On 03/08/2016 01:27 PM, David Miller wrote:
From: Khalid Aziz
Date: Tue, 8 Mar 2016 13:16:11 -0700
On 03/08/2016 12:57 PM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 14:06:43 -0700
Good questions. Isn't set of valid VAs already constrained by VA_BITS
(set to 44 in arch/spa
From: Khalid Aziz
Date: Tue, 8 Mar 2016 13:16:11 -0700
> On 03/08/2016 12:57 PM, David Miller wrote:
>> From: Khalid Aziz
>> Date: Mon, 7 Mar 2016 14:06:43 -0700
>>
>>> Good questions. Isn't set of valid VAs already constrained by VA_BITS
>>> (set to 44 in arch/sparc/include/asm/processor_64.h)?
On 03/08/2016 12:57 PM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 14:06:43 -0700
Good questions. Isn't set of valid VAs already constrained by VA_BITS
(set to 44 in arch/sparc/include/asm/processor_64.h)? As I see it we
are already not using the top 4 bits. Please correct me
From: Khalid Aziz
Date: Mon, 7 Mar 2016 14:06:43 -0700
> Good questions. Isn't set of valid VAs already constrained by VA_BITS
> (set to 44 in arch/sparc/include/asm/processor_64.h)? As I see it we
> are already not using the top 4 bits. Please correct me if I am wrong.
Another limiting constrai
On 03/08/2016 10:48 AM, James Morris wrote:
On 03/08/2016 06:54 AM, Andy Lutomirski wrote:
This makes sense, but I still think the design is poor. If the hacker
gets code execution, then they can trivially brute force the ADI bits.
ADI in this scenario is intended to prevent the attacker fr
From: Khalid Aziz
Date: Mon, 7 Mar 2016 17:21:05 -0700
> Can we enable ADI support for swappable pages in a subsequent update
> after the core functionality is stable on mlock'd pages?
I already said no.
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a mes
From: Rob Gardner
Date: Mon, 7 Mar 2016 15:13:31 -0800
> You can easily read ADI tags with a simple ldxa #ASI_MCD_PRIMARY
> instruction.
Awesome!
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at
On 03/07/2016 10:39 AM, Khalid Aziz wrote:
On 03/07/2016 11:12 AM, Dave Hansen wrote:
On 03/07/2016 09:53 AM, Andy Lutomirski wrote:
Also, what am I missing? Tying these tags to the physical page seems
like a poor design to me. This seems really awkward to use.
Yeah, can you describe the st
On 03/07/2016 12:16 PM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 11:24:54 -0700
Tags can be cleared by user by setting tag to 0. Tags are
automatically cleared by the hardware when the mapping for a virtual
address is removed from TSB (which is why swappable pages are a
prob
On 03/08/2016 06:54 AM, Andy Lutomirski wrote:
This makes sense, but I still think the design is poor. If the hacker
gets code execution, then they can trivially brute force the ADI bits.
ADI in this scenario is intended to prevent the attacker from gaining
code execution in the first place
On 03/08/2016 07:58 AM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 13:41:39 -0700
Shared data may not always be backed by a file. My understanding is
one of the use cases is for in-memory databases. This shared space
could also be used to hand off transactions in flight to oth
On 03/07/2016 10:24 AM, Khalid Aziz wrote:
Tags can be cleared by user by setting tag to 0. Tags are
automatically cleared by the hardware when the mapping for a virtual
address is removed from TSB (which is why swappable pages are a
problem), so kernel does not have to do it as part of clean
On 03/07/2016 04:12 PM, Rob Gardner wrote:
On 03/07/2016 01:33 PM, Khalid Aziz wrote:
That is a possibility but limited in scope. An address range covered
by a single TTE can have large number of tags. Version tags are set on
cacheline. In extreme case, one could set a tag for each set of
64-by
On 03/07/2016 01:38 PM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 14:33:56 -0700
On 03/07/2016 12:16 PM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 11:24:54 -0700
Tags can be cleared by user by setting tag to 0. Tags are
automatically cleared by the hardw
On 03/07/2016 01:33 PM, Khalid Aziz wrote:
That is a possibility but limited in scope. An address range covered
by a single TTE can have large number of tags. Version tags are set on
cacheline. In extreme case, one could set a tag for each set of
64-bytes in a page. Also tags are set complete
On 03/07/2016 11:46 AM, Khalid Aziz wrote:
> On 03/07/2016 12:22 PM, David Miller wrote:
>> Khalid, maybe you should share notes with the folks working on x86
>> protection keys.
