Received: by 2002:a05:6a10:6006:0:0:0:0 with SMTP id w6csp263835pxa; Wed, 26 Aug 2020 09:58:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz1Oks5bUuudyhusH18M01u1eRA+ZIYe4vbTuk+8jsojH+eXO7tc3qT1ZqDPpEgcZrUDUG5 X-Received: by 2002:a17:906:130a:: with SMTP id w10mr2001529ejb.106.1598461086956; Wed, 26 Aug 2020 09:58:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598461086; cv=none; d=google.com; s=arc-20160816; b=JK7yj2w0n7g1QEI8EccyvcxKbXkmrp+cx91OFe5KdaPLrotttL3lSSTwoFHpuSfoCr qgdou30U3zRR2nGXKRZ0YXAKSVZORtMwGA7WGlnqnqzvNavYbM5Q81luLYq/eOcz/U7S lYqgXBo4T+TJqQ3L9LlNNr6bXMsqzzE2ypO8C/xSSZiv+JyTWv0Uu3Zh27n/h89sPVOx kZgrS1E7zqFeEZsSOu1gMWvD/yY6/bQpQ7xsFVCBf4cK50jXWr3SdiOAbOJe8EE19/8+ n5mOtPAMmHa1gZ0362b60aD69KM7LXBi+pPdE2Y6uRFpvFpwAfTB1KHfWfZy0O2l6CSS E1Pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Q3bPUImaUMqAjOwYYCn2Ctq8T8nlkQhPj4PTml6JzfY=; b=yf8VksZkQ2ejKjKRfeZ/RyD9WFDXQ2pMPDJII4ClM2QBPOkVjTifEHs69QQh+I39eT 2dMv8bP0C495KkPHdrHTi/1+WiqUbTUU8EFLRHBse1djJbBRtX/hjJsBBfzdVp4GARBH VHIDdMDNBZ2fYBRoRzDLV7KOcshwvLqrinUrluGROnyjpEiaFGucaFQ9rtgn3TgttvwY QDwsEsQWixPOGMO2p9BJnaq+rqJzwfd01qAB00xFUQXxzT5iluk0SLUChF0mEZw8nTQd oofIC485TMC6ROT4q9mKPhN7JnXYTw4XfHkgbLSxTZKjv71yFhaEd7cjxS/d9W5vZHEG dmUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="ALtDO/SG"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dp1si2822050ejc.38.2020.08.26.09.57.43; Wed, 26 Aug 2020 09:58:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="ALtDO/SG"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726858AbgHZQzN (ORCPT + 99 others); Wed, 26 Aug 2020 12:55:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:50658 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726739AbgHZQzL (ORCPT ); Wed, 26 Aug 2020 12:55:11 -0400 Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7192C22B3F for ; Wed, 26 Aug 2020 16:55:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598460910; bh=90eG2YC7ABsnYjclAXIjb+dB+da3NK2fm+peh/LcFOk=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=ALtDO/SGIdIyXtJEgnSUc5+3ECVAWbJUiZmmv4zc0htOnx8GLxrv0eP+vpvcifgBr 4ercfZTjzUiKDT5N/tuG4G2vavO/VGYzZeLs6HiGnTXGWKm7MN/9B3hZhOaXf9NEbv YSjGr0Kf2NouFCLwjCP/LyibUnKlXuGq7Sbuc8Yc= Received: by mail-wm1-f44.google.com with SMTP id t2so2472782wma.0 for ; Wed, 26 Aug 2020 09:55:10 -0700 (PDT) X-Gm-Message-State: AOAM5320022EFkHPXGpv8FvetK5YSHnRpJHaxKIZ7INN2yNLVI84UEmQ HfFc4hlCm8yvgSNSbDsHP0vHp24mXSo971+KV3g0hQ== X-Received: by 2002:a1c:bc45:: with SMTP id m66mr7394687wmf.36.1598460908958; Wed, 26 Aug 2020 09:55:08 -0700 (PDT) MIME-Version: 1.0 References: <20200130162340.GA14232@rapoport-lnx> <6e020a65-b516-9407-228f-2a3a32947ab9@intel.com> In-Reply-To: <6e020a65-b516-9407-228f-2a3a32947ab9@intel.com> From: Andy Lutomirski Date: Wed, 26 Aug 2020 09:54:57 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH] mm: extend memfd with ability to create "secret" memory areas To: Dave Hansen Cc: Andy Lutomirski , Mike Rapoport , LKML , Alan Cox , Andrew Morton , Christopher Lameter , Dave Hansen , James Bottomley , "Kirill A. Shutemov" , Matthew Wilcox , Peter Zijlstra , "Reshetova, Elena" , Thomas Gleixner , Tycho Andersen , Linux API , Linux-MM Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Aug 14, 2020 at 11:09 AM Dave Hansen wrote: > > On 8/14/20 10:46 AM, Andy Lutomirski wrote: > > I'm a little unconvinced about the security benefits. As far as I > > know, UC memory will not end up in cache by any means (unless > > aliased), but it's going to be tough to do much with UC data with > > anything resembling reasonable performance without derived values > > getting cached. > > I think this is much more in the category of raising the bar than > providing any absolute security guarantees. The problem here is that we're raising the bar in a way that is weirdly architecture dependent, *extremely* nonperformant, and may not even accomplish what it's trying to accomplish. > > Let's say you have a secret and you read it into some registers and then > spill them on the stack. You've got two cached copies, one for the > primary data and another for the stack copy. Secret areas don't get rid > of the stack copy, but they do get rid of the other one. One cache copy > is better than two. Bar raised. :) If we have two bars right next to each other and we raise one of them, did we really accomplish much? I admit that having a secret in its own dedicated cache line seems like an easier target than a secret in a cache line that may be quickly overwritten by something else. But even user registers right now aren't specially protected -- pt_regs lives is cached and probably has a predictable location, especially if you execve() a setuid program. > > There are also some stronger protections, less in the bar-raising > category. On x86 at least, uncached accesses also crush speculation. > You can't, for instance, speculatively get wrong values if you're not > speculating in the first place. I was thinking of things like Load > Value Injection[1]. This seems genuinely useful, but it doesn't really address the fact that requesting UC memory via PAT apparently has a good chance of getting WB anyway. > > I _believe_ there are also things like AES-NI that can get strong > protection from stuff like this. They load encryption keys into (AVX) > registers and then can do encrypt/decrypt operations without the keys > leaving the registers. If the key was loaded from a secret memory area > right into the registers, I think the protection from cache attacks > would be pretty strong. > Except for context switches :) > > 1. > https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection