From: Ingo Molnar <mingo@kernel.org>
To: Nadav Amit <nadav.amit@gmail.com>
Cc: Khalid Aziz <khalid.aziz@oracle.com>,
juergh@gmail.com, Tycho Andersen <tycho@tycho.ws>,
jsteckli@amazon.de, keescook@google.com,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Juerg Haefliger <juerg.haefliger@canonical.com>,
deepa.srinivasan@oracle.com, chris.hyser@oracle.com,
tyhicks@canonical.com, David Woodhouse <dwmw@amazon.co.uk>,
Andrew Cooper <andrew.cooper3@citrix.com>,
jcm@redhat.com, Boris Ostrovsky <boris.ostrovsky@oracle.com>,
iommu <iommu@lists.linux-foundation.org>, X86 ML <x86@kernel.org>,
linux-arm-kernel@lists.infradead.org,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>,
LSM List <linux-security-module@vger.kernel.org>,
Khalid Aziz <khalid@gonehiking.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Dave Hansen <dave@sr71.net>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>,
Arjan van de Ven <arjan@infradead.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Date: Wed, 17 Apr 2019 19:26:32 +0200 [thread overview]
Message-ID: <20190417172632.GA95485@gmail.com> (raw)
In-Reply-To: <56A175F6-E5DA-4BBD-B244-53B786F27B7F@gmail.com>
* Nadav Amit <nadav.amit@gmail.com> wrote:
> > On Apr 17, 2019, at 10:09 AM, Ingo Molnar <mingo@kernel.org> wrote:
> >
> >
> > * Khalid Aziz <khalid.aziz@oracle.com> wrote:
> >
> >>> I.e. the original motivation of the XPFO patches was to prevent execution
> >>> of direct kernel mappings. Is this motivation still present if those
> >>> mappings are non-executable?
> >>>
> >>> (Sorry if this has been asked and answered in previous discussions.)
> >>
> >> Hi Ingo,
> >>
> >> That is a good question. Because of the cost of XPFO, we have to be very
> >> sure we need this protection. The paper from Vasileios, Michalis and
> >> Angelos - <http://www.cs.columbia.edu/~vpk/papers/ret2dir.sec14.pdf>,
> >> does go into how ret2dir attacks can bypass SMAP/SMEP in sections 6.1
> >> and 6.2.
> >
> > So it would be nice if you could generally summarize external arguments
> > when defending a patchset, instead of me having to dig through a PDF
> > which not only causes me to spend time that you probably already spent
> > reading that PDF, but I might also interpret it incorrectly. ;-)
> >
> > The PDF you cited says this:
> >
> > "Unfortunately, as shown in Table 1, the W^X prop-erty is not enforced
> > in many platforms, including x86-64. In our example, the content of
> > user address 0xBEEF000 is also accessible through kernel address
> > 0xFFFF87FF9F080000 as plain, executable code."
> >
> > Is this actually true of modern x86-64 kernels? We've locked down W^X
> > protections in general.
>
> As I was curious, I looked at the paper. Here is a quote from it:
>
> "In x86-64, however, the permissions of physmap are not in sane state.
> Kernels up to v3.8.13 violate the W^X property by mapping the entire region
> as “readable, writeable, and executable” (RWX)—only very recent kernels
> (≥v3.9) use the more conservative RW mapping.”
But v3.8.13 is a 5+ years old kernel, it doesn't count as a "modern"
kernel in any sense of the word. For any proposed patchset with
significant complexity and non-trivial costs the benchmark version
threshold is the "current upstream kernel".
So does that quote address my followup questions:
> Is this actually true of modern x86-64 kernels? We've locked down W^X
> protections in general.
>
> I.e. this conclusion:
>
> "Therefore, by simply overwriting kfptr with 0xFFFF87FF9F080000 and
> triggering the kernel to dereference it, an attacker can directly
> execute shell code with kernel privileges."
>
> ... appears to be predicated on imperfect W^X protections on the x86-64
> kernel.
>
> Do such holes exist on the latest x86-64 kernel? If yes, is there a
> reason to believe that these W^X holes cannot be fixed, or that any fix
> would be more expensive than XPFO?
?
