Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751348AbeAEAGe (ORCPT + 1 other); Thu, 4 Jan 2018 19:06:34 -0500 Received: from mail-vk0-f65.google.com ([209.85.213.65]:40673 "EHLO mail-vk0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751166AbeAEAGd (ORCPT ); Thu, 4 Jan 2018 19:06:33 -0500 X-Google-Smtp-Source: ACJfBos76xrbBUfXSiiLEcvOcQXPt+f8uQpmKhwPpM3qEJtxPYvVPcHN2njDLR+L6d4+R2HDFJN0G7K0TID0elWVE7g= MIME-Version: 1.0 In-Reply-To: <20180104205458.6E55ED20@viggo.jf.intel.com> References: <20180104205458.6E55ED20@viggo.jf.intel.com> From: Kees Cook Date: Thu, 4 Jan 2018 16:06:30 -0800 Message-ID: Subject: Re: [PATCH] x86/doc: add PTI description To: Dave Hansen Cc: LKML , X86 ML , moritz.lipp@iaik.tugraz.at, Daniel Gruss , michael.schwarz@iaik.tugraz.at, richard.fellner@student.tugraz.at, Andy Lutomirski , Linus Torvalds , Hugh Dickins Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Thu, Jan 4, 2018 at 12:54 PM, Dave Hansen wrote: > [...] > +For new userspace mappings, the kernel makes the entries in its > +page tables like normal. The only difference is when the kernel > +makes entries in the top (PGD) level. In addition to setting the > +entry in the main kernel PGD, a copy of the entry is made in the > +userspace page tables' PGD. It might be worth noting that NX is set in the kernel's view of the userspace page tables. > [...] > +1. Increased Memory Use > + a. Each process now needs an order-1 PGD instead of order-0. > + (Consumes 4k per process). "Consumes an additional 4k per process" ? > [...] > + d. Process Context IDentifiers (PCID) is a CPU feature that > + allows us to skip flushing the entire TLB when switching page > + tables. This makes switching the page tables (at context > + switch, or kernel entry/exit) cheaper. But, on systems with > + PCID support, the context switch code must flush both the user > + and kernel entries out of the TLB. The user PCID TLB flush is > + deferred until the exit to userspace, minimizing the cost. Does this mean it's possible to bypass the NX on userspace pages? > [...] > + g. On systems without PCID support, each CR3 write flushes > + the entire TLB. That means that each syscall, interrupt > + or exception flushes the TLB. Is it worth clarifying this for hardware support of PCID vs INVPCID? Otherwise, looks good! Reviewed-by: Kees Cook -Kees -- Kees Cook Pixel Security