Re: [RFC 4/5] sbm: fix up calls to dynamic memory allocators

From: Dave Hansen
Date: Thu Feb 22 2024 - 13:03:36 EST

Next message: Martin Rodriguez Reboredo: "Re: [PATCH v3] rust: locks: Add `get_mut` method to `Lock`"
Previous message: Mukesh Ojha: "[PATCH vRFC 7/8] firmware: remove prototype of fw_cache_piggyback_on_request()"
In reply to: Petr Tesařík: "Re: [RFC 4/5] sbm: fix up calls to dynamic memory allocators"
Next in thread: Petr Tesarik: "[RFC 5/5] apparmor: parse profiles in sandbox mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/22/24 09:57, Petr Tesařík wrote:
> * Hardware designers are adding (other) hardware security defenses to
> ring-0 that are not applied to ring-3.
>
> Could you give an example of these other security defenses, please?

Here's one example:

> https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/data-dependent-prefetcher.html

"DDP is neither trained by nor triggered by supervisor-mode accesses."

But seriously, this is going to be my last message on this topic. I
appreciate your enthusiasm, but I don't see any viable way forward for
this approach.

Next message: Martin Rodriguez Reboredo: "Re: [PATCH v3] rust: locks: Add `get_mut` method to `Lock`"
Previous message: Mukesh Ojha: "[PATCH vRFC 7/8] firmware: remove prototype of fw_cache_piggyback_on_request()"
In reply to: Petr Tesařík: "Re: [RFC 4/5] sbm: fix up calls to dynamic memory allocators"
Next in thread: Petr Tesarik: "[RFC 5/5] apparmor: parse profiles in sandbox mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]