Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751374AbeAEAVs (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Thu, 4 Jan 2018 19:21:48 -0500
Received: from mga06.intel.com ([134.134.136.31]:28904 "EHLO mga06.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751108AbeAEAVr (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 4 Jan 2018 19:21:47 -0500
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.46,316,1511856000"; 
   d="scan'208";a="24448799"
Subject: Re: [PATCH] x86/doc: add PTI description
To: Kees Cook <keescook@google.com>
References: <20180104205458.6E55ED20@viggo.jf.intel.com>
 <CAGXu5jKF089SKyWfMpSqV1M=uhS9j2_kOD+hUekhcX78xEEjPw@mail.gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
        moritz.lipp@iaik.tugraz.at,
        Daniel Gruss <daniel.gruss@iaik.tugraz.at>,
        michael.schwarz@iaik.tugraz.at, richard.fellner@student.tugraz.at,
        Andy Lutomirski <luto@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Hugh Dickins <hughd@google.com>
From: Dave Hansen <dave.hansen@linux.intel.com>
Message-ID: <622d362d-d3f2-bb27-6fb2-2334b38c1933@linux.intel.com>
Date: Thu, 4 Jan 2018 16:21:46 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <CAGXu5jKF089SKyWfMpSqV1M=uhS9j2_kOD+hUekhcX78xEEjPw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On 01/04/2018 04:06 PM, Kees Cook wrote:
>> +  d. Process Context IDentifiers (PCID) is a CPU feature that
>> +     allows us to skip flushing the entire TLB when switching page
>> +     tables.  This makes switching the page tables (at context
>> +     switch, or kernel entry/exit) cheaper.  But, on systems with
>> +     PCID support, the context switch code must flush both the user
>> +     and kernel entries out of the TLB.  The user PCID TLB flush is
>> +     deferred until the exit to userspace, minimizing the cost.
> 
> Does this mean it's possible to bypass the NX on userspace pages?

I'll clarify this.  The write to CR3 happens, but bit 63 gets set to
tell the CPU not to flush the TLB on the CR3 write.

>> [...]
>> +  g. On systems without PCID support, each CR3 write flushes
>> +     the entire TLB.  That means that each syscall, interrupt
>> +     or exception flushes the TLB.
> 
> Is it worth clarifying this for hardware support of PCID vs INVPCID?

I'll make changes based on the rest of your comments.  Thanks for taking
a look!