From: "H. Peter Anvin" <hpa@zytor.com>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Eric Northup <digitaleric@google.com>,
Kees Cook <keescook@chromium.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Ingo Molnar <mingo@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Jeremy Fitzhardinge <jeremy@goop.org>,
Marcelo Tosatti <mtosatti@redhat.com>,
Alex Shi <alex.shi@intel.com>,
Borislav Petkov <borislav.petkov@amd.com>,
Alexander Duyck <alexander.h.duyck@intel.com>,
Frederic Weisbecker <fweisbec@gmail.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
"xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
"virtualization@lists.linux-foundation.org"
<virtualization@lists.linux-foundation.org>,
Dan Rosenberg <drosenberg@vsecurity.com>,
Julien Tinnes <jln@google.com>, Will Drewry <wad@chromium.org>
Subject: [kernel-hardening] Re: Readonly GDT
Date: Tue, 09 Apr 2013 17:58:34 -0700 [thread overview]
Message-ID: <5164B93A.1050706@zytor.com> (raw)
In-Reply-To: <1365555234.25498.91.camel@gandalf.local.home>
On 04/09/2013 05:53 PM, Steven Rostedt wrote:
> On Tue, 2013-04-09 at 17:43 -0700, H. Peter Anvin wrote:
>> OK, thinking about the GDT here.
>>
>> The GDT is quite small -- 256 bytes on i386, 128 bytes on x86-64. As
>> such, we probably don't want to allocate a full page to it for only
>> that. This means that in order to create a readonly mapping we have to
>> pack GDTs from different CPUs together in the same pages, *or* we
>> tolerate that other things on the same page gets reflected in the same
>> mapping.
>
> What about grouping via nodes?
>
Would be nicer for locality, although probably adds [even] more complexity.
We don't really care about 32-bit NUMA anymore -- it keeps getting
suggested for deletion, even. For 64-bit it might make sense to just
reflect out of the percpu area even though it munches address space.
>>
>> However, the packing solution has the advantage of reducing address
>> space consumption which matters on 32 bits: even on i386 we can easily
>> burn a megabyte of address space for 4096 processors, but burning 16
>> megabytes starts to hurt.
>
> Having 4096 32 bit processors, you deserve what you get. ;-)
>
Well, the main problem is that it might get difficult to make this a
runtime thing; it more likely ends up being a compile-time bit.
-hpa
WARNING: multiple messages have this Message-ID (diff)
From: "H. Peter Anvin" <hpa@zytor.com>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Alexander Duyck <alexander.h.duyck@intel.com>,
Alex Shi <alex.shi@intel.com>,
Jeremy Fitzhardinge <jeremy@goop.org>,
Will Drewry <wad@chromium.org>, Kees Cook <keescook@chromium.org>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Frederic Weisbecker <fweisbec@gmail.com>,
Dan Rosenberg <drosenberg@vsecurity.com>,
"x86@kernel.org" <x86@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Borislav Petkov <borislav.petkov@amd.com>,
Ingo Molnar <mingo@redhat.com>, Julien Tinnes <jln@google.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
"virtualization@lists.linux-foundation.org"
<virtualization@lists.linux-foundation.org>,
"xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: Re: Readonly GDT
Date: Tue, 09 Apr 2013 17:58:34 -0700 [thread overview]
Message-ID: <5164B93A.1050706@zytor.com> (raw)
In-Reply-To: <1365555234.25498.91.camel@gandalf.local.home>
On 04/09/2013 05:53 PM, Steven Rostedt wrote:
> On Tue, 2013-04-09 at 17:43 -0700, H. Peter Anvin wrote:
>> OK, thinking about the GDT here.
>>
>> The GDT is quite small -- 256 bytes on i386, 128 bytes on x86-64. As
>> such, we probably don't want to allocate a full page to it for only
>> that. This means that in order to create a readonly mapping we have to
>> pack GDTs from different CPUs together in the same pages, *or* we
>> tolerate that other things on the same page gets reflected in the same
>> mapping.
>
> What about grouping via nodes?
>
Would be nicer for locality, although probably adds [even] more complexity.
We don't really care about 32-bit NUMA anymore -- it keeps getting
suggested for deletion, even. For 64-bit it might make sense to just
reflect out of the percpu area even though it munches address space.