What you are proposing here is a XPFO patch-set against recent kernels
with significant runtime overhead, so my questions about the W^X holes
are warranted.
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Nadav Amit <nadav.amit@gmail.com>
Cc: Khalid Aziz <khalid.aziz@oracle.com>,
juergh@gmail.com, Tycho Andersen <tycho@tycho.ws>,
jsteckli@amazon.de, keescook@google.com,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Juerg Haefliger <juerg.haefliger@canonical.com>,
deepa.srinivasan@oracle.com, chris.hyser@oracle.com,
tyhicks@canonical.com, David Woodhouse <dwmw@amazon.co.uk>,
Andrew Cooper <andrew.cooper3@citrix.com>,
jcm@redhat.com, Boris Ostrovsky <boris.ostrovsky@oracle.com>,
iommu <iommu@lists.linux-foundation.org>, X86 ML <x86@kernel.org>,
linux-arm-kernel@lists.infradead.org,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>,
LSM List <linux-security-module@vger.kernel.org>,
Khalid Aziz <khalid@gonehiking.o>
Subject: Re: [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Date: Wed, 17 Apr 2019 19:26:32 +0200 [thread overview]
Message-ID: <20190417172632.GA95485@gmail.com> (raw)
In-Reply-To: <56A175F6-E5DA-4BBD-B244-53B786F27B7F@gmail.com>
* Nadav Amit <nadav.amit@gmail.com> wrote:
> > On Apr 17, 2019, at 10:09 AM, Ingo Molnar <mingo@kernel.org> wrote:
> >
> >
> > * Khalid Aziz <khalid.aziz@oracle.com> wrote:
> >
> >>> I.e. the original motivation of the XPFO patches was to prevent execution
> >>> of direct kernel mappings. Is this motivation still present if those
> >>> mappings are non-executable?
> >>>
> >>> (Sorry if this has been asked and answered in previous discussions.)
> >>
> >> Hi Ingo,
> >>
> >> That is a good question. Because of the cost of XPFO, we have to be very
> >> sure we need this protection. The paper from Vasileios, Michalis and
> >> Angelos - <http://www.cs.columbia.edu/~vpk/papers/ret2dir.sec14.pdf>,
> >> does go into how ret2dir attacks can bypass SMAP/SMEP in sections 6.1
> >> and 6.2.
> >
> > So it would be nice if you could generally summarize external arguments
> > when defending a patchset, instead of me having to dig through a PDF
> > which not only causes me to spend time that you probably already spent
> > reading that PDF, but I might also interpret it incorrectly. ;-)
> >
> > The PDF you cited says this:
> >
> > "Unfortunately, as shown in Table 1, the W^X prop-erty is not enforced
> > in many platforms, including x86-64. In our example, the content of
> > user address 0xBEEF000 is also accessible through kernel address
> > 0xFFFF87FF9F080000 as plain, executable code."
> >
> > Is this actually true of modern x86-64 kernels? We've locked down W^X
> > protections in general.
>
> As I was curious, I looked at the paper. Here is a quote from it:
>
> "In x86-64, however, the permissions of physmap are not in sane state.
> Kernels up to v3.8.13 violate the W^X property by mapping the entire region
> as “readable, writeable, and executable” (RWX)—only very recent kernels
> (≥v3.9) use the more conservative RW mapping.”
But v3.8.13 is a 5+ years old kernel, it doesn't count as a "modern"
kernel in any sense of the word. For any proposed patchset with
significant complexity and non-trivial costs the benchmark version
threshold is the "current upstream kernel".
So does that quote address my followup questions:
> Is this actually true of modern x86-64 kernels? We've locked down W^X
> protections in general.
>
> I.e. this conclusion:
>
> "Therefore, by simply overwriting kfptr with 0xFFFF87FF9F080000 and
> triggering the kernel to dereference it, an attacker can directly
> execute shell code with kernel privileges."
>
> ... appears to be predicated on imperfect W^X protections on the x86-64
> kernel.
>
> Do such holes exist on the latest x86-64 kernel? If yes, is there a
> reason to believe that these W^X holes cannot be fixed, or that any fix
> would be more expensive than XPFO?
?
What you are proposing here is a XPFO patch-set against recent kernels
with significant runtime overhead, so my questions about the W^X holes
are warranted.
