From: Dave Hansen <dave.hansen@linux.intel.com>
To: Khalid Aziz <khalid.aziz@oracle.com>,
davem@davemloft.net, corbet@lwn.net, arnd@arndb.de,
akpm@linux-foundation.org
Cc: hpa@zytor.com, viro@zeniv.linux.org.uk, nitin.m.gupta@oracle.com,
chris.hyser@oracle.com, tushar.n.dave@oracle.com,
sowmini.varadhan@oracle.com, mike.kravetz@oracle.com,
adam.buchbinder@gmail.com, minchan@kernel.org, hughd@google.com,
kirill.shutemov@linux.intel.com, keescook@chromium.org,
allen.pais@oracle.com, aryabinin@virtuozzo.com,
atish.patra@oracle.com, joe@perches.com, pmladek@suse.com,
jslaby@suse.cz, cmetcalf@mellanox.com,
paul.gortmaker@windriver.com, mhocko@suse.com,
jmarchan@redhat.com, lstoakes@gmail.com, 0x7f454c46@gmail.com,
vbabka@suse.cz, tglx@linutronix.de, mingo@redhat.com,
dan.j.williams@intel.com, iamjoonsoo.kim@lge.com,
mgorman@techsingularity.net, vdavydov.dev@gmail.com,
hannes@cmpxchg.org, namit@vmware.com, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, sparclinux@vger.kernel.org,
linux-arch@vger.kernel.org, x86@kernel.org, linux-mm@kvack.org
Subject: Re: [PATCH v4 0/4] Application Data Integrity feature introduced by SPARC M7
Date: Thu, 12 Jan 2017 09:53:24 -0800 [thread overview]
Message-ID: <b0a6341d-fb85-9f50-4803-304f3e28b4ab@linux.intel.com> (raw)
In-Reply-To: <b480fdcc-e08a-eea7-9bac-12bc236422c6@oracle.com>
On 01/12/2017 08:50 AM, Khalid Aziz wrote:
> 2. Any shared page that has ADI protection enabled on it, must stay ADI
> protected across all processes sharing it.
Is that true?
What happens if a page with ADI tags set is accessed via a PTE without
the ADI enablement bit set?
> COW creates an intersection of the two. It creates a new copy of the
> shared data. It is a new data page and hence the process creating it
> must be the one responsible for enabling ADI protection on it.
Do you mean that the application must be responsible? Or the kernel
running in the context of the new process must be responsible?
> It is also a copy of what was ADI protected data, so should it
> inherit the protection instead?
I think the COW'd copy must inherit the VMA bit, the PTE bits, and the
tags on the cachelines.
> I misspoke earlier. I had misinterpreted the results of test I ran.
> Changing the tag on shared memory is allowed by memory controller. The
> requirement is every one sharing the page must switch to the new tag or
> else they get SIGSEGV.
I asked this in the last mail, but I guess I'll ask it again. Please
answer this directly.
If we require that everyone coordinate their tags on the backing
physical memory, and we allow a lower-privileged program to access the
same data as a more-privileged one, then the lower-privilege app can
cause arbitrary crashes in the privileged application.
For instance, say sudo mmap()'s /etc/passwd and uses ADI tags to protect
the mapping. Couldn't any other app in the system prevent sudo from
working?
How can we *EVER* allow tags to be set on non-writable mappings?
> I am inclined to suggest we copy the tags to the new data page on COW
> and that will continue to enforce ADI on the COW'd pages even though
> COW'd pages are new data pages. This is the logically consistent
> behavior. Does that make sense?
Yes, I think this is what you have to do.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-01-12 17:53 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-11 16:12 [PATCH v4 0/4] Application Data Integrity feature introduced by SPARC M7 Khalid Aziz
2017-01-11 16:12 ` [PATCH v4 2/4] mm: Add function to support extra actions on swap in/out Khalid Aziz
2017-01-11 16:56 ` Dave Hansen
2017-01-11 17:15 ` Khalid Aziz
2017-01-11 16:12 ` [PATCH v4 4/4] sparc64: Add support for ADI (Application Data Integrity) Khalid Aziz
2017-01-17 4:39 ` David Miller
2017-01-17 19:32 ` Khalid Aziz
2017-01-17 19:42 ` David Miller
2017-01-17 20:12 ` Khalid Aziz
2017-01-18 0:14 ` Khalid Aziz
2017-01-11 16:33 ` [PATCH v4 0/4] Application Data Integrity feature introduced by SPARC M7 Dave Hansen
2017-01-11 16:56 ` Khalid Aziz
2017-01-11 18:13 ` Dave Hansen
2017-01-11 18:50 ` Khalid Aziz
2017-01-11 19:11 ` Dave Hansen
2017-01-12 0:22 ` Khalid Aziz
2017-01-12 0:49 ` Dave Hansen
2017-01-12 16:50 ` Khalid Aziz
2017-01-12 17:53 ` Dave Hansen [this message]
2017-01-13 0:22 ` Khalid Aziz
2017-01-13 1:31 ` Rob Gardner
2017-01-13 14:48 ` Khalid Aziz
2017-01-13 15:29 ` Rob Gardner
2017-01-13 15:59 ` Khalid Aziz
2017-01-13 16:08 ` Dave Hansen
2017-01-13 17:36 ` Rob Gardner
2017-01-17 4:47 ` David Miller
2017-01-17 21:43 ` Khalid Aziz
2017-01-17 4:42 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b0a6341d-fb85-9f50-4803-304f3e28b4ab@linux.intel.com \
--to=dave.hansen@linux.intel.com \
--cc=0x7f454c46@gmail.com \
--cc=adam.buchbinder@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=allen.pais@oracle.com \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=atish.patra@oracle.com \
--cc=chris.hyser@oracle.com \
--cc=cmetcalf@mellanox.com \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=davem@davemloft.net \
--cc=hannes@cmpxchg.org \
--cc=hpa@zytor.com \
--cc=hughd@google.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=jmarchan@redhat.com \
--cc=joe@perches.com \
--cc=jslaby@suse.cz \
--cc=keescook@chromium.org \
--cc=khalid.aziz@oracle.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lstoakes@gmail.com \
--cc=mgorman@techsingularity.net \
--cc=mhocko@suse.com \
--cc=mike.kravetz@oracle.com \
--cc=minchan@kernel.org \
--cc=mingo@redhat.com \
--cc=namit@vmware.com \
--cc=nitin.m.gupta@oracle.com \
--cc=paul.gortmaker@windriver.com \
--cc=pmladek@suse.com \
--cc=sowmini.varadhan@oracle.com \
--cc=sparclinux@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tushar.n.dave@oracle.com \
--cc=vbabka@suse.cz \
--cc=vdavydov.dev@gmail.com \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).