>>
>> However, the packing solution has the advantage of reducing address
>> space consumption which matters on 32 bits: even on i386 we can easily
>> burn a megabyte of address space for 4096 processors, but burning 16
>> megabytes starts to hurt.
>
> Having 4096 32 bit processors, you deserve what you get. ;-)
>
Well, the main problem is that it might get difficult to make this a
runtime thing; it more likely ends up being a compile-time bit.
-hpa
WARNING: multiple messages have this Message-ID (diff)
From: "H. Peter Anvin" <hpa@zytor.com>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Eric Northup <digitaleric@google.com>,
Kees Cook <keescook@chromium.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Ingo Molnar <mingo@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Jeremy Fitzhardinge <jeremy@goop.org>,
Marcelo Tosatti <mtosatti@redhat.com>,
Alex Shi <alex.shi@intel.com>,
Borislav Petkov <borislav.petkov@amd.com>,
Alexander Duyck <alexander.h.duyck@intel.com>,
Frederic Weisbecker <fweisbec@gmail.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
"xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
"virtualization@lists.linux-foundation.org"
<virtualization@lists.linux-foundation.org>,
Dan Rosenberg <drosenberg@vsecurity.com>,
Julien Tinnes <jln@google.com>, Will Drewry <wad@chromium.org>
Subject: Re: Readonly GDT
Date: Tue, 09 Apr 2013 17:58:34 -0700 [thread overview]
Message-ID: <5164B93A.1050706@zytor.com> (raw)
In-Reply-To: <1365555234.25498.91.camel@gandalf.local.home>
On 04/09/2013 05:53 PM, Steven Rostedt wrote:
> On Tue, 2013-04-09 at 17:43 -0700, H. Peter Anvin wrote:
>> OK, thinking about the GDT here.
>>
>> The GDT is quite small -- 256 bytes on i386, 128 bytes on x86-64. As
>> such, we probably don't want to allocate a full page to it for only
>> that. This means that in order to create a readonly mapping we have to
>> pack GDTs from different CPUs together in the same pages, *or* we
>> tolerate that other things on the same page gets reflected in the same
>> mapping.
>
> What about grouping via nodes?
>
Would be nicer for locality, although probably adds [even] more complexity.
We don't really care about 32-bit NUMA anymore -- it keeps getting
suggested for deletion, even. For 64-bit it might make sense to just
reflect out of the percpu area even though it munches address space.
>>
>> However, the packing solution has the advantage of reducing address
>> space consumption which matters on 32 bits: even on i386 we can easily
>> burn a megabyte of address space for 4096 processors, but burning 16
>> megabytes starts to hurt.
>
> Having 4096 32 bit processors, you deserve what you get. ;-)
>
Well, the main problem is that it might get difficult to make this a
runtime thing; it more likely ends up being a compile-time bit.
-hpa
next prev parent reply other threads:[~2013-04-10 0:58 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-08 22:43 [kernel-hardening] [PATCH] x86: make IDT read-only Kees Cook
2013-04-08 22:43 ` Kees Cook
2013-04-08 22:43 ` Kees Cook
2013-04-08 22:47 ` [kernel-hardening] " H. Peter Anvin
2013-04-08 22:47 ` H. Peter Anvin
2013-04-08 22:47 ` H. Peter Anvin
2013-04-08 22:55 ` [kernel-hardening] " Kees Cook
2013-04-08 22:55 ` Kees Cook
2013-04-08 22:55 ` Kees Cook
2013-04-08 22:48 ` [kernel-hardening] " H. Peter Anvin
2013-04-08 22:48 ` H. Peter Anvin
