefliger <juerg.haefliger@hpe.com>
> + * Vasileios P. Kemerlis <vpk@cs.brown.edu>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License version 2 as published by
> + * the Free Software Foundation.
> + */
> +
> +#include <linux/mm.h>
> +#include <linux/module.h>
> +
> +#include <asm/tlbflush.h>
> +
> +/*
> + * Lookup the page table entry for a virtual address and return a pointer to
> + * the entry. Based on x86 tree.
> + */
Is this intended for kernel VAs, user VAs, or both?
There are different constraints for fiddling with either (e.g. holding
mmap_sem), so we should be clear regarding the intended use-case.
> +static pte_t *lookup_address(unsigned long addr)
> +{
> + pgd_t *pgd;
> + pud_t *pud;
> + pmd_t *pmd;
> +
> + pgd = pgd_offset_k(addr);
> + if (pgd_none(*pgd))
> + return NULL;
> +
> + pud = pud_offset(pgd, addr);
> + if (pud_none(*pud))
> + return NULL;
What if it's not none, but not a table?
I think we chould check pud_sect() here, and/or pud_bad().
> +
> + pmd = pmd_offset(pud, addr);
> + if (pmd_none(*pmd))
> + return NULL;
Likewise.
> +
> + return pte_offset_kernel(pmd, addr);
> +}
Given this expects a pte, it might make more sense to call this
lookup_address_pte() to make that clear.
> +
> +/* Update a single kernel page table entry */
> +inline void set_kpte(void *kaddr, struct page *page, pgprot_t prot)
> +{
> + pte_t *pte = lookup_address((unsigned long)kaddr);
> +
> + set_pte(pte, pfn_pte(page_to_pfn(page), prot));
We can get NULL from lookup_address(), so this doesn't look right.
If NULL implies an error, drop a BUG_ON(!pte) before the set_pte.
> +}
> +
> +inline void xpfo_flush_kernel_tlb(struct page *page, int order)
> +{
> + unsigned long kaddr = (unsigned long)page_address(page);
> + unsigned long size = PAGE_SIZE;
unsigned long size = PAGE_SIZE << order;
> +
> + flush_tlb_kernel_range(kaddr, kaddr + (1 << order) * size);
... and this can be simpler.
I haven't brought myself back up to speed, so it might not be possible, but I
still think it would be preferable for XPFO to call flush_tlb_kernel_range()
directly.
Thanks,
Mark.
WARNING: multiple messages have this Message-ID (diff)
From: mark.rutland@arm.com (Mark Rutland)
To: linux-arm-kernel@lists.infradead.org
Subject: [kernel-hardening] [PATCH v6 05/11] arm64/mm: Add support for XPFO
Date: Thu, 14 Sep 2017 19:22:08 +0100 [thread overview]
Message-ID: <20170914182205.GA1711@remoulade> (raw)
In-Reply-To: <20170907173609.22696-6-tycho@docker.com>
Hi,
On Thu, Sep 07, 2017 at 11:36:03AM -0600, Tycho Andersen wrote:
> From: Juerg Haefliger <juerg.haefliger@canonical.com>
>
> Enable support for eXclusive Page Frame Ownership (XPFO) for arm64 and
> provide a hook for updating a single kernel page table entry (which is
> required by the generic XPFO code).
>
> v6: use flush_tlb_kernel_range() instead of __flush_tlb_one()
>
> CC: linux-arm-kernel at lists.infradead.org
> Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
> Signed-off-by: Tycho Andersen <tycho@docker.com>
> ---
> arch/arm64/Kconfig | 1 +
> arch/arm64/mm/Makefile | 2 ++
> arch/arm64/mm/xpfo.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 61 insertions(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index dfd908630631..44fa44ef02ec 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -121,6 +121,7 @@ config ARM64
> select SPARSE_IRQ
> select SYSCTL_EXCEPTION_TRACE
> select THREAD_INFO_IN_TASK
> + select ARCH_SUPPORTS_XPFO
A bit of a nit, but this list is (intended to be) organised alphabetically.
Could you please try to retain that?
i.e. place this between ARCH_SUPPORTS_NUMA_BALANCING and
ARCH_WANT_COMPAT_IPC_PARSE_VERSION.
> help
> ARM 64-bit (AArch64) Linux support.
