Subject: Re: [PATCH] [v2] x86/doc: add PTI description
To: Hector Martin 'marcan' <marcan@marcan.st>,
        linux-kernel@vger.kernel.org
References: <20180105002428.19A01A83@viggo.jf.intel.com>
 <2a2f0da6-3059-3ae5-8e39-48046389ebc9@marcan.st>
Cc: x86@kernel.org
From: Dave Hansen <dave.hansen@linux.intel.com>
Message-ID: <8de1ea34-7c15-f69f-2177-729e1398ed12@linux.intel.com>
Date: Thu, 4 Jan 2018 21:32:22 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <2a2f0da6-3059-3ae5-8e39-48046389ebc9@marcan.st>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org

On 01/04/2018 05:43 PM, Hector Martin 'marcan' wrote:
> On 2018-01-05 09:24, Dave Hansen wrote:
>> +			Not specifying this option nothing is equivalent to
>> +			pti=auto.
> 
> -nothing

Sure, will fix.

>> +Page Table Isolation (pti, previously known as KAISER[1]) is a
>> +countermeasure against attacks on kernel address information such
>> +as the "Meltdown" approach[2].
> 
> It's not really just address information, but any data. Maybe "attacks
> that leak kernel memory"?

It's not just kernel leaks either, though.

>> +To avoid leaking address information, we create an new, independent
> 
> Same issue here. Also an -> a.

Will fix.

>> +copy of the page tables which are used only when running userspace
> 
> are -> is. The copy is singular.

I've reworded the sentence to remove the ambiguity.

>> +applications.  When the kernel is entered via syscalls, interrupts or
>> +exceptions, page tables are switched to the full "kernel" copy.  When
> 
> "the page tables".

No thanks.  It's fine the way it is.

>> +crippled by setting the NX bit in the top level.  This ensures
>> +that if a kernel->user CR3 switch is missed that userspace will
>> +crash immediately upon executing its first instruction.
> 
> "that userspace" -> "then userspace"