From: Khalid Aziz <khalid.aziz@oracle.com>
To: Anthony Yznaga <anthony.yznaga@oracle.com>
Cc: davem@davemloft.net, corbet@lwn.net, viro@zeniv.linux.org.uk,
nitin.m.gupta@oracle.com, mike.kravetz@oracle.com,
akpm@linux-foundation.org, mingo@kernel.org,
kirill.shutemov@linux.intel.com, adam.buchbinder@gmail.com,
hughd@google.com, minchan@kernel.org, chris.hyser@oracle.com,
atish.patra@oracle.com, cmetcalf@mellanox.com,
atomlin@redhat.com, jslaby@suse.cz, joe@perches.com,
paul.gortmaker@windriver.com, mhocko@suse.com,
lstoakes@gmail.com, jack@suse.cz, dave.hansen@linux.intel.com,
vbabka@suse.cz, dan.j.williams@intel.com, iamjoonsoo.kim@lge.com,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
sparclinux@vger.kernel.org, linux-mm@kvack.org,
Khalid Aziz <khalid@gonehiking.org>
Subject: Re: [PATCH v6 4/4] sparc64: Add support for ADI (Application Data Integrity)
Date: Mon, 6 Mar 2017 17:31:38 -0700 [thread overview]
Message-ID: <f57a7108-188b-7b77-1a47-52fac5f3aed7@oracle.com> (raw)
In-Reply-To: <AA645D3A-5FB0-4768-977F-D0725AE5CEC7@oracle.com>
On 03/06/2017 05:13 PM, Anthony Yznaga wrote:
>
>> On Feb 28, 2017, at 10:35 AM, Khalid Aziz <khalid.aziz@oracle.com> wrote:
>>
>> diff --git a/arch/sparc/kernel/etrap_64.S b/arch/sparc/kernel/etrap_64.S
>> index 1276ca2..7be33bf 100644
>> --- a/arch/sparc/kernel/etrap_64.S
>> +++ b/arch/sparc/kernel/etrap_64.S
>> @@ -132,7 +132,33 @@ etrap_save: save %g2, -STACK_BIAS, %sp
>> stx %g6, [%sp + PTREGS_OFF + PT_V9_G6]
>> stx %g7, [%sp + PTREGS_OFF + PT_V9_G7]
>> or %l7, %l0, %l7
>> - sethi %hi(TSTATE_TSO | TSTATE_PEF), %l0
>> +661: sethi %hi(TSTATE_TSO | TSTATE_PEF), %l0
>> + /*
>> + * If userspace is using ADI, it could potentially pass
>> + * a pointer with version tag embedded in it. To maintain
>> + * the ADI security, we must enable PSTATE.mcde. Userspace
>> + * would have already set TTE.mcd in an earlier call to
>> + * kernel and set the version tag for the address being
>> + * dereferenced. Setting PSTATE.mcde would ensure any
>> + * access to userspace data through a system call honors
>> + * ADI and does not allow a rogue app to bypass ADI by
>> + * using system calls. Setting PSTATE.mcde only affects
>> + * accesses to virtual addresses that have TTE.mcd set.
>> + * Set PMCDPER to ensure any exceptions caused by ADI
>> + * version tag mismatch are exposed before system call
>> + * returns to userspace. Setting PMCDPER affects only
>> + * writes to virtual addresses that have TTE.mcd set and
>> + * have a version tag set as well.
>> + */
>> + .section .sun_m7_1insn_patch, "ax"
>> + .word 661b
>> + sethi %hi(TSTATE_TSO | TSTATE_PEF | TSTATE_MCDE), %l0
>> + .previous
>> +661: nop
>> + .section .sun_m7_1insn_patch, "ax"
>> + .word 661b
>> + .word 0xaf902001 /* wrpr %g0, 1, %pmcdper */
>
> Since PMCDPER is never cleared, setting it here is quickly going to set it on all CPUs and then become an expensive "nop" that burns ~50 cycles each time through etrap. Consider setting it at boot time and when a CPU is DR'd into the system.
>
> Anthony
>
I considered that possibility. What made me uncomfortable with that is
there is no way to prevent a driver/module or future code elsewhere in
kernel from clearing PMCDPER with possibly good reason. If that were to
happen, setting PMCDPER here ensures kernel will always see consistent
behavior with system calls. It does come at a cost. Is that cost
unacceptable to ensure consistent behavior?
--
Khalid
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-03-07 0:31 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-28 18:35 [PATCH v6 0/4] Application Data Integrity feature introduced by SPARC M7 Khalid Aziz
2017-02-28 18:35 ` [PATCH v6 2/4] mm: Add functions to support extra actions on swap in/out Khalid Aziz
2017-03-01 9:24 ` Jerome Marchand
2017-03-24 18:45 ` Dave Hansen
2017-03-28 22:08 ` Khalid Aziz
2017-02-28 18:35 ` [PATCH v6 4/4] sparc64: Add support for ADI (Application Data Integrity) Khalid Aziz
2017-03-07 0:13 ` Anthony Yznaga
2017-03-07 0:31 ` Khalid Aziz [this message]
2017-03-07 1:25 ` Anthony Yznaga
2017-03-07 15:39 ` Khalid Aziz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f57a7108-188b-7b77-1a47-52fac5f3aed7@oracle.com \
--to=khalid.aziz@oracle.com \
--cc=adam.buchbinder@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=anthony.yznaga@oracle.com \
--cc=atish.patra@oracle.com \
--cc=atomlin@redhat.com \
--cc=chris.hyser@oracle.com \
--cc=cmetcalf@mellanox.com \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=hughd@google.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=jack@suse.cz \
--cc=joe@perches.com \
--cc=jslaby@suse.cz \
--cc=khalid@gonehiking.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lstoakes@gmail.com \
--cc=mhocko@suse.com \
--cc=mike.kravetz@oracle.com \
--cc=minchan@kernel.org \
--cc=mingo@kernel.org \
--cc=nitin.m.gupta@oracle.com \
--cc=paul.gortmaker@windriver.com \
--cc=sparclinux@vger.kernel.org \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).