>
> diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile
> index 9b0ba191e48e..22e5cab543d8 100644
> --- a/arch/arm64/mm/Makefile
> +++ b/arch/arm64/mm/Makefile
> @@ -11,3 +11,5 @@ KASAN_SANITIZE_physaddr.o += n
>
> obj-$(CONFIG_KASAN) += kasan_init.o
> KASAN_SANITIZE_kasan_init.o := n
> +
> +obj-$(CONFIG_XPFO) += xpfo.o
> diff --git a/arch/arm64/mm/xpfo.c b/arch/arm64/mm/xpfo.c
> new file mode 100644
> index 000000000000..678e2be848eb
> --- /dev/null
> +++ b/arch/arm64/mm/xpfo.c
> @@ -0,0 +1,58 @@
> +/*
> + * Copyright (C) 2017 Hewlett Packard Enterprise Development, L.P.
> + * Copyright (C) 2016 Brown University. All rights reserved.
> + *
> + * Authors:
> + * Juerg Haefliger <juerg.haefliger@hpe.com>
> + * Vasileios P. Kemerlis <vpk@cs.brown.edu>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License version 2 as published by
> + * the Free Software Foundation.
> + */
> +
> +#include <linux/mm.h>
> +#include <linux/module.h>
> +
> +#include <asm/tlbflush.h>
> +
> +/*
> + * Lookup the page table entry for a virtual address and return a pointer to
> + * the entry. Based on x86 tree.
> + */
Is this intended for kernel VAs, user VAs, or both?
There are different constraints for fiddling with either (e.g. holding
mmap_sem), so we should be clear regarding the intended use-case.
> +static pte_t *lookup_address(unsigned long addr)
> +{
> + pgd_t *pgd;
> + pud_t *pud;
> + pmd_t *pmd;
> +
> + pgd = pgd_offset_k(addr);
> + if (pgd_none(*pgd))
> + return NULL;
> +
> + pud = pud_offset(pgd, addr);
> + if (pud_none(*pud))
> + return NULL;
What if it's not none, but not a table?
I think we chould check pud_sect() here, and/or pud_bad().
> +
> + pmd = pmd_offset(pud, addr);
> + if (pmd_none(*pmd))
> + return NULL;
Likewise.
> +
> + return pte_offset_kernel(pmd, addr);
> +}
Given this expects a pte, it might make more sense to call this
lookup_address_pte() to make that clear.
> +
> +/* Update a single kernel page table entry */
> +inline void set_kpte(void *kaddr, struct page *page, pgprot_t prot)
> +{
> + pte_t *pte = lookup_address((unsigned long)kaddr);
> +
> + set_pte(pte, pfn_pte(page_to_pfn(page), prot));
We can get NULL from lookup_address(), so this doesn't look right.
If NULL implies an error, drop a BUG_ON(!pte) before the set_pte.
> +}
> +
> +inline void xpfo_flush_kernel_tlb(struct page *page, int order)
> +{
> + unsigned long kaddr = (unsigned long)page_address(page);
> + unsigned long size = PAGE_SIZE;
unsigned long size = PAGE_SIZE << order;
> +
> + flush_tlb_kernel_range(kaddr, kaddr + (1 << order) * size);
... and this can be simpler.
I haven't brought myself back up to speed, so it might not be possible, but I
still think it would be preferable for XPFO to call flush_tlb_kernel_range()
directly.
Thanks,
Mark.
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com>
To: Tycho Andersen <tycho@docker.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
kernel-hardening@lists.openwall.com,
Marco Benatto <marco.antonio.780@gmail.com>,
Juerg Haefliger <juerg.haefliger@canonical.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [kernel-hardening] [PATCH v6 05/11] arm64/mm: Add support for XPFO
Date: Thu, 14 Sep 2017 19:22:08 +0100 [thread overview]
Message-ID: <20170914182205.GA1711@remoulade> (raw)
In-Reply-To: <20170907173609.22696-6-tycho@docker.com>
Hi,
On Thu, Sep 07, 2017 at 11:36:03AM -0600, Tycho Andersen wrote:
> From: Juerg Haefliger <juerg.haefliger@canonical.com>
>
> Enable support for eXclusive Page Frame Ownership (XPFO) for arm64 and
> provide a hook for updating a single kernel page table entry (which is
> required by the generic XPFO code).
