Or use a PLB

By: dmcq (dmcq.delete@this.fano.co.uk), September 24, 2021 11:43 am
Room: Moderated Discussions
Linus Torvalds (torvalds.delete@this.linux-foundation.org) on September 24, 2021 10:45 am wrote:
> gpd (gpderetta.delete@this.gmail.com) on September 24, 2021 3:59 am wrote:
> > Linus Torvalds (torvalds.delete@this.linux-foundation.org) on September 23, 2021 12:01 pm wrote:
> > > The fact is, the whole notion of passing magic pointers and trying to associate random state with
> > > them between two random untrusted but somehow cooperative entities is pure BS. And I claim that
> > > no amount of segmentation - whatever you call it - will make it anything else.
> >
> > They seem useful in a post-spectre world to run potentially
> > hostile (but otherwise memory safe) code in process,
> > for example a web browser that wants to isolate different JS
> > VMs. Software boundary checking doesn't cut it anymore
> > and separate processes (the current solution) has overhead.
> > This assumes that segments handling does not have
> > meltdown-like vulnerabilities (which is not a given, but it seems possible to implement correctly).
> >
> > The kernel could use it to isolate BPF programs for example.
>
> It's one of those things that you can always make up examples for.
>
> And then 99.9% of all code doesn't want it, because most memory accesses by far are perfectly normal
> loads and stores from regular local sources with absolutely no reason to worry about data leaks.

You could say the same abut atomic operations. Though I get the feeling you think atomic operations are a failure on the part of computer manufacturers and all operations should work that way.

> But if you make it about security and make your architecture all about capability pointers, then
> all memory accesses have to be checked. So you're taking a big cost for that very rare case.

All memory oprations are checked anyway and have been for ages, and there's a lot more slicon around to trade for security and ease of use nowadays.

> Once you notice that, you then add the "regular memory accesses"
> back, and make it about special checking memory ops.

True.

> So then you say that untrusted code has to be compiled with a trusted compiler, and you add
> the checks only to the places that the compiler determines needs it. And then you end up with
> most software not using it at all, because they don't believe they need it and it is too costly
> in performance (and it probably only worked on special microarchitectures anyway, since the
> architecture that tried to force it on people failed), and you're back to square one.

No trusted compiler needed but yes you have both normal addresses and capabilities. And see above about atomics :-) It depends what you mean by 'most programs'. If you're dealing with streaming data through like a web server or transaction manager I can see them being used quite frequently.

> Just don't go down a path that is guaranteed to fail. Again. Like it did last time.

There's been a number of goes a couple of which have been reasonably successful in operation. I'm not certain which one you mean. Making something which works really well is a big job. And I think there are still some real problems in getting a good paradigm for use. I definitely think something like it is required though. The current systems have the advantage of umpteen millions hours of debugging but the future is far bigger than the past. If it can be made to work well it offers both better security and some simpler interprocess work outside of the operating system.

If there's one thing I think is needed more I think it is some better standardization and security in how all the bits of a chip share some memory when talking to each other.