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Nadav Amit <nadav.amit@gmail.com>
Cc: Dave Hansen <dave@sr71.net>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>,
Khalid Aziz <khalid.aziz@oracle.com>,
deepa.srinivasan@oracle.com, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Tycho Andersen <tycho@tycho.ws>, X86 ML <x86@kernel.org>,
iommu <iommu@lists.linux-foundation.org>,
jsteckli@amazon.de, Arjan van de Ven <arjan@infradead.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
jcm@redhat.com, Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
chris.hyser@oracle.com, linux-arm-kernel@lists.infradead.org,
Khalid Aziz <khalid@gonehiking.org>,
juergh@gmail.com, Andrew Cooper <andrew.cooper3@citrix.com>,
Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
tyhicks@canonical.com,
LSM List <linux-security-module@vger.kernel.org>,
Juerg Haefliger <juerg.haefliger@canonical.com>,
keescook@google.com, Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
David Woodhouse <dwmw@amazon.co.uk>
Subject: Re: [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Date: Wed, 17 Apr 2019 19:26:32 +0200 [thread overview]
Message-ID: <20190417172632.GA95485@gmail.com> (raw)
Message-ID: <20190417172632.kQA4gzHb0m0-mX9rV2JqgF6TfV6qgfDTZIccv2nr2v8@z> (raw)
In-Reply-To: <56A175F6-E5DA-4BBD-B244-53B786F27B7F@gmail.com>
* Nadav Amit <nadav.amit@gmail.com> wrote:
> > On Apr 17, 2019, at 10:09 AM, Ingo Molnar <mingo@kernel.org> wrote:
> >
> >
> > * Khalid Aziz <khalid.aziz@oracle.com> wrote:
> >
> >>> I.e. the original motivation of the XPFO patches was to prevent execution
> >>> of direct kernel mappings. Is this motivation still present if those
> >>> mappings are non-executable?
> >>>
> >>> (Sorry if this has been asked and answered in previous discussions.)
> >>
> >> Hi Ingo,
> >>
> >> That is a good question. Because of the cost of XPFO, we have to be very
> >> sure we need this protection. The paper from Vasileios, Michalis and
> >> Angelos - <http://www.cs.columbia.edu/~vpk/papers/ret2dir.sec14.pdf>,
> >> does go into how ret2dir attacks can bypass SMAP/SMEP in sections 6.1
> >> and 6.2.
> >
> > So it would be nice if you could generally summarize external arguments
> > when defending a patchset, instead of me having to dig through a PDF
> > which not only causes me to spend time that you probably already spent
> > reading that PDF, but I might also interpret it incorrectly. ;-)
> >
> > The PDF you cited says this:
> >
> > "Unfortunately, as shown in Table 1, the W^X prop-erty is not enforced
> > in many platforms, including x86-64. In our example, the content of
> > user address 0xBEEF000 is also accessible through kernel address
> > 0xFFFF87FF9F080000 as plain, executable code."
> >
> > Is this actually true of modern x86-64 kernels? We've locked down W^X
> > protections in general.
>
> As I was curious, I looked at the paper. Here is a quote from it:
>
> "In x86-64, however, the permissions of physmap are not in sane state.
> Kernels up to v3.8.13 violate the W^X property by mapping the entire region
> as “readable, writeable, and executable” (RWX)—only very recent kernels
> (≥v3.9) use the more conservative RW mapping.”
But v3.8.13 is a 5+ years old kernel, it doesn't count as a "modern"
kernel in any sense of the word. For any proposed patchset with
significant complexity and non-trivial costs the benchmark version
threshold is the "current upstream kernel".
So does that quote address my followup questions:
> Is this actually true of modern x86-64 kernels? We've locked down W^X
> protections in general.
>
> I.e. this conclusion:
>
> "Therefore, by simply overwriting kfptr with 0xFFFF87FF9F080000 and
> triggering the kernel to dereference it, an attacker can directly
> execute shell code with kernel privileges."
>
> ... appears to be predicated on imperfect W^X protections on the x86-64
> kernel.
>
> Do such holes exist on the latest x86-64 kernel? If yes, is there a
> reason to believe that these W^X holes cannot be fixed, or that any fix
> would be more expensive than XPFO?