>
> v6: use flush_tlb_kernel_range() instead of __flush_tlb_one()
>
> CC: linux-arm-kernel@lists.infradead.org
> Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
> Signed-off-by: Tycho Andersen <tycho@docker.com>
> ---
> arch/arm64/Kconfig | 1 +
> arch/arm64/mm/Makefile | 2 ++
> arch/arm64/mm/xpfo.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 61 insertions(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index dfd908630631..44fa44ef02ec 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -121,6 +121,7 @@ config ARM64
> select SPARSE_IRQ
> select SYSCTL_EXCEPTION_TRACE
> select THREAD_INFO_IN_TASK
> + select ARCH_SUPPORTS_XPFO
A bit of a nit, but this list is (intended to be) organised alphabetically.
Could you please try to retain that?
i.e. place this between ARCH_SUPPORTS_NUMA_BALANCING and
ARCH_WANT_COMPAT_IPC_PARSE_VERSION.
> help
> ARM 64-bit (AArch64) Linux support.
>
> diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile
> index 9b0ba191e48e..22e5cab543d8 100644
> --- a/arch/arm64/mm/Makefile
> +++ b/arch/arm64/mm/Makefile
> @@ -11,3 +11,5 @@ KASAN_SANITIZE_physaddr.o += n
>
> obj-$(CONFIG_KASAN) += kasan_init.o
> KASAN_SANITIZE_kasan_init.o := n
> +
> +obj-$(CONFIG_XPFO) += xpfo.o
> diff --git a/arch/arm64/mm/xpfo.c b/arch/arm64/mm/xpfo.c
> new file mode 100644
> index 000000000000..678e2be848eb
> --- /dev/null
> +++ b/arch/arm64/mm/xpfo.c
> @@ -0,0 +1,58 @@
> +/*
> + * Copyright (C) 2017 Hewlett Packard Enterprise Development, L.P.
> + * Copyright (C) 2016 Brown University. All rights reserved.
> + *
> + * Authors:
> + * Juerg Haefliger <juerg.haefliger@hpe.com>
> + * Vasileios P. Kemerlis <vpk@cs.brown.edu>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License version 2 as published by
> + * the Free Software Foundation.
> + */
> +
> +#include <linux/mm.h>
> +#include <linux/module.h>
> +
> +#include <asm/tlbflush.h>
> +
> +/*
> + * Lookup the page table entry for a virtual address and return a pointer to
> + * the entry. Based on x86 tree.
> + */
Is this intended for kernel VAs, user VAs, or both?
There are different constraints for fiddling with either (e.g. holding
mmap_sem), so we should be clear regarding the intended use-case.
> +static pte_t *lookup_address(unsigned long addr)
> +{
> + pgd_t *pgd;
> + pud_t *pud;
> + pmd_t *pmd;
> +
> + pgd = pgd_offset_k(addr);
> + if (pgd_none(*pgd))
> + return NULL;
> +
> + pud = pud_offset(pgd, addr);
> + if (pud_none(*pud))
> + return NULL;
What if it's not none, but not a table?
I think we chould check pud_sect() here, and/or pud_bad().
> +
> + pmd = pmd_offset(pud, addr);
> + if (pmd_none(*pmd))
> + return NULL;
Likewise.
> +
> + return pte_offset_kernel(pmd, addr);
> +}
Given this expects a pte, it might make more sense to call this
lookup_address_pte() to make that clear.
> +
> +/* Update a single kernel page table entry */
> +inline void set_kpte(void *kaddr, struct page *page, pgprot_t prot)
> +{
> + pte_t *pte = lookup_address((unsigned long)kaddr);
> +
> + set_pte(pte, pfn_pte(page_to_pfn(page), prot));
We can get NULL from lookup_address(), so this doesn't look right.
If NULL implies an error, drop a BUG_ON(!pte) before the set_pte.
> +}
> +
> +inline void xpfo_flush_kernel_tlb(struct page *page, int order)
> +{
> + unsigned long kaddr = (unsigned long)page_address(page);
> + unsigned long size = PAGE_SIZE;
unsigned long size = PAGE_SIZE << order;
> +
> + flush_tlb_kernel_range(kaddr, kaddr + (1 << order) * size);
... and this can be simpler.
I haven't brought myself back up to speed, so it might not be possible, but I
still think it would be preferable for XPFO to call flush_tlb_kernel_range()
directly.
