Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965443AbeAKSat (ORCPT + 1 other); Thu, 11 Jan 2018 13:30:49 -0500 Received: from mga03.intel.com ([134.134.136.65]:6975 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965300AbeAKSar (ORCPT ); Thu, 11 Jan 2018 13:30:47 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,345,1511856000"; d="scan'208";a="10038817" Subject: Re: [RFC PATCH v2 6/6] x86/entry/pti: don't switch PGD on when pti_disable is set To: Alexei Starovoitov , Andy Lutomirski References: <1515502580-12261-7-git-send-email-w@1wt.eu> <20180110082207.GX29822@worktop.programming.kicks-ass.net> <20180110091102.GH14066@1wt.eu> <20180111064259.GC14920@1wt.eu> <0f08d89e-61e1-20e3-5c59-0b2f7b32bf0c@linux.intel.com> <20180111154412.GA15296@1wt.eu> <20180111182147.masunghp5km6igjq@ast-mbp.dhcp.thefacebook.com> Cc: Willy Tarreau , Linus Torvalds , Peter Zijlstra , LKML , X86 ML , Borislav Petkov , Brian Gerst , Ingo Molnar , Thomas Gleixner , Josh Poimboeuf , "H. Peter Anvin" , Greg Kroah-Hartman , Kees Cook From: Dave Hansen Message-ID: Date: Thu, 11 Jan 2018 10:30:46 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <20180111182147.masunghp5km6igjq@ast-mbp.dhcp.thefacebook.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On 01/11/2018 10:21 AM, Alexei Starovoitov wrote: >> I was thinking that maybe we should add a new field or two to pt_regs. >> They could store CR2 and maybe CR3 as well. I'd also like to expose >> the error code of exceptions in stack traces. We should get this >> integrated right into the unwinder. > hmm. Exposing cr3 to user space will make it trivial for user process > to know whether kpti is active. Not sure how exploitable such > information leak. It also gives userspace a pretty valuable physical address to go after. That, plus a KASLR defeat gives you a known-valuable virtual address to target. That's no good. I think CR3 is a non-starter.