>
> Good idea. Sparc ADI feature is indeed similar to x86 protection keys
> sounds like.
There are definitely some sim
On 03/07/2016 02:34 PM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 14:27:09 -0700
I agree with your point of view. PSTATE.mcde and TTE.mcd are set in
response to request from userspace. If userspace asked for them to be
set, they already know but it was the database guys that
From: Khalid Aziz
Date: Mon, 7 Mar 2016 14:33:56 -0700
> On 03/07/2016 12:16 PM, David Miller wrote:
>> From: Khalid Aziz
>> Date: Mon, 7 Mar 2016 11:24:54 -0700
>>
>>> Tags can be cleared by user by setting tag to 0. Tags are
>>> automatically cleared by the hardware when the mapping for a virt
From: Khalid Aziz
Date: Mon, 7 Mar 2016 14:27:09 -0700
> I agree with your point of view. PSTATE.mcde and TTE.mcd are set in
> response to request from userspace. If userspace asked for them to be
> set, they already know but it was the database guys that asked for
> these two functions and they
On 03/07/2016 12:16 PM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 11:24:54 -0700
Tags can be cleared by user by setting tag to 0. Tags are
automatically cleared by the hardware when the mapping for a virtual
address is removed from TSB (which is why swappable pages are a
prob
On 03/07/2016 12:09 PM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 11:04:38 -0700
On 03/07/2016 09:56 AM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 08:07:53 -0700
PR_GET_SPARC_ADICAPS
Put this into a new ELF auxiliary vector entry via ARCH_DLINFO.
So n
On 03/07/2016 01:58 PM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 13:41:39 -0700
Shared data may not always be backed by a file. My understanding is
one of the use cases is for in-memory databases. This shared space
could also be used to hand off transactions in flight to oth
On 03/07/2016 10:46 AM, Dave Hansen wrote:
On 03/07/2016 08:06 AM, Khalid Aziz wrote:
Top 4-bits of sparc64 virtual address are used for version tag only when
a process has its PSTATE.mcde bit set and it is accessing a memory
region that has ADI enabled on it (TTE.mcd set) and a version tag was
On Mon, Mar 7, 2016 at 12:58 PM, David Miller wrote:
> From: Khalid Aziz
> Date: Mon, 7 Mar 2016 13:41:39 -0700
>
>> Shared data may not always be backed by a file. My understanding is
>> one of the use cases is for in-memory databases. This shared space
>> could also be used to hand off transact
From: Khalid Aziz
Date: Mon, 7 Mar 2016 13:41:39 -0700
> Shared data may not always be backed by a file. My understanding is
> one of the use cases is for in-memory databases. This shared space
> could also be used to hand off transactions in flight to other
> processes. These transactions in fli
On 03/07/2016 12:54 PM, Andy Lutomirski wrote:
On Mon, Mar 7, 2016 at 11:44 AM, Khalid Aziz wrote:
Consider this scenario:
1. Process A creates a shm and attaches to it.
2. Process A fills shm with data it wants to share with only known
processes. It enables ADI and sets tags on the shm.
3. H
On Mon, Mar 7, 2016 at 11:44 AM, Khalid Aziz wrote:
> On 03/07/2016 11:49 AM, Andy Lutomirski wrote:
>>
>> On Mon, Mar 7, 2016 at 10:22 AM, Khalid Aziz
>> wrote:
>>>
>>> No, it changes the tag associated with the virtual address for the
>>> caller.
>>> Physical page backing this virtual address i
On 03/07/2016 11:49 AM, Andy Lutomirski wrote:
On Mon, Mar 7, 2016 at 10:22 AM, Khalid Aziz wrote:
No, it changes the tag associated with the virtual address for the caller.