Thanks,
Mark.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-09-14 18:22 UTC|newest]
Thread overview: 241+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-07 17:35 [kernel-hardening] [PATCH v6 00/11] Add support for eXclusive Page Frame Ownership Tycho Andersen
2017-09-07 17:35 ` Tycho Andersen
2017-09-07 17:35 ` Tycho Andersen
2017-09-07 17:35 ` [kernel-hardening] [PATCH v6 01/11] mm: add MAP_HUGETLB support to vm_mmap Tycho Andersen
2017-09-07 17:35 ` Tycho Andersen
2017-09-07 17:35 ` Tycho Andersen
2017-09-08 7:42 ` [kernel-hardening] " Christoph Hellwig
2017-09-08 7:42 ` Christoph Hellwig
2017-09-08 7:42 ` Christoph Hellwig
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 02/11] x86: always set IF before oopsing from page fault Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 03/11] mm, x86: Add support for eXclusive Page Frame Ownership (XPFO) Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 18:33 ` [kernel-hardening] " Ralph Campbell
2017-09-07 18:33 ` Ralph Campbell
2017-09-07 18:33 ` Ralph Campbell
2017-09-07 18:50 ` [kernel-hardening] " Tycho Andersen
2017-09-07 18:50 ` Tycho Andersen
2017-09-07 18:50 ` Tycho Andersen
2017-09-08 7:51 ` [kernel-hardening] " Christoph Hellwig
2017-09-08 7:51 ` Christoph Hellwig
2017-09-08 7:51 ` Christoph Hellwig
2017-09-08 14:58 ` [kernel-hardening] " Tycho Andersen
2017-09-08 14:58 ` Tycho Andersen
2017-09-08 14:58 ` Tycho Andersen
2017-09-09 15:35 ` [kernel-hardening] " Laura Abbott
2017-09-09 15:35 ` Laura Abbott
2017-09-09 15:35 ` Laura Abbott
2017-09-11 15:03 ` [kernel-hardening] " Tycho Andersen
2017-09-11 15:03 ` Tycho Andersen
2017-09-11 15:03 ` Tycho Andersen
2017-09-11 7:24 ` [kernel-hardening] " Yisheng Xie
2017-09-11 7:24 ` Yisheng Xie
2017-09-11 7:24 ` Yisheng Xie
2017-09-11 14:50 ` [kernel-hardening] " Tycho Andersen
2017-09-11 14:50 ` Tycho Andersen
2017-09-11 14:50 ` Tycho Andersen
2017-09-11 16:03 ` [kernel-hardening] " Juerg Haefliger
2017-09-11 16:03 ` Juerg Haefliger
2017-09-11 16:03 ` Juerg Haefliger
2017-09-11 16:59 ` [kernel-hardening] " Tycho Andersen
2017-09-11 16:59 ` Tycho Andersen
2017-09-11 16:59 ` Tycho Andersen
2017-09-12 8:05 ` [kernel-hardening] " Yisheng Xie
2017-09-12 8:05 ` Yisheng Xie
2017-09-12 8:05 ` Yisheng Xie
2017-09-12 14:36 ` [kernel-hardening] " Tycho Andersen
2017-09-12 14:36 ` Tycho Andersen
2017-09-12 14:36 ` Tycho Andersen
2017-09-12 18:13 ` [kernel-hardening] " Tycho Andersen
2017-09-12 18:13 ` Tycho Andersen
2017-09-12 18:13 ` Tycho Andersen
2017-09-14 6:15 ` [kernel-hardening] " Yisheng Xie
2017-09-14 6:15 ` Yisheng Xie
2017-09-14 6:15 ` Yisheng Xie
2017-09-20 23:46 ` [kernel-hardening] " Dave Hansen
2017-09-20 23:46 ` Dave Hansen
2017-09-20 23:46 ` Dave Hansen
2017-09-21 0:02 ` [kernel-hardening] " Tycho Andersen
2017-09-21 0:02 ` Tycho Andersen
2017-09-21 0:02 ` Tycho Andersen
2017-09-21 0:04 ` [kernel-hardening] " Dave Hansen
2017-09-21 0:04 ` Dave Hansen
2017-09-21 0:04 ` Dave Hansen
2017-09-11 18:32 ` [kernel-hardening] " Tycho Andersen
2017-09-11 18:32 ` Tycho Andersen
2017-09-11 18:32 ` Tycho Andersen
2017-09-11 21:54 ` [kernel-hardening] " Marco Benatto
2017-09-11 21:54 ` Marco Benatto
2017-09-11 21:54 ` Marco Benatto
2017-09-20 15:48 ` [kernel-hardening] " Dave Hansen
2017-09-20 15:48 ` Dave Hansen
2017-09-20 15:48 ` Dave Hansen
