Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function

[PATCH v7 00/14] Control-flow Enforcement: Branch Tracking, PTRACE · Yu-cheng Yu <hidden> · 2019-06-06
[PATCH v7 07/14] x86/cet/ibt: Add arch_prctl functions for IBT · Yu-cheng Yu <hidden> · 2019-06-06
Re: [PATCH v7 07/14] x86/cet/ibt: Add arch_prctl functions for IBT · Peter Zijlstra <peterz@infradead.org> · 2019-06-07
[PATCH v7 13/14] x86/cet: Add PTRACE interface for CET · Yu-cheng Yu <hidden> · 2019-06-06
[PATCH v7 04/14] x86/cet/ibt: Handle signals for IBT · Yu-cheng Yu <hidden> · 2019-06-06
[PATCH v7 06/14] x86/cet/ibt: ELF header parsing for IBT · Yu-cheng Yu <hidden> · 2019-06-06
[PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-06
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Peter Zijlstra <peterz@infradead.org> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Andy Lutomirski <luto@amacapital.net> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Andy Lutomirski <luto@amacapital.net> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Peter Zijlstra <peterz@infradead.org> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Andy Lutomirski <luto@amacapital.net> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Andy Lutomirski <luto@amacapital.net> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Andy Lutomirski <luto@amacapital.net> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Andy Lutomirski <luto@amacapital.net> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Andy Lutomirski <luto@kernel.org> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · H.J. Lu <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Andy Lutomirski <luto@amacapital.net> · 2019-06-11
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-11
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Andy Lutomirski <luto@amacapital.net> · 2019-06-11
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-14
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-14
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-14
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-14
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-14
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-14
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Andy Lutomirski <luto@amacapital.net> · 2019-06-15
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Pavel Machek <hidden> · 2019-06-08
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-10
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Pavel Machek <hidden> · 2019-06-11
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Dave Hansen <hidden> · 2019-06-07
Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function · Yu-cheng Yu <hidden> · 2019-06-07
[PATCH v7 09/14] x86/vdso: Insert endbr32/endbr64 to vDSO · Yu-cheng Yu <hidden> · 2019-06-06
Re: [PATCH v7 09/14] x86/vdso: Insert endbr32/endbr64 to vDSO · Andy Lutomirski <luto@kernel.org> · 2019-06-06
[PATCH v7 02/14] x86/cet/ibt: User-mode indirect branch tracking support · Yu-cheng Yu <hidden> · 2019-06-06
[PATCH v7 01/14] x86/cet/ibt: Add Kconfig option for user-mode Indirect Branch Tracking · Yu-cheng Yu <hidden> · 2019-06-06
[PATCH v7 14/14] x86: Discard .note.gnu.property sections · Yu-cheng Yu <hidden> · 2019-06-06
[PATCH v7 11/14] x86/vsyscall/64: Add ENDBR64 to vsyscall entry points · Yu-cheng Yu <hidden> · 2019-06-06
Re: [PATCH v7 11/14] x86/vsyscall/64: Add ENDBR64 to vsyscall entry points · Andy Lutomirski <luto@kernel.org> · 2019-06-06
[PATCH v7 12/14] x86/vsyscall/64: Fixup shadow stack and branch tracking for vsyscall · Yu-cheng Yu <hidden> · 2019-06-06
Re: [PATCH v7 12/14] x86/vsyscall/64: Fixup shadow stack and branch tracking for vsyscall · Andy Lutomirski <luto@kernel.org> · 2019-06-06
[PATCH v7 10/14] x86/vdso/32: Add ENDBR32 to __kernel_vsyscall entry point · Yu-cheng Yu <hidden> · 2019-06-06
Re: [PATCH v7 10/14] x86/vdso/32: Add ENDBR32 to __kernel_vsyscall entry point · Andy Lutomirski <luto@kernel.org> · 2019-06-06
[PATCH v7 08/14] x86/cet/ibt: Add ENDBR to op-code-map · Yu-cheng Yu <hidden> · 2019-06-06
[PATCH v7 05/14] mm/mmap: Add IBT bitmap size to address space limit check · Yu-cheng Yu <hidden> · 2019-06-06

From: Yu-cheng Yu <hidden>
Date: 2019-06-14 21:42:18
Also in: linux-arch, linux-doc, linux-mm, lkml

On Fri, 2019-06-14 at 13:57 -0700, Dave Hansen wrote:

On 6/14/19 10:13 AM, Yu-cheng Yu wrote:

quoted

On Fri, 2019-06-14 at 09:13 -0700, Dave Hansen wrote:

quoted

On 6/14/19 8:25 AM, Yu-cheng Yu wrote:

quoted

The bitmap is very big.

Really?  It's actually, what, 8*4096=32k, so 1/32,768th of the size of
the libraries legacy libraries you load?  Do our crash dumps really not
know how to represent or deal with sparse mappings?

Ok, even the core dump is not physically big, its size still looks odd,
right?

Hell if I know.

Could you please go try this in practice so that we're designing this
thing fixing real actual problems instead of phantoms that we're
anticipating?

quoted

Could this also affect how much time for GDB to load it.

I don't know.  Can you go find out for sure, please?

OK!

quoted

I have a related question:

Do we allow the application to read the bitmap, or any fault from the
application on bitmap pages?

We have to allow apps to read it.  Otherwise they can't execute
instructions.

What I meant was, if an app executes some legacy code that results in bitmap
lookup, but the bitmap page is not yet populated, and if we then populate that
page with all-zero, a #CP should follow.  So do we even populate that zero page
at all?

I think we should; a #CP is more obvious to the user at least.

We don't have to allow them to (popuating) fault on it.  But, if we
don't, we need some kind of kernel interface to avoid the faults.

The plan is:

* Move STACK_TOP (and vdso) down to give space to the bitmap.

* Reserve the bitmap space from (mm->start_stack + PAGE_SIZE) to cover a code
size of TASK_SIZE_LOW, which is (TASK_SIZE_LOW / PAGE_SIZE / 8).

* Mmap the space only when the app issues the first mark-legacy prctl.  This
avoids the core-dump issue for most apps and the accounting problem that
MAP_NORESERVE probably won't solve completely.

* The bitmap is read-only.  The kernel sets the bitmap with
get_user_pages_fast(FOLL_WRITE) and user_access_begin()/user_addess_end().

I will send out a RFC patch.

Yu-cheng

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help