Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5713409imu;
        Tue, 13 Nov 2018 10:32:55 -0800 (PST)
X-Google-Smtp-Source: AJdET5fLEuK/cT4HWEI7FLGPazzbrLp613LcK5CFGNyzXeTpOAc0ty5VOo8PhC8bKhYNDbfrYRTA
X-Received: by 2002:a17:902:7603:: with SMTP id k3-v6mr6110166pll.98.1542133975209;
        Tue, 13 Nov 2018 10:32:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542133975; cv=none;
        d=google.com; s=arc-20160816;
        b=DH6sdss8RvOl5tZ0hOW7Ngk8pp5bA4gmFHSQ7UIhHUHdIiqs1hxsEnswjgIa2KiMoa
         oFoFOFv7ZB9PmcsLGySrQuBc9RicHI6ZhR9H/auWF6VSbu6Q71oRB5l+GcWmnXJtPMpK
         jyItmhrp0EkOD8/5a5BCWQpb/zEaY6PMZhwA8Ysav5PN2vQ2k6NM2Y6+m8u3NSmn8YE+
         4Q+7/h4sC5j0kINpPAFaSUG65po/SFjrDNSz7gf5kCMk86U4VTIqphGCujtP8TJcuDaU
         Rmt6G+LOMLo+bKDGZ7V4SPUXesX0H0AOA6M6X7CpdZUQ1zvTC0CdvmmxSCaA3IMCqXDx
         JGww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject;
        bh=yKMB05gSLfdg9SKzcjcfAovklKCmT3NbosmbdVKE488=;
        b=xF41AG4B1cG61f5cPObBHrVoshoG841PuX5ZRdH353scQ4sne9mIKNoNSkHXdkOfwX
         E5/sRKRpO2WbEpE2FaBqx3ZnTZl9HjF2hCWnZr3iODyHzAVexMK9m8nkd3id88XD1kRc
         4B/N5s1JIHmOAsoTszjfkTLK4sB8G5RSxQBrkfOrDe5A32uEM5N7WzvuFBW2g4Od3eQz
         rjNMPFx9elOKMCQbFZieQkcn5aeBtX8n6YCU1b5DJpilAgqMq/7RxsqW/cI/9VLZWSpD
         phoXVdLCQW9q2opJg5qZnvKPfr1X0TdmJ0q5iHgM+ED5GcNV0S8Bw3rZJmGXibEGSqyh
         z0Aw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s38-v6si18178162pga.473.2018.11.13.10.32.23;
        Tue, 13 Nov 2018 10:32:55 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726932AbeKNEbQ (ORCPT <rfc822;chauncqc@gmail.com> + 99 others);
        Tue, 13 Nov 2018 23:31:16 -0500
Received: from lhrrgout.huawei.com ([185.176.76.210]:32759 "EHLO huawei.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726459AbeKNEbQ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 13 Nov 2018 23:31:16 -0500
Received: from LHREML713-CAH.china.huawei.com (unknown [172.18.7.106])
        by Forcepoint Email with ESMTP id 5241EDB0BEC85;
        Tue, 13 Nov 2018 18:31:54 +0000 (GMT)
Received: from [10.202.210.149] (10.202.210.149) by smtpsuk.huawei.com
 (10.201.108.36) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 13 Nov
 2018 18:31:54 +0000
Subject: Re: [PATCH 10/17] prmem: documentation
To:     Andy Lutomirski <luto@amacapital.net>,
        Nadav Amit <nadav.amit@gmail.com>
CC:     Igor Stoppa <igor.stoppa@gmail.com>,
        Kees Cook <keescook@chromium.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        Matthew Wilcox <willy@infradead.org>,
        Dave Chinner <david@fromorbit.com>,
        James Morris <jmorris@namei.org>,
        Michal Hocko <mhocko@kernel.org>,
        "Kernel Hardening" <kernel-hardening@lists.openwall.com>,
        linux-integrity <linux-integrity@vger.kernel.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Laura Abbott <labbott@redhat.com>,
        Randy Dunlap <rdunlap@infradead.org>,
        Mike Rapoport <rppt@linux.vnet.ibm.com>,
        "open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        "Thomas Gleixner" <tglx@linutronix.de>
References: <20181023213504.28905-1-igor.stoppa@huawei.com>
 <20181023213504.28905-11-igor.stoppa@huawei.com>
 <20181026092609.GB3159@worktop.c.hoisthospitality.com>
 <CAGXu5jKCs01jvtvpEFS7R8qCR-5iRqK11kJxLJY99NicGWc4aQ@mail.gmail.com>
 <20181028183126.GB744@hirez.programming.kicks-ass.net>
 <40cd77ce-f234-3213-f3cb-0c3137c5e201@gmail.com>
 <20181030152641.GE8177@hirez.programming.kicks-ass.net>
 <CAGXu5jJftJ+Hq+jrZGHX5CTDLWOog7kGsd_Ne=yMvrRs__skSg@mail.gmail.com>
 <0A7AFB50-9ADE-4E12-B541-EC7839223B65@amacapital.net>
 <6f60afc9-0fed-7f95-a11a-9a2eef33094c@gmail.com>
 <CALCETrXNckT9W288VXx-6inO5qYn-6dUPocKGcBT0GCO3xi3ZQ@mail.gmail.com>
 <386C0CB1-C4B1-43E2-A754-DA8DBE4FB3CB@gmail.com>
 <CALCETrWWcfLK4W3mn0bavzejmMBVKMX29aAUA3+VPQ8m9vmfhw@mail.gmail.com>
From:   Igor Stoppa <igor.stoppa@huawei.com>
Message-ID: <9373ccf0-f51b-4bfa-2b16-e03ebf3c670d@huawei.com>
Date:   Tue, 13 Nov 2018 20:31:52 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CALCETrWWcfLK4W3mn0bavzejmMBVKMX29aAUA3+VPQ8m9vmfhw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.202.210.149]
X-CFilter-Loop: Reflected
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 13/11/2018 19:47, Andy Lutomirski wrote:

> For general rare-writish stuff, I don't think we want IRQs running
> with them mapped anywhere for write.  For AVC and IMA, I'm less sure.

Why would these be less sensitive?

But I see a big difference between my initial implementation and this one.

In my case, by using a shared mapping, visible to all cores, freezing
the core that is performing the write would have exposed the writable
mapping to a potential attack run from another core.

If the mapping is private to the core performing the write, even if it
is frozen, it's much harder to figure out what it had mapped and where,
from another core.

To access that mapping, the attack should be performed from the ISR, I
think.

--
igor