Physical page backing this virtual address is unaffected. Tag checking is
done for virtual addresses. The one restriction
On 03/07/2016 12:22 PM, David Miller wrote:
Khalid, maybe you should share notes with the folks working on x86
protection keys.
Good idea. Sparc ADI feature is indeed similar to x86 protection keys
sounds like.
Thanks,
Khalid
--
To unsubscribe from this list: send the line "unsubscribe linu
From: Andy Lutomirski
Date: Mon, 7 Mar 2016 10:53:23 -0800
> x86 has an upcoming feature called protection keys. A page of virtual
> memory has a protection key, which is a number from 0 through 16. The
> master copy is in the PTE, i.e. page table entry, which is a
> software-managed data struc
From: Andy Lutomirski
Date: Mon, 7 Mar 2016 10:49:57 -0800
> What data structure or structures changes when this stxa instruction happens?
An internal table, maintained by the CPU and/or hypervisor, and if in physical
addresses then in a region which is only accessible by the hypervisor.
The ta
From: Khalid Aziz
Date: Mon, 7 Mar 2016 11:24:54 -0700
> Tags can be cleared by user by setting tag to 0. Tags are
> automatically cleared by the hardware when the mapping for a virtual
> address is removed from TSB (which is why swappable pages are a
> problem), so kernel does not have to do it
From: Khalid Aziz
Date: Mon, 7 Mar 2016 11:04:38 -0700
> On 03/07/2016 09:56 AM, David Miller wrote:
>> From: Khalid Aziz
>> Date: Mon, 7 Mar 2016 08:07:53 -0700
>>
>>> PR_GET_SPARC_ADICAPS
>>
>> Put this into a new ELF auxiliary vector entry via ARCH_DLINFO.
>>
>> So now all that's left is supp
From: Dave Hansen
Date: Mon, 7 Mar 2016 09:35:57 -0800
> On 03/02/2016 12:39 PM, Khalid Aziz wrote:
>> +long enable_sparc_adi(unsigned long addr, unsigned long len)
>> +{
>> +unsigned long end, pagemask;
>> +int error;
>> +struct vm_area_struct *vma, *vma2;
>> +struct mm_struct *m
On Mon, Mar 7, 2016 at 10:39 AM, Khalid Aziz wrote:
> On 03/07/2016 11:12 AM, Dave Hansen wrote:
>>
>> On 03/07/2016 09:53 AM, Andy Lutomirski wrote:
>>>
>>> Also, what am I missing? Tying these tags to the physical page seems
>>> like a poor design to me. This seems really awkward to use.
>>
>>
On Mon, Mar 7, 2016 at 10:22 AM, Khalid Aziz wrote:
> On 03/07/2016 11:08 AM, Andy Lutomirski wrote:
>>
>> On Mon, Mar 7, 2016 at 10:04 AM, Khalid Aziz
>> wrote:
>>>
>>> On 03/07/2016 09:56 AM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 08:07:53 -0700
>>
On 03/07/2016 11:12 AM, Dave Hansen wrote:
On 03/07/2016 09:53 AM, Andy Lutomirski wrote:
Also, what am I missing? Tying these tags to the physical page seems
like a poor design to me. This seems really awkward to use.
Yeah, can you describe the structures that store these things? Surely
th
On 03/07/2016 11:09 AM, Rob Gardner wrote:
On 03/07/2016 10:04 AM, Khalid Aziz wrote:
On 03/07/2016 09:56 AM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 08:07:53 -0700
PR_GET_SPARC_ADICAPS
Put this into a new ELF auxiliary vector entry via ARCH_DLINFO.
So now all that's l
On 03/07/2016 11:08 AM, Andy Lutomirski wrote:
On Mon, Mar 7, 2016 at 10:04 AM, Khalid Aziz wrote:
On 03/07/2016 09:56 AM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 08:07:53 -0700
PR_GET_SPARC_ADICAPS
Put this into a new ELF auxiliary vector entry via ARCH_DLINFO.
