Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)

From: Khalid Aziz
Date: Mon Mar 07 2016 - 17:31:38 EST

Next message: Bjorn Helgaas: "Re: [PATCH] Fix NULL ptr dereference in pci_bus_assign_domain_nr() on ARM"
Previous message: Kees Cook: "Re: [PATCH v3 01/19] x86, kaslr: Remove not needed parameter for choose_kernel_location"
In reply to: David Miller: "Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)"
Next in thread: Dave Hansen: "Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/07/2016 02:34 PM, David Miller wrote:

From: Khalid Aziz <khalid.aziz@xxxxxxxxxx>
Date: Mon, 7 Mar 2016 14:27:09 -0700

I agree with your point of view. PSTATE.mcde and TTE.mcd are set in
response to request from userspace. If userspace asked for them to be
set, they already know but it was the database guys that asked for
these two functions and they are the primary customers for the ADI
feature. I am not crazy about this idea since this extends the
mprotect API even further but would you consider using the return
value from mprotect to indicate if PSTATE.mcde or TTE.mcd were already
set on the given address?

Well, that's the idea.

If the mprotect using MAP_ADI or whatever succeeds, then ADI is
enabled.

Users can thus also pass MAP_ADI as a flag to mmap() to get ADI
protection from the very beginning.

MAP_ADI has been sitting in my backlog for some time. Looks like you just raised its priority ;)

--
Khalid

Next message: Bjorn Helgaas: "Re: [PATCH] Fix NULL ptr dereference in pci_bus_assign_domain_nr() on ARM"
Previous message: Kees Cook: "Re: [PATCH v3 01/19] x86, kaslr: Remove not needed parameter for choose_kernel_location"
In reply to: David Miller: "Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)"
Next in thread: Dave Hansen: "Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]