Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)

From: Khalid Aziz
Date: Mon Mar 07 2016 - 16:12:10 EST


On 03/07/2016 01:58 PM, David Miller wrote:
From: Khalid Aziz <khalid.aziz@xxxxxxxxxx>
Date: Mon, 7 Mar 2016 13:41:39 -0700

Shared data may not always be backed by a file. My understanding is
one of the use cases is for in-memory databases. This shared space
could also be used to hand off transactions in flight to other
processes. These transactions in flight would not be backed by a
file. Some of these use cases might not use shmfs even. Setting ADI
bits at virtual address level catches all these cases since what backs
the tagged virtual address can be anything - a mapped file, mmio
space, just plain chunk of memory.

Frankly the most interesting use case to me is simply finding bugs
and memory scribbles, and for that we're want to be able to ADI
arbitrary memory returned from malloc() and friends.

I personally see ADI more as a debugging than a security feature,
but that's just my view.


I think that is a very strong use case. It can be a very effective tool for debugging especially when it comes to catching wild writes.

--
Khalid