> Linus

< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
POWER10 SAP SD benchmarkanon22021/09/06 02:36 PM
  POWER10 SAP SD benchmarkDaniel B2021/09/07 01:31 AM
    "Cores" (and SPEC)Rayla2021/09/07 06:51 AM
      "Cores" (and SPEC)anon2021/09/07 02:56 PM
  POWER10 SAP SD benchmarkAnon2021/09/07 02:24 PM
    POWER10 SAP SD benchmarkAnon2021/09/07 02:27 PM
  Virtually tagged L1-cachessr2021/09/08 04:49 AM
    Virtually tagged L1-cachesdmcq2021/09/08 07:22 AM
      Virtually tagged L1-cachessr2021/09/08 07:56 AM
      Virtually tagged L1-cachesHugo Décharnes2021/09/08 07:58 AM
        Virtually tagged L1-cachessr2021/09/08 09:09 AM
          Virtually tagged L1-cachesHugo Décharnes2021/09/08 09:46 AM
            Virtually tagged L1-cachessr2021/09/08 10:35 AM
              Virtually tagged L1-cachesHugo Décharnes2021/09/08 11:23 AM
                Virtually tagged L1-cachessr2021/09/08 11:40 AM
                  Virtually tagged L1-cachesanon2021/09/09 02:16 AM
                    Virtually tagged L1-cachesKonrad Schwarz2021/09/10 04:19 AM
                      Virtually tagged L1-cachesHugo Décharnes2021/09/10 05:59 AM
                        Virtually tagged L1-cachesanon2021/09/14 02:17 AM
                          Virtually tagged L1-cachesdmcq2021/09/14 08:34 AM
                            Or use a PLB (NT)Paul A. Clayton2021/09/14 08:45 AM
                              Or use a PLBLinus Torvalds2021/09/14 02:27 PM
                                Or use a PLBanon2021/09/14 11:15 PM
                                  Or use a PLBMichael S2021/09/15 02:21 AM
                                    Or use a PLBdmcq2021/09/15 02:42 PM
                                      Or use a PLBKonrad Schwarz2021/09/16 03:24 AM
                                        Or use a PLBMichael S2021/09/16 09:13 AM
                                          Or use a PLB---2021/09/16 12:02 PM
                                  PLB referencePaul A. Clayton2021/09/18 01:35 PM
                                    PLB referenceMichael S2021/09/18 03:14 PM
                                      Demand paging/translation orthogonalPaul A. Clayton2021/09/19 06:33 AM
                                        Demand paging/translation orthogonalMichael S2021/09/19 08:10 AM
                                      PLB referenceCarson2021/09/20 09:19 PM
                                    PLB referencesr2021/09/20 05:02 AM
                                      PLB referenceMichael S2021/09/20 06:03 AM
                                        PLB referenceLinus Torvalds2021/09/20 11:10 AM
                                  Or use a PLBsr2021/09/20 03:32 AM
                              Or use a PLBsr2021/09/21 08:36 AM
                                Or use a PLBLinus Torvalds2021/09/21 09:04 AM
                                  Or use a PLBsr2021/09/21 09:48 AM
                                    Or use a PLBLinus Torvalds2021/09/21 12:55 PM
                                      Or use a PLBsr2021/09/22 05:55 AM
                                        Or use a PLBrwessel2021/09/22 06:09 AM
                                        Or use a PLBLinus Torvalds2021/09/22 10:50 AM
                                          Or use a PLBsr2021/09/22 12:00 PM
                                            Or use a PLBdmcq2021/09/22 03:07 PM
                                            Or use a PLBEtienne Lorrain2021/09/23 07:50 AM
                                          Or use a PLBanon22021/09/22 03:09 PM
                                            Or use a PLBdmcq2021/09/23 01:35 AM
                                          Or use a PLB2021/09/23 08:37 AM
                                            Or use a PLBLinus Torvalds2021/09/23 11:01 AM
                                              Or use a PLBgpd2021/09/24 02:59 AM
                                                Or use a PLBLinus Torvalds2021/09/24 09:45 AM
                                                  Or use a PLBdmcq2021/09/24 11:43 AM
                                                  Or use a PLBsr2021/09/25 09:19 AM
                                                    Or use a PLBLinus Torvalds2021/09/25 09:44 AM
                                                      Or use a PLBsr2021/09/25 10:11 AM
                                                        Or use a PLBLinus Torvalds2021/09/25 10:31 AM
                                                          Or use a PLBsr2021/09/25 10:52 AM
                                                            Or use a PLBLinus Torvalds2021/09/25 11:05 AM
                                                              Or use a PLBsr2021/09/25 11:23 AM
                                                                Or use a PLBrwessel2021/09/25 02:29 PM
                                                                  Or use a PLBsr2021/09/30 11:22 PM
                                                                    Or use a PLBrwessel2021/10/01 05:19 AM
                                                                      Or use a PLBDavid Hess2021/10/01 09:35 AM
                                                                        Or use a PLBrwessel2021/10/02 03:47 AM
                                                                      Or use a PLBsr2021/10/02 10:16 AM
                                                                        Or use a PLBrwessel2021/10/02 10:53 AM
                                                          Or use a PLBLinus Torvalds2021/09/25 10:57 AM
                                                            Or use a PLBsr2021/09/25 11:07 AM
                                                              Or use a PLBLinus Torvalds2021/09/25 11:21 AM