So
On 03/07/2016 10:35 AM, Dave Hansen wrote:
On 03/02/2016 12:39 PM, Khalid Aziz wrote:
+long enable_sparc_adi(unsigned long addr, unsigned long len)
+{
+ unsigned long end, pagemask;
+ int error;
+ struct vm_area_struct *vma, *vma2;
+ struct mm_struct *mm;
+
+ if (!A
On 03/07/2016 10:04 AM, Khalid Aziz wrote:
On 03/07/2016 09:56 AM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 08:07:53 -0700
PR_GET_SPARC_ADICAPS
Put this into a new ELF auxiliary vector entry via ARCH_DLINFO.
So now all that's left is supposedly the TAG stuff, please expl
On 03/07/2016 09:53 AM, Andy Lutomirski wrote:
> Also, what am I missing? Tying these tags to the physical page seems
> like a poor design to me. This seems really awkward to use.
Yeah, can you describe the structures that store these things? Surely
the hardware has some kind of lookup tables f
On Mon, Mar 7, 2016 at 10:04 AM, Khalid Aziz wrote:
> On 03/07/2016 09:56 AM, David Miller wrote:
>>
>> From: Khalid Aziz
>> Date: Mon, 7 Mar 2016 08:07:53 -0700
>>
>>> PR_GET_SPARC_ADICAPS
>>
>>
>> Put this into a new ELF auxiliary vector entry via ARCH_DLINFO.
>>
>> So now all that's left is su
On 03/07/2016 09:56 AM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 08:07:53 -0700
PR_GET_SPARC_ADICAPS
Put this into a new ELF auxiliary vector entry via ARCH_DLINFO.
So now all that's left is supposedly the TAG stuff, please explain
that to me so I can direct you to the co
On Mon, Mar 7, 2016 at 9:46 AM, Dave Hansen wrote:
> On 03/07/2016 08:06 AM, Khalid Aziz wrote:
>> Top 4-bits of sparc64 virtual address are used for version tag only when
>> a process has its PSTATE.mcde bit set and it is accessing a memory
>> region that has ADI enabled on it (TTE.mcd set) and a
On 03/07/2016 09:45 AM, David Miller wrote:
From: Khalid Aziz
Date: Mon, 7 Mar 2016 08:07:53 -0700
I can remove CONFIG_SPARC_ADI. It does mean this code will be built
into 32-bit kernels as well but it will be inactive code.
The code should be built only into obj-$(CONFIG_SPARC64) just like
On 03/07/2016 08:06 AM, Khalid Aziz wrote:
> Top 4-bits of sparc64 virtual address are used for version tag only when
> a process has its PSTATE.mcde bit set and it is accessing a memory
> region that has ADI enabled on it (TTE.mcd set) and a version tag was
> set on the virtual address being acces
On 03/02/2016 12:39 PM, Khalid Aziz wrote:
> +long enable_sparc_adi(unsigned long addr, unsigned long len)
> +{
> + unsigned long end, pagemask;
> + int error;
> + struct vm_area_struct *vma, *vma2;
> + struct mm_struct *mm;
> +
> + if (!ADI_CAPABLE())
> + return -EI
On 03/02/2016 12:39 PM, Khalid Aziz wrote:
> --- a/include/uapi/asm-generic/siginfo.h
> +++ b/include/uapi/asm-generic/siginfo.h
> @@ -206,7 +206,10 @@ typedef struct siginfo {
> #define SEGV_MAPERR (__SI_FAULT|1) /* address not mapped to object */
> #define SEGV_ACCERR (__SI_FAULT|2) /* inva
From: Khalid Aziz
Date: Mon, 7 Mar 2016 08:07:53 -0700
> PR_GET_SPARC_ADICAPS
Put this into a new ELF auxiliary vector entry via ARCH_DLINFO.
So now all that's left is supposedly the TAG stuff, please explain
that to me so I can direct you to the correct existing interface to
provide that as we
From: Khalid Aziz
Date: Mon, 7 Mar 2016 08:07:53 -0700
> I can remove CONFIG_SPARC_ADI. It does mean this code will be built
> into 32-bit kernels as well but it will be inactive code.
