Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp3235604imj; Mon, 11 Feb 2019 16:47:32 -0800 (PST) X-Google-Smtp-Source: AHgI3Ib/YI4HKb0sH/8au+JqMeTNfEYZ7Zoe/sqiUBnFe9PQTZyCYPrA8b03LyDzpk3dsgVoccb4 X-Received: by 2002:a17:902:8a:: with SMTP id a10mr1185936pla.158.1549932452549; Mon, 11 Feb 2019 16:47:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549932452; cv=none; d=google.com; s=arc-20160816; b=rJVVjKX5JExl3yWzKt24biynp6UsfQm6BYg2tMZA6izdWz47qHev1jNX8cmMrbtaSw PydLuQoVaKEcjPLukxVkPNNVroXyw9oY55LTUHmcn1ct9oxmiAhgK1Sb+gxmPgSE48rq GDYD9Tf1vyzuEntoPJdbTLBOXeg4qK3ZmlNPfmu/stVXmu0QTGwHi0o/Bw8y2rtK3t82 5yTdckEosoukN0y0DvNbcPp9goqOBYOd76TaJ3rerGhFIAxarM2CmWahgFhDAyePdYii /fAlytxSdlUanWMNKSK9xorl6a8AmDbYPUfTmw+v0tElScxKK9Bi5fhb6ynDvHOgaANH 98LA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=u1NgC8GXGyioSAhYQLIf5mJA4+toxCV5RE8n2dMeuvY=; b=tsMqmOdSZg2rY1/I5TypjOgUhy9y+EQuebiwnLllft2f9/92UvoMJJSYQqB3m1Kk44 G9p8dVH7nUwRfnorEW3XbSxWuFdnr/lVe/fRpGoizBDRIa+lyzYofRFXS1GqDYphEVP6 HXAOzxRHiotIqtqTCJcx55y54Qq6tk4+eYEGRWHBCWHs0jau3oMI2J0PdoSDsy6bCHH2 bERff7zwPA1vOb5RyZa3NMqV4mPjEWUbvaFJJ07Nd9o8ZkYBfCBzDp1VxsCKmK+1wWsl upuyRALW7spaJJyuICNZmIg3MGnplE54zBv2uCEpE8raosHeCOyM7w1JqfxIGixBY6AM R+bg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=UO4cG8cl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l2si4078615pfc.287.2019.02.11.16.47.15; Mon, 11 Feb 2019 16:47:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=UO4cG8cl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727978AbfBLArL (ORCPT + 99 others); Mon, 11 Feb 2019 19:47:11 -0500 Received: from mail-vs1-f68.google.com ([209.85.217.68]:41624 "EHLO mail-vs1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727318AbfBLArL (ORCPT ); Mon, 11 Feb 2019 19:47:11 -0500 Received: by mail-vs1-f68.google.com with SMTP id i64so540508vsc.8 for ; Mon, 11 Feb 2019 16:47:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=u1NgC8GXGyioSAhYQLIf5mJA4+toxCV5RE8n2dMeuvY=; b=UO4cG8clCIKQDK9/zmKwPZ8QIQZgcYQggmkiSOyvw22UGFAcR3kWcR6xbmQW9KMZeU D2dRym+fyDyZKSpGlJFk5Mu+zKSZXOKtzAwPx4ioyemVdvOIh0l9fUKc6FTZbcUgk2Up 9ETqSmjk+xFILiwWDtUQRCPRRgTFWy/tcMKE4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=u1NgC8GXGyioSAhYQLIf5mJA4+toxCV5RE8n2dMeuvY=; b=mZbAudjBLVyF/g0pMy9bql3hNUyTBxXbOqEIlJo82/Wl1N8VjCldmGmR1NvmikzDW0 NPoX2H7KBCmsrhHT23C9vBlqshQi1bUy8WCWmihbkGcPdBoh7w7b8s3/VbtreX/5uglM PfH63p81ri/O+4qSP9tLVy8/ujeF2solX+i0BiL1I5VsDi6t1mC5iEnoTVYeKvYNOsw+ Cm5hpw4zyamIXdvwsDj6DwEO/B1tBJYn7+hRZHycUbf2bACnTeiVNi1SyBzttXfBRxe0 7LXYZ33CgkCsWdyFpqztZPvtUT3MJPNuQ/mOPw/daHSzlHpCEA1Ae0A7KshN3rPiE4fL gaJA== X-Gm-Message-State: AHQUAuaEAPyrYg+nSSPotmAu0H2/AgJzJ+UW9ccmYUx3MK3i2Dqdmb7t AcO3rKYI8aebJRYSdUKn0sQnH9BctUM= X-Received: by 2002:a67:d601:: with SMTP id n1mr472893vsj.208.1549932429522; Mon, 11 Feb 2019 16:47:09 -0800 (PST) Received: from mail-ua1-f41.google.com (mail-ua1-f41.google.com. [209.85.222.41]) by smtp.gmail.com with ESMTPSA id a68sm11898356vsd.24.2019.02.11.16.47.08 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Feb 2019 16:47:08 -0800 (PST) Received: by mail-ua1-f41.google.com with SMTP id v26so308520uap.4 for ; Mon, 11 Feb 2019 16:47:08 -0800 (PST) X-Received: by 2002:ab0:470d:: with SMTP id h13mr450189uac.122.1549932428183; Mon, 11 Feb 2019 16:47:08 -0800 (PST) MIME-Version: 1.0 References: <25bf3c63-c54c-f7ea-bec1-996a2c05d997@gmail.com> In-Reply-To: <25bf3c63-c54c-f7ea-bec1-996a2c05d997@gmail.com> From: Kees Cook Date: Mon, 11 Feb 2019 16:46:56 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v4 00/12] hardening: statically allocated protected memory To: Igor Stoppa Cc: Igor Stoppa , Ahmed Soliman , linux-integrity , Kernel Hardening , Linux-MM , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 11, 2019 at 4:37 PM Igor Stoppa wrote: > > > > On 12/02/2019 02:09, Kees Cook wrote: > > On Mon, Feb 11, 2019 at 3:28 PM Igor Stoppa wrote: > > It looked like only the memset() needed architecture support. Is there > > a reason for not being able to implement memset() in terms of an > > inefficient put_user() loop instead? That would eliminate the need for > > per-arch support, yes? > > So far, yes, however from previous discussion about power arch, I > understood this implementation would not be so easy to adapt. > Lacking other examples where the extra mapping could be used, I did not > want to add code without a use case. > > Probably both arm and x86 32 bit could do, but I would like to first get > to the bitter end with memory protection (the other 2 thirds). > > Mostly, I hated having just one arch and I also really wanted to have arm64. Right, I meant, if you implemented the _memset() case with put_user() in this version, you could drop the arch-specific _memset() and shrink the patch series. Then you could also enable this across all the architectures in one patch. (Would you even need the Kconfig patches, i.e. won't this "Just Work" on everything with an MMU?) -- Kees Cook