2013-04-08 22:48 ` H. Peter Anvin
2013-04-09 9:23 ` [kernel-hardening] " Thomas Gleixner
2013-04-09 9:23 ` Thomas Gleixner
2013-04-09 18:22 ` [kernel-hardening] " Kees Cook
2013-04-09 18:22 ` Kees Cook
2013-04-09 18:26 ` H. Peter Anvin
2013-04-09 18:26 ` H. Peter Anvin
2013-04-09 18:31 ` Kees Cook
2013-04-09 18:31 ` Kees Cook
2013-04-09 18:39 ` H. Peter Anvin
2013-04-09 18:39 ` H. Peter Anvin
2013-04-09 18:46 ` Kees Cook
2013-04-09 18:46 ` Kees Cook
2013-04-09 18:50 ` H. Peter Anvin
2013-04-09 18:50 ` H. Peter Anvin
2013-04-09 18:53 ` Kees Cook
2013-04-09 18:53 ` Kees Cook
2013-04-09 18:54 ` Eric Northup
2013-04-09 18:54 ` Eric Northup
2013-04-09 18:59 ` H. Peter Anvin
2013-04-09 18:59 ` H. Peter Anvin
2013-04-10 0:43 ` [kernel-hardening] Readonly GDT H. Peter Anvin
2013-04-10 0:43 ` H. Peter Anvin
2013-04-10 0:43 ` H. Peter Anvin
2013-04-10 0:53 ` [kernel-hardening] " Steven Rostedt
2013-04-10 0:53 ` Steven Rostedt
2013-04-10 0:53 ` Steven Rostedt
2013-04-10 0:58 ` H. Peter Anvin [this message]
2013-04-10 0:58 ` H. Peter Anvin
2013-04-10 0:58 ` H. Peter Anvin
2013-04-10 9:42 ` [kernel-hardening] Re: [Xen-devel] " Jan Beulich
2013-04-10 9:42 ` Jan Beulich
2013-04-10 9:42 ` Jan Beulich
2013-04-10 14:16 ` [kernel-hardening] " H. Peter Anvin
2013-04-10 14:16 ` H. Peter Anvin
2013-04-10 14:16 ` H. Peter Anvin
2013-04-10 18:28 ` [kernel-hardening] " H. Peter Anvin
2013-04-10 18:28 ` H. Peter Anvin
2013-04-10 9:41 ` [kernel-hardening] Re: [PATCH] x86: make IDT read-only Ingo Molnar
2013-04-10 9:41 ` Ingo Molnar
2013-04-10 0:03 ` H. Peter Anvin
2013-04-10 0:03 ` H. Peter Anvin
2013-04-10 9:52 ` Ingo Molnar
2013-04-10 9:52 ` Ingo Molnar
2013-04-09 9:23 ` Thomas Gleixner
2013-04-09 9:45 ` [kernel-hardening] " Eric W. Biederman
2013-04-09 9:45 ` Eric W. Biederman
2013-04-09 9:45 ` Eric W. Biederman
2013-04-10 9:57 ` [kernel-hardening] " Ingo Molnar
2013-04-10 9:57 ` Ingo Molnar
2013-04-10 9:57 ` Ingo Molnar
2013-04-10 10:40 ` [kernel-hardening] " Eric W. Biederman
2013-04-10 10:40 ` Eric W. Biederman
2013-04-10 10:40 ` Eric W. Biederman
2013-04-10 16:31 ` [kernel-hardening] " Eric Northup
2013-04-10 16:31 ` Eric Northup
2013-04-10 16:31 ` Eric Northup
2013-04-10 16:48 ` [kernel-hardening] " H. Peter Anvin
2013-04-10 16:48 ` H. Peter Anvin
2013-04-10 16:48 ` H. Peter Anvin
2013-04-08 22:56 ` Maciej W. Rozycki
2013-04-08 22:56 ` [kernel-hardening] " Maciej W. Rozycki
2013-04-08 22:56 ` Maciej W. Rozycki
2013-04-08 23:00 ` [kernel-hardening] " Kees Cook
2013-04-08 23:00 ` Kees Cook
2013-04-08 23:00 ` Kees Cook
2013-04-08 23:05 ` [kernel-hardening] " Kees Cook
2013-04-08 23:05 ` Kees Cook
2013-04-08 23:05 ` Kees Cook
2013-04-08 23:42 ` [kernel-hardening] " Maciej W. Rozycki
2013-04-08 23:42 ` Maciej W. Rozycki
2013-04-08 23:42 ` Maciej W. Rozycki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5164B93A.1050706@zytor.com \
--to=hpa@zytor.com \
--cc=alex.shi@intel.com \
--cc=alexander.h.duyck@intel.com \
--cc=borislav.petkov@amd.com \
--cc=digitaleric@google.com \
--cc=drosenberg@vsecurity.com \
--cc=fweisbec@gmail.com \
--cc=jeremy@goop.org \
--cc=jln@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mtosatti@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=rostedt@goodmis.org \
--cc=virtualization@lists.linux-foundation.org \
--cc=wad@chromium.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.