The code should be built only into obj-$(CONFIG_SPARC64) just like the
rest of the 64-bit specific code. I don
On 03/07/2016 08:43 AM, Andy Lutomirski wrote:
On Mon, Mar 7, 2016 at 7:30 AM, Rob Gardner wrote:
On 03/07/2016 07:07 AM, Khalid Aziz wrote:
On 03/05/2016 09:07 PM, David Miller wrote:
From: Khalid Aziz
Date: Wed, 2 Mar 2016 13:39:37 -0700
In this
first implementation I am ena
On 03/07/2016 08:30 AM, Rob Gardner wrote:
On 03/07/2016 07:07 AM, Khalid Aziz wrote:
On 03/05/2016 09:07 PM, David Miller wrote:
From: Khalid Aziz
Date: Wed, 2 Mar 2016 13:39:37 -0700
In this
first implementation I am enabling ADI for hugepages only
since these pages are locked
On Mon, Mar 7, 2016 at 7:30 AM, Rob Gardner wrote:
> On 03/07/2016 07:07 AM, Khalid Aziz wrote:
>>
>> On 03/05/2016 09:07 PM, David Miller wrote:
>>>
>>> From: Khalid Aziz
>>> Date: Wed, 2 Mar 2016 13:39:37 -0700
>>>
In this
first implementation I am enabling ADI for hugepages
On 03/07/2016 07:07 AM, Khalid Aziz wrote:
On 03/05/2016 09:07 PM, David Miller wrote:
From: Khalid Aziz
Date: Wed, 2 Mar 2016 13:39:37 -0700
In this
first implementation I am enabling ADI for hugepages only
since these pages are locked in memory and hence avoid the
issue of
On 03/05/2016 09:07 PM, David Miller wrote:
From: Khalid Aziz
Date: Wed, 2 Mar 2016 13:39:37 -0700
In this
first implementation I am enabling ADI for hugepages only
since these pages are locked in memory and hence avoid the
issue of saving and restoring tags.
From: Khalid Aziz
Date: Wed, 2 Mar 2016 13:39:37 -0700
> In this
> first implementation I am enabling ADI for hugepages only
> since these pages are locked in memory and hence avoid the
> issue of saving and restoring tags.
This makes the feature almost entire useless.
On 03/02/2016 05:48 PM, Julian Calaby wrote:
Hi Khalid,
On Thu, Mar 3, 2016 at 11:25 AM, Khalid Aziz wrote:
Thanks, Julian! I really appreciate your feedback.
No problem!
My comments below.
On 03/02/2016 04:08 PM, Julian Calaby wrote:
Hi Khalid,
On Thu, Mar 3, 2016 at 7:39 AM, Khalid A
Hi Khalid,
On Thu, Mar 3, 2016 at 11:25 AM, Khalid Aziz wrote:
> Thanks, Julian! I really appreciate your feedback.
No problem!
> My comments below.
>
> On 03/02/2016 04:08 PM, Julian Calaby wrote:
>>
>> Hi Khalid,
>>
>> On Thu, Mar 3, 2016 at 7:39 AM, Khalid Aziz
>> wrote:
>>>
>>>
>>> Enable
Thanks, Julian! I really appreciate your feedback.
My comments below.
On 03/02/2016 04:08 PM, Julian Calaby wrote:
Hi Khalid,
On Thu, Mar 3, 2016 at 7:39 AM, Khalid Aziz wrote:
Enable Application Data Integrity (ADI) support in the sparc
kernel for applications to use ADI in userspace. ADI
Hi Khalid,
On Thu, Mar 3, 2016 at 7:39 AM, Khalid Aziz wrote:
>
> Enable Application Data Integrity (ADI) support in the sparc
> kernel for applications to use ADI in userspace. ADI is a new
> feature supported on sparc M7 and newer processors. ADI is supported
> for data fetches only and not ins
Enable Application Data Integrity (ADI) support in the sparc
kernel for applications to use ADI in userspace. ADI is a new
feature supported on sparc M7 and newer processors. ADI is supported
for data fetches only and not instruction fetches. This patch adds
prctl commands to enable and disable AD
62 matches
Mail list logo