?
What you are proposing here is a XPFO patch-set against recent kernels
with significant runtime overhead, so my questions about the W^X holes
are warranted.
Thanks,
Ingo
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Nadav Amit <nadav.amit@gmail.com>
Cc: Dave Hansen <dave@sr71.net>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>,
Khalid Aziz <khalid.aziz@oracle.com>,
deepa.srinivasan@oracle.com, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Tycho Andersen <tycho@tycho.ws>, X86 ML <x86@kernel.org>,
iommu <iommu@lists.linux-foundation.org>,
jsteckli@amazon.de, Arjan van de Ven <arjan@infradead.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
jcm@redhat.com, Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
chris.hyser@oracle.com, linux-arm-kernel@lists.infradead.org,
Khalid Aziz <khalid@gonehiking.org>,
juergh@gmail.com, Andrew Cooper <andrew.cooper3@citrix.com>,
Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
tyhicks@canonical.com,
LSM List <linux-security-module@vger.kernel.org>,
Juerg Haefliger <juerg.haefliger@canonical.com>,
keescook@google.com, Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
David Woodhouse <dwmw@amazon.co.uk>
Subject: Re: [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Date: Wed, 17 Apr 2019 19:26:32 +0200 [thread overview]
Message-ID: <20190417172632.GA95485@gmail.com> (raw)
In-Reply-To: <56A175F6-E5DA-4BBD-B244-53B786F27B7F@gmail.com>
* Nadav Amit <nadav.amit@gmail.com> wrote:
> > On Apr 17, 2019, at 10:09 AM, Ingo Molnar <mingo@kernel.org> wrote:
> >
> >
> > * Khalid Aziz <khalid.aziz@oracle.com> wrote:
> >
> >>> I.e. the original motivation of the XPFO patches was to prevent execution
> >>> of direct kernel mappings. Is this motivation still present if those
> >>> mappings are non-executable?
> >>>
> >>> (Sorry if this has been asked and answered in previous discussions.)
> >>
> >> Hi Ingo,
> >>
> >> That is a good question. Because of the cost of XPFO, we have to be very
> >> sure we need this protection. The paper from Vasileios, Michalis and
> >> Angelos - <http://www.cs.columbia.edu/~vpk/papers/ret2dir.sec14.pdf>,
> >> does go into how ret2dir attacks can bypass SMAP/SMEP in sections 6.1
> >> and 6.2.
> >
> > So it would be nice if you could generally summarize external arguments
> > when defending a patchset, instead of me having to dig through a PDF
> > which not only causes me to spend time that you probably already spent
> > reading that PDF, but I might also interpret it incorrectly. ;-)
> >
> > The PDF you cited says this:
> >
> > "Unfortunately, as shown in Table 1, the W^X prop-erty is not enforced
> > in many platforms, including x86-64. In our example, the content of
> > user address 0xBEEF000 is also accessible through kernel address
> > 0xFFFF87FF9F080000 as plain, executable code."
> >
> > Is this actually true of modern x86-64 kernels? We've locked down W^X
> > protections in general.
>
> As I was curious, I looked at the paper. Here is a quote from it:
>
> "In x86-64, however, the permissions of physmap are not in sane state.
> Kernels up to v3.8.13 violate the W^X property by mapping the entire region
> as “readable, writeable, and executable” (RWX)—only very recent kernels
> (≥v3.9) use the more conservative RW mapping.”
But v3.8.13 is a 5+ years old kernel, it doesn't count as a "modern"
kernel in any sense of the word. For any proposed patchset with
significant complexity and non-trivial costs the benchmark version
threshold is the "current upstream kernel".
So does that quote address my followup questions:
> Is this actually true of modern x86-64 kernels? We've locked down W^X
> protections in general.
>
> I.e. this conclusion:
>
> "Therefore, by simply overwriting kfptr with 0xFFFF87FF9F080000 and
> triggering the kernel to dereference it, an attacker can directly
> execute shell code with kernel privileges."
>
> ... appears to be predicated on imperfect W^X protections on the x86-64
> kernel.
>
> Do such holes exist on the latest x86-64 kernel? If yes, is there a
> reason to believe that these W^X holes cannot be fixed, or that any fix
> would be more expensive than XPFO?
