Received: by 10.223.176.5 with SMTP id f5csp1569881wra;
        Sun, 4 Feb 2018 07:06:38 -0800 (PST)
X-Google-Smtp-Source: AH8x224MLZLGUrTeyZrJa1zKggJz8kV98pl7ScewwioMTb3ElLotlZkrUtlQtckXS7/VUohoNonf
X-Received: by 10.98.13.14 with SMTP id v14mr45581241pfi.184.1517756798192;
        Sun, 04 Feb 2018 07:06:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517756798; cv=none;
        d=google.com; s=arc-20160816;
        b=DVUzJ+LqbvVP9v73rBCnztIvy/dfgpDFPrArmHxSS9+ExPmsSfxop6RC4ilm2jHAqc
         ASe57MF64lLfBB0JlvnJ1metmXOwBGZAaqTJkTo2s1hiYClgA77UJDytYMlQg9r+77Kp
         4PuP0M2Zh4aQAXM3t5oR7zRQSmAEzXp9YcV0xZI0hpsJy8DeKUnrGTp/OX4rnfkHNYUl
         2+TSdYNnEFeJsIyXMr2zPqFMLE8ikNEpWM8OS2GMmOLPWh8vKtLMK2cfQxJxMGSEaJen
         WbRbA0GhpnTfz/t8gCIofDzlMlD+9FesNbDUlIk+0KBRci+lT58fGvI5ANRyQChg/DxA
         jL6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:arc-authentication-results;
        bh=GZMSyDE1UqqMvq4QkW6SHAT6ovg6gGCXhi+0zypPr6w=;
        b=U1+YOA+UL92lKhh0cB1clhi2P6QSD7rL5VNpY0MdMtE1nCsFcJf6fbVz7cexemciPn
         u2O8SNZgvtr7EyNriY2v1InrazLIqyp0kNGlLqC1qJLa5l4BHZ8tvt0A9oKplAOXjI6N
         tvXwq6SfarZJ4mv26JcWVPnmJyKKNNW/eqVbbziu/7vA5xFh6YyBBhobx+/YIclS0ASz
         0luk21eCmyVT6+S96NillBBD8vlf7tQC+iHSQ/Pu+4sm7Wx881xLkzD4uSFzZLU4vcxV
         Qvz8y/8mbNKH8btF+siYCf69gXNuojVeLzfOoa16c+ngPzSP3ak8UCZ+/xA1Xd3YJEzt
         iCYQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id ba12-v6si3371427plb.352.2018.02.04.07.06.21;
        Sun, 04 Feb 2018 07:06:38 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751872AbeBDPFo (ORCPT <rfc822;chrisloverchio@gmail.com>
        + 99 others); Sun, 4 Feb 2018 10:05:44 -0500
Received: from lhrrgout.huawei.com ([194.213.3.17]:24985 "EHLO huawei.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1750888AbeBDPFg (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 4 Feb 2018 10:05:36 -0500
Received: from LHREML714-CAH.china.huawei.com (unknown [172.18.7.106])
        by Forcepoint Email with ESMTP id 5BB1DD903B346;
        Sun,  4 Feb 2018 15:05:32 +0000 (GMT)
Received: from [10.122.225.51] (10.122.225.51) by smtpsuk.huawei.com
 (10.201.108.37) with Microsoft SMTP Server (TLS) id 14.3.361.1; Sun, 4 Feb
 2018 15:05:32 +0000
Subject: Re: [kernel-hardening] [PATCH 4/6] Protectable Memory
To:     Boris Lukashev <blukashev@sempervictus.com>
CC:     Christopher Lameter <cl@linux.com>,
        Matthew Wilcox <willy@infradead.org>,
        Jann Horn <jannh@google.com>,
        Jerome Glisse <jglisse@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        Michal Hocko <mhocko@kernel.org>,
        Laura Abbott <labbott@redhat.com>,
        Christoph Hellwig <hch@infradead.org>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        Linux-MM <linux-mm@kvack.org>,
        kernel list <linux-kernel@vger.kernel.org>,
        "Kernel Hardening" <kernel-hardening@lists.openwall.com>
References: <20180124175631.22925-1-igor.stoppa@huawei.com>
 <20180124175631.22925-5-igor.stoppa@huawei.com>
 <CAG48ez0JRU8Nmn7jLBVoy6SMMrcj46R0_R30Lcyouc4R9igi-g@mail.gmail.com>
 <20180126053542.GA30189@bombadil.infradead.org>
 <alpine.DEB.2.20.1802021236510.31548@nuc-kabylake>
 <f2ddaed0-313e-8664-8a26-9d10b66ed0c5@huawei.com>
 <b75b5903-0177-8ad9-5c2b-fc63438fb5f2@huawei.com>
 <CAFUG7CfrCpcbwgf5ixMC5EZZgiVVVp1NXhDHK1UoJJcC08R2qQ@mail.gmail.com>
 <8818bfd4-dd9f-f279-0432-69b59531bd41@huawei.com>
 <CAFUG7CeUhFcvA82uZ2ZH1j_6PM=aBo4XmYDN85pf8G0gPU44dg@mail.gmail.com>
From:   Igor Stoppa <igor.stoppa@huawei.com>
Message-ID: <17e5b515-84c8-dca2-1695-cdf819834ea2@huawei.com>
Date:   Sun, 4 Feb 2018 17:05:25 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CAFUG7CeUhFcvA82uZ2ZH1j_6PM=aBo4XmYDN85pf8G0gPU44dg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.122.225.51]
X-CFilter-Loop: Reflected
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 04/02/18 00:29, Boris Lukashev wrote:
> On Sat, Feb 3, 2018 at 3:32 PM, Igor Stoppa <igor.stoppa@huawei.com> wrote:

[...]

>> What you are suggesting, if I have understood it correctly, is that,
>> when the pool is protected, the addresses already given out, will become
>> traps that get resolved through a lookup table that is built based on
>> the content of each allocation.
>>
>> That seems to generate a lot of overhead, not to mention the fact that
>> it might not play very well with the MMU.
> 
> That is effectively what i'm suggesting - as a form of protection for
> consumers against direct reads of data which may have been corrupted
> by some irrelevant means. In the context of pmalloc, it would probably
> be a separate type of ro+verified pool
ok, that seems more like an extension though.

ATM I am having problems gaining traction to get even the basic merged :-)

I would consider this as a possibility for future work, unless it is
said that it's necessary for pmalloc to be accepted ...

--
igor