Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <1452733478.26227.10.camel@codethink.co.uk>
Date: Thu, 14 Jan 2016 01:04:38 +0000
From: Ben Hutchings <ben.hutchings@...ethink.co.uk>
To: Catalin Marinas <catalin.marinas@....com>
Cc: Kees Cook <keescook@...omium.org>, David Brown <david.brown@...aro.org>,
  Russell King - ARM Linux <linux@....linux.org.uk>,
 kernel-hardening@...ts.openwall.com
Subject: Re: Self Introduction

On Wed, 2016-01-13 at 11:31 +0000, Catalin Marinas wrote:
> + rmk (actually cc'ing him this time)
> 
> On Tue, Jan 12, 2016 at 11:31:50AM -0800, Kees Cook wrote:
> > On Mon, Jan 11, 2016 at 10:33 AM, David Brown <david.brown@...aro.org> wrote:
> > > On Thu, Dec 10, 2015 at 03:52:16PM -0800, Kees Cook wrote:
> > >
> > >>> I haven't done any further improvements to them, nor have I received any
> > >>> feedback. I'll rebase them against latest kernel if anyone else is
> > >>> willing to test. I had a plan to run some benchmarks and see how
> > >>> performance is affected (including the CPU_SW_DOMAIN_PAN) before pushing
> > >>> again for upstreaming but I haven't had the time.
> > >>
> > >>
> > >> David, getting back to something that might good to get your help
> > >> with: would you be able to test Catalin's LPAE TTBR0 PAN series on
> > >> real hardware? (Are you familiar with the LKDTM tests for this[1]?)
> > >
> > >
> > > Sorry for the delay in getting back to you.  Been both moving and
> > > taking vacation.
> > >
> > > I'd like to test this.  I'm just trying to see if I can track down
> > > some hardware that'll boot LPAE.
> > 
> > Awesome! Thanks for the update.
> > 
> > Catalin, did you end up figuring out if your TTBR0 stuff was correct?
> > You'd mentioned you needed to check something about the
> > implementation?
> 
> Unfortunately, I checked with the ARM architecture folk. While the trick
> is probably fine on existing hardware, the architecture allows caching
> of the TTBCR bits (or their effect) in the TLB. Therefore changing the
> TTBCR.EPD0 (or A1) to disable TTBR0 page table walks is not guaranteed
> to have an effect until the TLBs are invalidated. CPU implementations
> are allowed to rely on this, so we can't safely use it in Linux.
[...]

Could you whitelist the cores where this is known to work as intended?
Or is it not practical to enable/disable this PAN implementation at boot
time?

Ben.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.