Re: [RFC 4/5] sbm: fix up calls to dynamic memory allocators

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Petr Tesařík <petr@xxxxxxxxxxx>
Subject: Re: [RFC 4/5] sbm: fix up calls to dynamic memory allocators
From: Dave Hansen <dave.hansen@xxxxxxxxx>
Date: Thu, 22 Feb 2024 10:03:03 -0800
Cc: Petr Tesarik <petrtesarik@xxxxxxxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@xxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Xin Li <xin3.li@xxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, "Masami Hiramatsu (Google)" <mhiramat@xxxxxxxxxx>, Pengfei Xu <pengfei.xu@xxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Ze Gao <zegao2021@xxxxxxxxx>, "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, Kai Huang <kai.huang@xxxxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, Brian Gerst <brgerst@xxxxxxxxx>, Jason Gunthorpe <jgg@xxxxxxxx>, Joerg Roedel <jroedel@xxxxxxx>, "Mike Rapoport (IBM)" <rppt@xxxxxxxxxx>, Tina Zhang <tina.zhang@xxxxxxxxx>, Jacob Pan <jacob.jun.pan@xxxxxxxxxxxxxxx>, "open list:DOCUMENTATION" <linux-doc@xxxxxxxxxxxxxxx>, open list <linux-kernel@xxxxxxxxxxxxxxx>, Roberto Sassu <roberto.sassu@xxxxxxxxxxxxxxx>, John Johansen <john.johansen@xxxxxxxxxxxxx>, Paul Moore <paul@xxxxxxxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>, "Serge E. Hallyn" <serge@xxxxxxxxxx>, apparmor@xxxxxxxxxxxxxxxx, linux-security-module@xxxxxxxxxxxxxxx, Petr Tesarik <petr.tesarik1@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20240222185744.509e4958@meshulam.tesarici.cz>
References: <fb4a40c7-af9a-406a-95ab-406595f3ffe5@intel.com> <20240222131230.635-1-petrtesarik@huaweicloud.com> <20240222131230.635-5-petrtesarik@huaweicloud.com> <f6135f2c-bc8f-41c3-9c6a-8346d685e4dc@intel.com> <20240222185744.509e4958@meshulam.tesarici.cz>
User-agent: Mozilla Thunderbird

On 2/22/24 09:57, Petr Tesařík wrote:
> * Hardware designers are adding (other) hardware security defenses to
>   ring-0 that are not applied to ring-3.
> 
>   Could you give an example of these other security defenses, please?

Here's one example:

> https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/data-dependent-prefetcher.html

"DDP is neither trained by nor triggered by supervisor-mode accesses."

But seriously, this is going to be my last message on this topic.  I
appreciate your enthusiasm, but I don't see any viable way forward for
this approach.

References:
- Re: [PATCH v1 0/8] x86_64 SandBox Mode arch hooks
  - From: Dave Hansen
- [RFC 0/5] PoC: convert AppArmor parser to SandBox Mode
  - From: Petr Tesarik
- [RFC 4/5] sbm: fix up calls to dynamic memory allocators
  - From: Petr Tesarik
- Re: [RFC 4/5] sbm: fix up calls to dynamic memory allocators
  - From: Dave Hansen
- Re: [RFC 4/5] sbm: fix up calls to dynamic memory allocators
  - From: Petr Tesařík

Prev by Date: Re: [RFC 4/5] sbm: fix up calls to dynamic memory allocators
Next by Date: Re: [PATCH v6 0/4] StarFive's StarLink PMU Support
Previous by thread: Re: [RFC 4/5] sbm: fix up calls to dynamic memory allocators
Next by thread: [RFC 5/5] apparmor: parse profiles in sandbox mode
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Linux FS] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper] [Linux Resources]