?
What you are proposing here is a XPFO patch-set against recent kernels
with significant runtime overhead, so my questions about the W^X holes
are warranted.
Thanks,
Ingo
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-04-17 17:26 UTC|newest]
Thread overview: 202+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-03 17:34 [RFC PATCH v9 00/13] Add support for eXclusive Page Frame Ownership Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-03 17:34 ` [RFC PATCH v9 01/13] mm: add MAP_HUGETLB support to vm_mmap Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-03 17:34 ` [RFC PATCH v9 02/13] x86: always set IF before oopsing from page fault Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-04 0:12 ` Andy Lutomirski
2019-04-04 0:12 ` Andy Lutomirski
2019-04-04 1:42 ` Tycho Andersen
2019-04-04 1:42 ` Tycho Andersen
2019-04-04 4:12 ` Andy Lutomirski
2019-04-04 4:12 ` Andy Lutomirski
2019-04-04 15:47 ` Tycho Andersen
2019-04-04 15:47 ` Tycho Andersen
2019-04-04 16:23 ` Sebastian Andrzej Siewior
2019-04-04 16:28 ` Thomas Gleixner
2019-04-04 16:28 ` Thomas Gleixner
2019-04-04 17:11 ` Andy Lutomirski
2019-04-04 17:11 ` Andy Lutomirski
2019-04-03 17:34 ` [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO) Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-04 7:21 ` Peter Zijlstra
2019-04-04 7:21 ` Peter Zijlstra
2019-04-04 9:25 ` Peter Zijlstra
2019-04-04 9:25 ` Peter Zijlstra
2019-04-04 14:48 ` Tycho Andersen
2019-04-04 14:48 ` Tycho Andersen
2019-04-04 7:43 ` Peter Zijlstra
2019-04-04 7:43 ` Peter Zijlstra
2019-04-04 15:15 ` Khalid Aziz
2019-04-04 15:15 ` Khalid Aziz
2019-04-04 17:01 ` Peter Zijlstra
2019-04-04 17:01 ` Peter Zijlstra
2019-04-17 16:15 ` Ingo Molnar
2019-04-17 16:15 ` Ingo Molnar
2019-04-17 16:15 ` Ingo Molnar
2019-04-17 16:15 ` Ingo Molnar
2019-04-17 16:49 ` Khalid Aziz
2019-04-17 16:49 ` Khalid Aziz
2019-04-17 16:49 ` Khalid Aziz
2019-04-17 16:49 ` Khalid Aziz
2019-04-17 17:09 ` Ingo Molnar
2019-04-17 17:09 ` Ingo Molnar
2019-04-17 17:09 ` Ingo Molnar
2019-04-17 17:09 ` Ingo Molnar
2019-04-17 17:19 ` Nadav Amit
2019-04-17 17:19 ` Nadav Amit
2019-04-17 17:19 ` Nadav Amit
2019-04-17 17:19 ` Nadav Amit
2019-04-17 17:26 ` Ingo Molnar [this message]
2019-04-17 17:26 ` Ingo Molnar
2019-04-17 17:26 ` Ingo Molnar
2019-04-17 17:26 ` Ingo Molnar
2019-04-17 17:44 ` Nadav Amit
2019-04-17 17:44 ` Nadav Amit
2019-04-17 17:44 ` Nadav Amit
2019-04-17 17:44 ` Nadav Amit
2019-04-17 21:19 ` Thomas Gleixner
2019-04-17 21:19 ` Thomas Gleixner
2019-04-17 21:19 ` Thomas Gleixner
2019-04-17 21:19 ` Thomas Gleixner
2019-04-17 21:19 ` Thomas Gleixner
2019-04-17 23:18 ` Linus Torvalds
2019-04-17 23:18 ` Linus Torvalds
2019-04-17 23:18 ` Linus Torvalds
2019-04-17 23:42 ` Thomas Gleixner
2019-04-17 23:42 ` Thomas Gleixner
2019-04-17 23:42 ` Thomas Gleixner
2019-04-17 23:42 ` Thomas Gleixner
2019-04-17 23:42 ` Thomas Gleixner
2019-04-17 23:52 ` Linus Torvalds
2019-04-17 23:52 ` Linus Torvalds