2017-09-20 22:34 ` [kernel-hardening] " Tycho Andersen
2017-09-20 22:34 ` Tycho Andersen
2017-09-20 22:34 ` Tycho Andersen
2017-09-20 23:21 ` [kernel-hardening] " Dave Hansen
2017-09-20 23:21 ` Dave Hansen
2017-09-20 23:21 ` Dave Hansen
2017-09-21 0:09 ` [kernel-hardening] " Tycho Andersen
2017-09-21 0:09 ` Tycho Andersen
2017-09-21 0:09 ` Tycho Andersen
2017-09-21 0:27 ` [kernel-hardening] " Dave Hansen
2017-09-21 0:27 ` Dave Hansen
2017-09-21 0:27 ` Dave Hansen
2017-09-21 1:37 ` [kernel-hardening] " Tycho Andersen
2017-09-21 1:37 ` Tycho Andersen
2017-09-21 1:37 ` Tycho Andersen
2017-11-10 1:09 ` [kernel-hardening] " Tycho Andersen
2017-11-10 1:09 ` Tycho Andersen
2017-11-10 1:09 ` Tycho Andersen
2017-11-13 22:20 ` [kernel-hardening] " Dave Hansen
2017-11-13 22:20 ` Dave Hansen
2017-11-13 22:20 ` Dave Hansen
2017-11-13 22:46 ` [kernel-hardening] " Dave Hansen
2017-11-13 22:46 ` Dave Hansen
2017-11-13 22:46 ` Dave Hansen
2017-11-15 0:33 ` [kernel-hardening] " Tycho Andersen
2017-11-15 0:33 ` Tycho Andersen
2017-11-15 0:37 ` Dave Hansen
2017-11-15 0:37 ` Dave Hansen
2017-11-15 0:42 ` Tycho Andersen
2017-11-15 0:42 ` Tycho Andersen
2017-11-15 3:44 ` Matthew Wilcox
2017-11-15 3:44 ` Matthew Wilcox
2017-11-15 3:44 ` Matthew Wilcox
2017-11-15 7:00 ` [kernel-hardening] " Dave Hansen
2017-11-15 7:00 ` Dave Hansen
2017-11-15 7:00 ` Dave Hansen
2017-11-15 14:58 ` [kernel-hardening] " Matthew Wilcox
2017-11-15 14:58 ` Matthew Wilcox
2017-11-15 14:58 ` Matthew Wilcox
2017-11-15 16:20 ` [kernel-hardening] " Tycho Andersen
2017-11-15 16:20 ` Tycho Andersen
2017-11-15 21:34 ` Matthew Wilcox
2017-11-15 21:34 ` Matthew Wilcox
2017-09-21 0:03 ` Dave Hansen
2017-09-21 0:03 ` Dave Hansen
2017-09-21 0:03 ` Dave Hansen
2017-09-21 0:28 ` [kernel-hardening] " Dave Hansen
2017-09-21 0:28 ` Dave Hansen
2017-09-21 0:28 ` Dave Hansen
2017-09-21 1:04 ` [kernel-hardening] " Tycho Andersen
2017-09-21 1:04 ` Tycho Andersen
2017-09-21 1:04 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 04/11] swiotlb: Map the buffer if it was unmapped by XPFO Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 18:10 ` [kernel-hardening] " Christoph Hellwig
2017-09-07 18:10 ` Christoph Hellwig
2017-09-07 18:10 ` Christoph Hellwig
2017-09-07 18:44 ` [kernel-hardening] " Tycho Andersen
2017-09-07 18:44 ` Tycho Andersen
2017-09-07 18:44 ` Tycho Andersen
2017-09-08 7:13 ` [kernel-hardening] " Christoph Hellwig
2017-09-08 7:13 ` Christoph Hellwig
2017-09-08 7:13 ` Christoph Hellwig
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 05/11] arm64/mm: Add support for XPFO Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-08 7:53 ` [kernel-hardening] " Christoph Hellwig
2017-09-08 7:53 ` Christoph Hellwig
2017-09-08 7:53 ` Christoph Hellwig
2017-09-08 7:53 ` Christoph Hellwig
2017-09-08 17:24 ` Tycho Andersen
2017-09-08 17:24 ` [kernel-hardening] " Tycho Andersen
2017-09-08 17:24 ` Tycho Andersen
2017-09-08 17:24 ` Tycho Andersen
2017-09-08 17:24 ` Tycho Andersen
2017-09-14 10:41 ` Julien Grall
2017-09-14 10:41 ` [kernel-hardening] " Julien Grall
2017-09-14 10:41 ` Julien Grall
2017-09-14 10:41 ` Julien Grall
2017-09-14 10:41 ` Julien Grall
2017-09-14 11:29 ` Juergen Gross
2017-09-14 11:29 ` [kernel-hardening] " Juergen Gross
2017-09-14 11:29 ` Juergen Gross
2017-09-14 11:29 ` Juergen Gross
2017-09-14 11:29 ` Juergen Gross
