From: James Morris <james.l.morris@oracle.com>
To: Andy Lutomirski <luto@amacapital.net>,
Khalid Aziz <khalid.aziz@oracle.com>
Cc: David Miller <davem@davemloft.net>,
Jonathan Corbet <corbet@lwn.net>,
Andrew Morton <akpm@linux-foundation.org>,
dingel@linux.vnet.ibm.com, bob.picco@oracle.com,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Arnd Bergmann <arnd@arndb.de>,
sparclinux@vger.kernel.org, Rob Gardner <rob.gardner@oracle.com>,
Michal Hocko <mhocko@suse.cz>,
chris.hyser@oracle.com, Richard Weinberger <richard@nod.at>,
Vlastimil Babka <vbabka@suse.cz>,
Konstantin Khlebnikov <koct9i@gmail.com>,
Oleg Nesterov <oleg@redhat.com>, Greg Thelen <gthelen@google.com>,
Jan Kara <jack@suse.cz>,
xiexiuqi@huawei.com, Vineet.Gupta1@synopsys.com,
Andrew Lutomirski <luto@kernel.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Benjamin Segall <bsegall@google.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Davidlohr Bueso <dave@stgolabs.net>,
Alexey Dobriyan <adobriyan@gmail.com>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
linux-arch <linux-arch@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)
Date: Tue, 08 Mar 2016 20:33:01 +1100 [thread overview]
Message-ID: <56DE9C4D.8000709@oracle.com> (raw)
In-Reply-To: <56DE1341.4080206@oracle.com>
On 03/08/2016 10:48 AM, James Morris wrote:
> On 03/08/2016 06:54 AM, Andy Lutomirski wrote:
>>
>> This makes sense, but I still think the design is poor. If the hacker
>> gets code execution, then they can trivially brute force the ADI bits.
>>
>
> ADI in this scenario is intended to prevent the attacker from gaining
> code execution in the first place.
Here's some more background from Enrico Perla (who literally wrote the
book on kernel exploitation):
https://blogs.oracle.com/enrico/entry/hardening_allocators_with_adi
Probably the most significant advantage from a security point of view is
the ability to eliminate an entire class of vulnerability: adjacent heap
overflows, as discussed above, where, for example, adjacent heap objects
are tagged differently. Classic linear buffer overflows can be eliminated.
As Kees Cook outlined at the 2015 kernel summit, it's best to mitigate
classes of vulnerabilities rather than patch each instance:
https://outflux.net/slides/2011/defcon/kernel-exploitation.pdf
The Linux ADI implementation is currently very rudimentary, and we
definitely welcome continued feedback from the community and ideas as it
evolves.
- James
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-03-08 9:33 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-02 20:39 [PATCH v2] sparc64: Add support for Application Data Integrity (ADI) Khalid Aziz
2016-03-02 23:08 ` Julian Calaby
2016-03-03 0:25 ` Khalid Aziz
2016-03-03 0:48 ` Julian Calaby
2016-03-03 17:28 ` Khalid Aziz
2016-03-06 4:07 ` David Miller
2016-03-07 15:07 ` Khalid Aziz
2016-03-07 15:30 ` Rob Gardner
2016-03-07 15:43 ` Andy Lutomirski
2016-03-07 16:06 ` Khalid Aziz
2016-03-07 17:46 ` Dave Hansen
2016-03-07 17:53 ` Andy Lutomirski
2016-03-07 18:12 ` Dave Hansen
2016-03-07 18:39 ` Khalid Aziz
2016-03-07 18:53 ` Andy Lutomirski
2016-03-07 19:22 ` David Miller
2016-03-07 19:46 ` Khalid Aziz
2016-03-07 22:40 ` Dave Hansen
2016-03-08 1:31 ` Rob Gardner
2016-03-07 21:06 ` Khalid Aziz
2016-03-08 19:57 ` David Miller
2016-03-08 20:16 ` Khalid Aziz
2016-03-08 20:27 ` David Miller
2016-03-08 20:59 ` Khalid Aziz
2016-03-07 15:45 ` Khalid Aziz
2016-03-07 16:45 ` David Miller
2016-03-07 17:51 ` Khalid Aziz
2016-03-07 16:56 ` David Miller
2016-03-07 18:04 ` Khalid Aziz
2016-03-07 18:08 ` Andy Lutomirski
2016-03-07 18:22 ` Khalid Aziz
2016-03-07 18:49 ` Andy Lutomirski
2016-03-07 19:19 ` David Miller
2016-03-07 19:44 ` Khalid Aziz
2016-03-07 19:54 ` Andy Lutomirski
2016-03-07 20:41 ` Khalid Aziz
2016-03-07 20:58 ` David Miller
2016-03-07 21:02 ` Andy Lutomirski
2016-03-07 21:09 ` Khalid Aziz
2016-03-07 23:34 ` James Morris
2016-03-07 23:48 ` James Morris
2016-03-08 9:33 ` James Morris [this message]
2016-03-07 18:09 ` Rob Gardner
2016-03-07 18:24 ` Khalid Aziz
2016-03-07 19:16 ` David Miller
2016-03-07 21:33 ` Khalid Aziz
2016-03-07 21:38 ` David Miller
2016-03-07 23:13 ` Rob Gardner
2016-03-08 4:13 ` David Miller
2016-03-07 23:12 ` Rob Gardner
2016-03-07 23:27 ` Khalid Aziz
2016-03-08 0:21 ` Khalid Aziz
2016-03-08 4:24 ` David Miller
2016-03-07 23:32 ` Rob Gardner
2016-03-07 19:09 ` David Miller
2016-03-07 21:27 ` Khalid Aziz
2016-03-07 21:34 ` David Miller
2016-03-07 22:30 ` Khalid Aziz
2016-03-07 17:32 ` Dave Hansen
2016-03-07 17:35 ` Dave Hansen
2016-03-07 18:15 ` Khalid Aziz
2016-03-07 19:06 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56DE9C4D.8000709@oracle.com \
--to=james.l.morris@oracle.com \
--cc=Vineet.Gupta1@synopsys.com \
--cc=aarcange@redhat.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=arnd@arndb.de \
--cc=bob.picco@oracle.com \
--cc=bsegall@google.com \
--cc=chris.hyser@oracle.com \
--cc=corbet@lwn.net \
--cc=dave@stgolabs.net \
--cc=davem@davemloft.net \
--cc=dingel@linux.vnet.ibm.com \
--cc=ebiederm@xmission.com \
--cc=geert@linux-m68k.org \
--cc=gthelen@google.com \
--cc=jack@suse.cz \
--cc=khalid.aziz@oracle.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=koct9i@gmail.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=mhocko@suse.cz \
--cc=oleg@redhat.com \
--cc=richard@nod.at \
--cc=rob.gardner@oracle.com \
--cc=sparclinux@vger.kernel.org \
--cc=vbabka@suse.cz \
--cc=xiexiuqi@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).