Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5713409imu; Tue, 13 Nov 2018 10:32:55 -0800 (PST) X-Google-Smtp-Source: AJdET5fLEuK/cT4HWEI7FLGPazzbrLp613LcK5CFGNyzXeTpOAc0ty5VOo8PhC8bKhYNDbfrYRTA X-Received: by 2002:a17:902:7603:: with SMTP id k3-v6mr6110166pll.98.1542133975209; Tue, 13 Nov 2018 10:32:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542133975; cv=none; d=google.com; s=arc-20160816; b=DH6sdss8RvOl5tZ0hOW7Ngk8pp5bA4gmFHSQ7UIhHUHdIiqs1hxsEnswjgIa2KiMoa oFoFOFv7ZB9PmcsLGySrQuBc9RicHI6ZhR9H/auWF6VSbu6Q71oRB5l+GcWmnXJtPMpK jyItmhrp0EkOD8/5a5BCWQpb/zEaY6PMZhwA8Ysav5PN2vQ2k6NM2Y6+m8u3NSmn8YE+ 4Q+7/h4sC5j0kINpPAFaSUG65po/SFjrDNSz7gf5kCMk86U4VTIqphGCujtP8TJcuDaU Rmt6G+LOMLo+bKDGZ7V4SPUXesX0H0AOA6M6X7CpdZUQ1zvTC0CdvmmxSCaA3IMCqXDx JGww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=yKMB05gSLfdg9SKzcjcfAovklKCmT3NbosmbdVKE488=; b=xF41AG4B1cG61f5cPObBHrVoshoG841PuX5ZRdH353scQ4sne9mIKNoNSkHXdkOfwX E5/sRKRpO2WbEpE2FaBqx3ZnTZl9HjF2hCWnZr3iODyHzAVexMK9m8nkd3id88XD1kRc 4B/N5s1JIHmOAsoTszjfkTLK4sB8G5RSxQBrkfOrDe5A32uEM5N7WzvuFBW2g4Od3eQz rjNMPFx9elOKMCQbFZieQkcn5aeBtX8n6YCU1b5DJpilAgqMq/7RxsqW/cI/9VLZWSpD phoXVdLCQW9q2opJg5qZnvKPfr1X0TdmJ0q5iHgM+ED5GcNV0S8Bw3rZJmGXibEGSqyh z0Aw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s38-v6si18178162pga.473.2018.11.13.10.32.23; Tue, 13 Nov 2018 10:32:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726932AbeKNEbQ (ORCPT + 99 others); Tue, 13 Nov 2018 23:31:16 -0500 Received: from lhrrgout.huawei.com ([185.176.76.210]:32759 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726459AbeKNEbQ (ORCPT ); Tue, 13 Nov 2018 23:31:16 -0500 Received: from LHREML713-CAH.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 5241EDB0BEC85; Tue, 13 Nov 2018 18:31:54 +0000 (GMT) Received: from [10.202.210.149] (10.202.210.149) by smtpsuk.huawei.com (10.201.108.36) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 13 Nov 2018 18:31:54 +0000 Subject: Re: [PATCH 10/17] prmem: documentation To: Andy Lutomirski , Nadav Amit CC: Igor Stoppa , Kees Cook , Peter Zijlstra , Mimi Zohar , Matthew Wilcox , Dave Chinner , James Morris , Michal Hocko , "Kernel Hardening" , linux-integrity , LSM List , Dave Hansen , Jonathan Corbet , Laura Abbott , Randy Dunlap , Mike Rapoport , "open list:DOCUMENTATION" , LKML , "Thomas Gleixner" References: <20181023213504.28905-1-igor.stoppa@huawei.com> <20181023213504.28905-11-igor.stoppa@huawei.com> <20181026092609.GB3159@worktop.c.hoisthospitality.com> <20181028183126.GB744@hirez.programming.kicks-ass.net> <40cd77ce-f234-3213-f3cb-0c3137c5e201@gmail.com> <20181030152641.GE8177@hirez.programming.kicks-ass.net> <0A7AFB50-9ADE-4E12-B541-EC7839223B65@amacapital.net> <6f60afc9-0fed-7f95-a11a-9a2eef33094c@gmail.com> <386C0CB1-C4B1-43E2-A754-DA8DBE4FB3CB@gmail.com> From: Igor Stoppa Message-ID: <9373ccf0-f51b-4bfa-2b16-e03ebf3c670d@huawei.com> Date: Tue, 13 Nov 2018 20:31:52 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.202.210.149] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 13/11/2018 19:47, Andy Lutomirski wrote: > For general rare-writish stuff, I don't think we want IRQs running > with them mapped anywhere for write. For AVC and IMA, I'm less sure. Why would these be less sensitive? But I see a big difference between my initial implementation and this one. In my case, by using a shared mapping, visible to all cores, freezing the core that is performing the write would have exposed the writable mapping to a potential attack run from another core. If the mapping is private to the core performing the write, even if it is frozen, it's much harder to figure out what it had mapped and where, from another core. To access that mapping, the attack should be performed from the ISR, I think. -- igor