Received: by 10.223.185.116 with SMTP id b49csp1272205wrg; Wed, 14 Feb 2018 14:28:42 -0800 (PST) X-Google-Smtp-Source: AH8x225t9pv23+Nrj4NJtujm0VoSpIKhAHLYrTZdqZ/EwYAU7VyOwvSs1dno6FScyTznZEIYIOZd X-Received: by 2002:a17:902:8491:: with SMTP id c17-v6mr491561plo.105.1518647322853; Wed, 14 Feb 2018 14:28:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518647322; cv=none; d=google.com; s=arc-20160816; b=C5kko50Am7TTbo9Q9rg3veZxtHj1Kw+9RJbiGoiQA1+hS8AufErwnXH9FLhKbHc7RD MjaoZT/fHvSiPHRjMby6bk11phoqrdlgvzAT3Bt2e3Eit0Z32KmtzCRBZsU18C8r1aNN yw+Ipy/2QELgwWyO3+nP0R415+Q0T1caLyZZJPSWNdE2Ky7GUlMxKndrqVGxUuKWIyM5 KLtDi+tpkfb7PQZjCdXcvivfRy6l5uXSKLmof/n4Evml7xpKqprnyHdYTlpWeFrxwiBx 3JDMb9C3wpvsTRmX2DWz/xqmuv0wiUXWh7x+YMsgbtQDaNiGBE46B43vkFg3RBOGkId/ T4kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=7bBT0aZfqnZ89JzDqlI4Yvru5lcdAyFMJibsEYAktAo=; b=RRl2uecmPoPBMBZ6ehiERxhInG/eTBvAlojDRGKzWotJY2mPvO7bKrMdj9e0WbYXRz nHIYx22yCbd9Y1H4Ocz1NyByWCngNdNlWidaR3oZxKgf11rtVOFGR05ZWAIogvl6okk1 ntvP6HtC+KYHvBnfLd4OLKkUB2WN0znx2i+DIuX6zz34KbVhNscVlauk1QviEnxMnMoK SD5u9/w5F9MXi5q3AxZmsxoOsbrqfMRhOL7Lp73ZE2Kjw+f+VsJlAFFsVwnWloZHQWPW jaw9NYjeZPB3KgmSHBnDnLoD3AnQ5+BAqcRliaYfAir1xnKYfdOpsE3pAvMgTm7x5Yz8 nGGQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=SklH+isN; dkim=fail header.i=@chromium.org header.s=google header.b=nMrM+gcr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x20-v6si290926pll.388.2018.02.14.14.28.28; Wed, 14 Feb 2018 14:28:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=SklH+isN; dkim=fail header.i=@chromium.org header.s=google header.b=nMrM+gcr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1031853AbeBNW1v (ORCPT + 99 others); Wed, 14 Feb 2018 17:27:51 -0500 Received: from mail-vk0-f65.google.com ([209.85.213.65]:39627 "EHLO mail-vk0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1031527AbeBNW1s (ORCPT ); Wed, 14 Feb 2018 17:27:48 -0500 Received: by mail-vk0-f65.google.com with SMTP id a63so13854796vkg.6 for ; Wed, 14 Feb 2018 14:27:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=7bBT0aZfqnZ89JzDqlI4Yvru5lcdAyFMJibsEYAktAo=; b=SklH+isNne8x/tzlYhHlgaeGRU42drYMKtKlNf8NP/lApFcqwoRsLHQ3kbKHlJNmnM YizgbgLhL5IhyPswr33ZS4jmefzqzkw6Lnq+9Oj1DFMqiQweuigU0os/YGBddE47m/W+ CFpLbsiwZk8Aj4WhdqFFdYALJ9ZKEpUqKWtrqXSnjSGR0UqRBEgRuunsNAiHW96G5k88 3XSeWRUwQtYnI+LKWS+bm5D3L3zRzpePX9NNxuPM+RYj2Jf0MVNYVq6uhGMKek4Hc1ii c3mjx8vGjvwY3A+ghkNN5LBsCnwrnPIhbvt3+enrnms8OMh61eqUkYOImFukd972N8bu ey7Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=7bBT0aZfqnZ89JzDqlI4Yvru5lcdAyFMJibsEYAktAo=; b=nMrM+gcrZY5W/7qYhTeaPxNo5H2lXxGPpxjrYhgXVKlYizSeYiRSeHSZ/YtjpToIni Wu1Ur0eLGCcjL7w+BhUj/paJBD9KSBrC6KfUdVCeXLu3aY1O3zmskNyB5lgexb/AfxMI tR9fBD5r4jJdfiPzo8uck15X1PlXb/YtPyfko= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=7bBT0aZfqnZ89JzDqlI4Yvru5lcdAyFMJibsEYAktAo=; b=A/kPDaayL7AKSuKFGRfbOFMzEdWh9hl5+/fOWBpdMJw6zjIsJ4CMM4FjPG2ApjLe/o 