                                                                Or use a PLBsr2021/09/25 11:40 AM
                                                                  Or use a PLBnksingh2021/09/27 08:07 AM
                                                          Or use a PLB2021/09/27 08:02 AM
                                                            Or use a PLBLinus Torvalds2021/09/27 09:20 AM
                                                              Or use a PLBLinus Torvalds2021/09/27 11:58 AM
                                                                Or use a PLBdmcq2021/09/28 09:59 AM
                                              Or use a PLBsr2021/09/25 09:34 AM
                                                Or use a PLBrwessel2021/09/25 02:44 PM
                                                  Or use a PLBsr2021/10/01 12:04 AM
                                                    Or use a PLBrwessel2021/10/01 05:33 AM
                                                      I386 segmentation highlightssr2021/10/04 06:53 AM
                                                        I386 segmentation highlightsAdrian2021/10/04 08:53 AM
                                                          I386 segmentation highlightssr2021/10/04 09:19 AM
                                                        I386 segmentation highlightsrwessel2021/10/04 03:57 PM
                                                          I386 segmentation highlightssr2021/10/05 10:16 AM
                                                            I386 segmentation highlightsMichael S2021/10/05 11:27 AM
                                                            I386 segmentation highlightsrwessel2021/10/05 03:20 PM
                                                Or use a PLBJohnG2021/09/25 09:18 PM
                                              Or use a PLB2021/09/27 06:37 AM
                                                Or use a PLBHeikki Kultala2021/09/28 02:53 AM
                                                  Or use a PLBrwessel2021/09/28 06:29 AM
                                        Or use a PLBDavid Hess2021/09/23 05:00 PM
                                          Or use a PLBAdrian2021/09/24 12:21 AM
                                            Or use a PLBdmcq2021/09/25 11:41 AM
                                        Or use a PLBblaine2021/09/26 10:19 PM
                                          Or use a PLBDavid Hess2021/09/27 10:35 AM
                                            Or use a PLBblaine2021/09/27 04:19 PM
                                            Or use a PLBAdrian2021/09/27 09:40 PM
                                              Or use a PLBAdrian2021/09/27 09:59 PM
                                                Or use a PLBdmcq2021/09/28 06:45 AM
                                              Or use a PLBrwessel2021/09/28 06:45 AM
                                              Or use a PLBDavid Hess2021/09/28 11:50 AM
                                                Or use a PLBEtienne Lorrain2021/09/30 12:25 AM
                                                  Or use a PLBDavid Hess2021/10/01 09:40 AM
                                  MMU privilegessr2021/09/21 10:07 AM
                                    MMU privilegesLinus Torvalds2021/09/21 12:49 PM
                            Virtually tagged L1-cachesKonrad Schwarz2021/09/16 03:18 AM
                          Virtually tagged L1-cachesCarson2021/09/16 12:12 PM
                            Virtually tagged L1-cachesanon22021/09/16 04:16 PM
                              Virtually tagged L1-cachesrwessel2021/09/16 05:29 PM
                          Virtually tagged L1-cachessr2021/09/20 03:20 AM
              Virtually tagged L1-caches---2021/09/08 01:28 PM
                Virtually tagged L1-cachesanonymou52021/09/08 07:28 PM
                  Virtually tagged L1-cachesanonymou52021/09/08 07:34 PM
                  Virtually tagged L1-caches---2021/09/09 09:14 AM
                    Virtually tagged L1-cachesanonymou52021/09/09 09:44 PM
                Multi-threading?David Kanter2021/09/09 08:32 PM
                  Multi-threading?---2021/09/10 08:19 AM
                Virtually tagged L1-cachessr2021/09/11 12:19 AM
                Virtually tagged L1-cachessr2021/09/11 12:36 AM
                  Virtually tagged L1-caches---2021/09/11 08:53 AM
                    Virtually tagged L1-cachessr2021/09/11 11:43 PM
                      Virtually tagged L1-cachesLinus Torvalds2021/09/12 10:10 AM
                        Virtually tagged L1-cachessr2021/09/12 10:57 AM
                          Virtually tagged L1-cachesdmcq2021/09/13 07:31 AM
                            Virtually tagged L1-cachessr2021/09/20 03:11 AM
            Virtually tagged L1-cachessr2021/09/11 01:49 AM
      Virtually tagged L1-cachesLinus Torvalds2021/09/08 11:34 AM
        Virtually tagged L1-cachesdmcq2021/09/09 01:46 AM
          Virtually tagged L1-cachesdmcq2021/09/09 01:58 AM
          Virtually tagged L1-cachessr2021/09/11 12:29 AM
            Virtually tagged L1-cachesdmcq2021/09/11 07:59 AM
              Virtually tagged L1-cachessr2021/09/11 11:57 PM
                Virtually tagged L1-cachesdmcq2021/09/12 07:44 AM
                  Virtually tagged L1-cachessr2021/09/12 08:48 AM
                    Virtually tagged L1-cachesdmcq2021/09/12 12:22 PM
                      Virtually tagged L1-cachessr2021/09/20 03:40 AM
    Where do you see this information? (NT)anon22021/09/09 01:45 AM
      Where do you see this information?sr2021/09/11 12:40 AM
        Where do you see this information?anon22021/09/11 12:53 AM
          Where do you see this information?sr2021/09/11 01:08 AM
            Thank you (NT)anon22021/09/11 03:31 PM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell avocado?