2017-09-14 18:22 ` Mark Rutland [this message]
2017-09-14 18:22 ` [kernel-hardening] " Mark Rutland
2017-09-14 18:22 ` Mark Rutland
2017-09-18 21:27 ` Tycho Andersen
2017-09-18 21:27 ` Tycho Andersen
2017-09-18 21:27 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 06/11] xpfo: add primitives for mapping underlying memory Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 07/11] arm64/mm, xpfo: temporarily map dcache regions Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-14 18:25 ` [kernel-hardening] " Mark Rutland
2017-09-14 18:25 ` Mark Rutland
2017-09-14 18:25 ` Mark Rutland
2017-09-14 18:25 ` Mark Rutland
2017-09-18 21:29 ` [kernel-hardening] " Tycho Andersen
2017-09-18 21:29 ` Tycho Andersen
2017-09-18 21:29 ` Tycho Andersen
2017-09-18 21:29 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 08/11] arm64/mm: Add support for XPFO to swiotlb Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 09/11] arm64/mm: disable section/contiguous mappings if XPFO is enabled Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-09 15:38 ` [kernel-hardening] " Laura Abbott
2017-09-09 15:38 ` Laura Abbott
2017-09-09 15:38 ` Laura Abbott
2017-09-09 15:38 ` Laura Abbott
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 10/11] mm: add a user_virt_to_phys symbol Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-08 7:55 ` [kernel-hardening] " Christoph Hellwig
2017-09-08 7:55 ` Christoph Hellwig
2017-09-08 7:55 ` Christoph Hellwig
2017-09-08 7:55 ` Christoph Hellwig
2017-09-08 15:44 ` [kernel-hardening] " Kees Cook
2017-09-08 15:44 ` Kees Cook
2017-09-08 15:44 ` Kees Cook
2017-09-08 15:44 ` Kees Cook
2017-09-11 7:36 ` [kernel-hardening] " Christoph Hellwig
2017-09-11 7:36 ` Christoph Hellwig
2017-09-11 7:36 ` Christoph Hellwig
2017-09-11 7:36 ` Christoph Hellwig
2017-09-14 18:34 ` [kernel-hardening] " Mark Rutland
2017-09-14 18:34 ` Mark Rutland
2017-09-14 18:34 ` Mark Rutland
2017-09-18 20:56 ` Tycho Andersen
2017-09-18 20:56 ` Tycho Andersen
2017-09-18 20:56 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 11/11] lkdtm: Add test for XPFO Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 19:08 ` [kernel-hardening] " Kees Cook
2017-09-07 19:08 ` Kees Cook
2017-09-07 19:08 ` Kees Cook
2017-09-10 0:57 ` [kernel-hardening] " kbuild test robot
2017-09-10 0:57 ` kbuild test robot
2017-09-10 0:57 ` kbuild test robot
2017-09-11 10:34 ` [kernel-hardening] Re: [PATCH v6 00/11] Add support for eXclusive Page Frame Ownership Yisheng Xie
2017-09-11 10:34 ` Yisheng Xie
2017-09-11 10:34 ` Yisheng Xie
2017-09-11 15:02 ` [kernel-hardening] " Tycho Andersen
2017-09-11 15:02 ` Tycho Andersen
2017-09-11 15:02 ` Tycho Andersen
2017-09-12 7:07 ` [kernel-hardening] " Yisheng Xie
2017-09-12 7:07 ` Yisheng Xie
2017-09-12 7:07 ` Yisheng Xie
2017-09-12 7:40 ` [kernel-hardening] " Juerg Haefliger
2017-09-12 7:40 ` Juerg Haefliger
2017-09-12 7:40 ` Juerg Haefliger
2017-09-12 8:11 ` [kernel-hardening] " Yisheng Xie
2017-09-12 8:11 ` Yisheng Xie
2017-09-12 8:11 ` Yisheng Xie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170914182205.GA1711@remoulade \
--to=mark.rutland@arm.com \
--cc=juerg.haefliger@canonical.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=marco.antonio.780@gmail.com \
--cc=tycho@docker.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.