8U0JrTSPivm2//kAIqiIcLVKaW8W1OXS7lDxhAaqtbGveLI6af8js6YYso2w4Au+Kl3T WInFOmZvcWQ49KP/x3mzgA2LmJ6VMuR1gc2cs0x2Al4FjAcsHDM3IUB3ZBBMAltII2wz DWUNk7JjohVuKzlyhdDrt2GkvtTImuVZLGFPar0IjxMHBs6hxVG91e8OKGWqwIm85LGD vlwusAU4gZydHoFzmbWAJ48SIbiB2iCzQc2GV6+Xwb6R2xhGGSI4raINtipaucVJXcHY qF8Q== X-Gm-Message-State: APf1xPCDFoLhnvU3lQBk/jrUaiHZa95Kn0DVIewfZBvwKEt8sMkzaQTF ue2B3nDg2AUSpo/46iRg0SBlkRJ71qID1h6r+yuN4g== X-Received: by 10.31.168.20 with SMTP id r20mr665773vke.149.1518647267857; Wed, 14 Feb 2018 14:27:47 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.56.87 with HTTP; Wed, 14 Feb 2018 14:27:47 -0800 (PST) In-Reply-To: <20180214221328.glbrdib3wumve53z@cisco> References: <17e5b515-84c8-dca2-1695-cdf819834ea2@huawei.com> <414027d3-dd73-cf11-dc2a-e8c124591646@redhat.com> <2f23544a-bd24-1e71-967b-e8d1cf5a20a3@redhat.com> <20180214221328.glbrdib3wumve53z@cisco> From: Kees Cook Date: Wed, 14 Feb 2018 14:27:47 -0800 X-Google-Sender-Auth: I0GRJYtRLQnEI4q9b8tJXhKA-Rg Message-ID: Subject: Re: arm64 physmap (was Re: [kernel-hardening] [PATCH 4/6] Protectable Memory) To: Tycho Andersen Cc: Laura Abbott , Jann Horn , Igor Stoppa , Boris Lukashev , Christopher Lameter , Matthew Wilcox , Jerome Glisse , Michal Hocko , Christoph Hellwig , linux-security-module , Linux-MM , kernel list , Kernel Hardening , linux-arm-kernel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 14, 2018 at 2:13 PM, Tycho Andersen wrote: > On Wed, Feb 14, 2018 at 11:48:38AM -0800, Kees Cook wrote: >> On Wed, Feb 14, 2018 at 11:06 AM, Laura Abbott wrote: >> > fixed. Modules yes are not fully protected. The conclusion from past >> > experience has been that we cannot safely break down larger page sizes >> > at runtime like x86 does. We could theoretically >> > add support for fixing up the alias if PAGE_POISONING is enabled but >> > I don't know who would actually use that in production. Performance >> > is very poor at that point. >> >> XPFO forces 4K pages on the physmap[1] for similar reasons. I have no >> doubt about performance changes, but I'd be curious to see real >> numbers. Did anyone do benchmarks on just the huge/4K change? (Without >> also the XPFO overhead?) >> >> If this, XPFO, and PAGE_POISONING all need it, I think we have to >> start a closer investigation. :) > > I haven't but it shouldn't be too hard. What benchmarks are you > thinking? Unless I'm looking at some specific micro benchmark, I tend to default to looking at kernel build benchmarks but that gets pretty noisy. Laura regularly uses hackbench, IIRC. I'm not finding the pastebin I had for that, though. I wonder if we need a benchmark subdirectory in tools/testing/, so we could collect some of these common tools? All benchmarks are terrible, but at least we'd have the same terrible benchmarks. :) -Kees -- Kees Cook Pixel Security