Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)
From: Andy Lutomirski
Date: Mon Mar 07 2016 - 16:02:46 EST
On Mon, Mar 7, 2016 at 12:58 PM, David Miller <davem@xxxxxxxxxxxxx> wrote:
> From: Khalid Aziz <khalid.aziz@xxxxxxxxxx>
> Date: Mon, 7 Mar 2016 13:41:39 -0700
>
>> Shared data may not always be backed by a file. My understanding is
>> one of the use cases is for in-memory databases. This shared space
>> could also be used to hand off transactions in flight to other
>> processes. These transactions in flight would not be backed by a
>> file. Some of these use cases might not use shmfs even. Setting ADI
>> bits at virtual address level catches all these cases since what backs
>> the tagged virtual address can be anything - a mapped file, mmio
>> space, just plain chunk of memory.
>
> Frankly the most interesting use case to me is simply finding bugs
> and memory scribbles, and for that we're want to be able to ADI
> arbitrary memory returned from malloc() and friends.
>
> I personally see ADI more as a debugging than a security feature,
> but that's just my view.
The thing that seems awkward to me is that setting, say, ADI=1 seems
almost equivalent to remapping the memory up to 0x10...whatever, and
the latter is a heck of a lot simpler to think about.
--
Andy Lutomirski
AMA Capital Management, LLC