2019-04-17 23:52 ` Linus Torvalds
2019-04-17 23:52 ` Linus Torvalds
2019-04-17 23:52 ` Linus Torvalds
2019-04-18 4:41 ` Andy Lutomirski
2019-04-18 4:41 ` Andy Lutomirski
2019-04-18 4:41 ` Andy Lutomirski
2019-04-18 4:41 ` Andy Lutomirski
2019-04-18 4:41 ` Andy Lutomirski
2019-04-18 5:41 ` Kees Cook
2019-04-18 5:41 ` Kees Cook
2019-04-18 5:41 ` Kees Cook via iommu
2019-04-18 5:41 ` Kees Cook
2019-04-18 5:41 ` Kees Cook
2019-04-18 14:34 ` Khalid Aziz
2019-04-18 14:34 ` Khalid Aziz
2019-04-18 14:34 ` Khalid Aziz
2019-04-18 14:34 ` Khalid Aziz
2019-04-22 19:30 ` Khalid Aziz
2019-04-22 19:30 ` Khalid Aziz
2019-04-22 19:30 ` Khalid Aziz
2019-04-22 19:30 ` Khalid Aziz
2019-04-22 22:23 ` Kees Cook
2019-04-22 22:23 ` Kees Cook
2019-04-22 22:23 ` Kees Cook via iommu
2019-04-22 22:23 ` Kees Cook via iommu
2019-04-22 22:23 ` Kees Cook
2019-04-18 6:14 ` Thomas Gleixner
2019-04-18 6:14 ` Thomas Gleixner
2019-04-18 6:14 ` Thomas Gleixner
2019-04-18 6:14 ` Thomas Gleixner
2019-04-18 6:14 ` Thomas Gleixner
2019-04-17 17:33 ` Khalid Aziz
2019-04-17 17:33 ` Khalid Aziz
2019-04-17 17:33 ` Khalid Aziz
2019-04-17 17:33 ` Khalid Aziz
2019-04-17 19:49 ` Andy Lutomirski
2019-04-17 19:49 ` Andy Lutomirski
2019-04-17 19:49 ` Andy Lutomirski
2019-04-17 19:49 ` Andy Lutomirski
2019-04-17 19:49 ` Andy Lutomirski
2019-04-17 19:52 ` Tycho Andersen
2019-04-17 19:52 ` Tycho Andersen
2019-04-17 19:52 ` Tycho Andersen
2019-04-17 19:52 ` Tycho Andersen
2019-04-17 20:12 ` Khalid Aziz
2019-04-17 20:12 ` Khalid Aziz
2019-04-17 20:12 ` Khalid Aziz
2019-04-17 20:12 ` Khalid Aziz
2019-05-01 14:49 ` Waiman Long
2019-05-01 14:49 ` Waiman Long
2019-05-01 14:49 ` Waiman Long
2019-05-01 14:49 ` Waiman Long
2019-05-01 15:18 ` Khalid Aziz
2019-05-01 15:18 ` Khalid Aziz
2019-05-01 15:18 ` Khalid Aziz
2019-05-01 15:18 ` Khalid Aziz
2019-04-03 17:34 ` [RFC PATCH v9 04/13] xpfo, x86: Add support for XPFO for x86-64 Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-04 7:52 ` Peter Zijlstra
2019-04-04 7:52 ` Peter Zijlstra
2019-04-04 15:40 ` Khalid Aziz
2019-04-04 15:40 ` Khalid Aziz
2019-04-03 17:34 ` [RFC PATCH v9 05/13] mm: add a user_virt_to_phys symbol Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-03 17:34 ` [RFC PATCH v9 06/13] lkdtm: Add test for XPFO Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-03 17:34 ` [RFC PATCH v9 07/13] arm64/mm: Add support " Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-03 17:34 ` [RFC PATCH v9 08/13] swiotlb: Map the buffer if it was unmapped by XPFO Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-03 17:34 ` [RFC PATCH v9 09/13] xpfo: add primitives for mapping underlying memory Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-03 17:34 ` [RFC PATCH v9 10/13] arm64/mm, xpfo: temporarily map dcache regions Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-03 17:34 ` [RFC PATCH v9 11/13] xpfo, mm: optimize spinlock usage in xpfo_kunmap Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-04 7:56 ` Peter Zijlstra
2019-04-04 7:56 ` Peter Zijlstra
2019-04-04 16:06 ` Khalid Aziz
2019-04-04 16:06 ` Khalid Aziz
2019-04-03 17:34 ` [RFC PATCH v9 12/13] xpfo, mm: Defer TLB flushes for non-current CPUs (x86 only) Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-04 4:10 ` Andy Lutomirski
2019-04-04 4:10 ` Andy Lutomirski
[not found] ` <CALCETrXMXxnWqN94d83UvGWhkD1BNWiwvH2vsUth1w0T3=0ywQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2019-04-04 22:55 ` Khalid Aziz
2019-04-05 7:17 ` Thomas Gleixner
2019-04-05 7:17 ` Thomas Gleixner
2019-04-05 14:44 ` Dave Hansen
2019-04-05 14:44 ` Dave Hansen
2019-04-05 15:24 ` Andy Lutomirski
2019-04-05 15:24 ` Andy Lutomirski
2019-04-05 15:24 ` Andy Lutomirski
2019-04-05 15:56 ` Tycho Andersen
2019-04-05 15:56 ` Tycho Andersen
2019-04-05 15:56 ` Tycho Andersen
2019-04-05 16:32 ` Andy Lutomirski
2019-04-05 16:32 ` Andy Lutomirski
2019-04-05 16:32 ` Andy Lutomirski
2019-04-05 15:56 ` Khalid Aziz
2019-04-05 15:56 ` Khalid Aziz
2019-04-05 15:56 ` Khalid Aziz
2019-04-05 16:01 ` Dave Hansen
2019-04-05 16:01 ` Dave Hansen
2019-04-05 16:01 ` Dave Hansen
2019-04-05 16:27 ` Andy Lutomirski
2019-04-05 16:27 ` Andy Lutomirski
2019-04-05 16:27 ` Andy Lutomirski
2019-04-05 16:41 ` Peter Zijlstra
2019-04-05 16:41 ` Peter Zijlstra
2019-04-05 16:41 ` Peter Zijlstra
2019-04-05 17:35 ` Khalid Aziz
2019-04-05 17:35 ` Khalid Aziz
2019-04-05 17:35 ` Khalid Aziz
2019-04-05 15:44 ` Khalid Aziz
2019-04-05 15:44 ` Khalid Aziz
2019-04-05 15:44 ` Khalid Aziz
2019-04-05 15:24 ` Andy Lutomirski
2019-04-05 15:24 ` Andy Lutomirski
2019-04-05 15:24 ` Andy Lutomirski
2019-04-04 8:18 ` Peter Zijlstra
2019-04-04 8:18 ` Peter Zijlstra
2019-04-03 17:34 ` [RFC PATCH v9 13/13] xpfo, mm: Optimize XPFO TLB flushes by batching them together Khalid Aziz
2019-04-03 17:34 ` Khalid Aziz
2019-04-04 16:44 ` [RFC PATCH v9 00/13] Add support for eXclusive Page Frame Ownership Nadav Amit
2019-04-04 16:44 ` Nadav Amit
2019-04-04 17:18 ` Khalid Aziz
2019-04-04 17:18 ` Khalid Aziz
2019-04-06 6:40 ` Jon Masters
2019-04-06 6:40 ` Jon Masters
2019-04-06 6:40 ` Jon Masters
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190417172632.GA95485@gmail.com \
--to=mingo@kernel.org \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=andrew.cooper3@citrix.com \
--cc=arjan@infradead.org \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=chris.hyser@oracle.com \
--cc=dave@sr71.net \
--cc=deepa.srinivasan@oracle.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jcm@redhat.com \
--cc=jsteckli@amazon.de \
--cc=juerg.haefliger@canonical.com \
--cc=juergh@gmail.com \
--cc=keescook@google.com \
--cc=khalid.aziz@oracle.com \
--cc=khalid@gonehiking.org \
--cc=konrad.wilk@oracle.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
--cc=nadav.amit@gmail.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=tycho@tycho.ws \
--cc=tyhicks@canonical.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.