Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755228AbeAORUi (ORCPT + 1 other); Mon, 15 Jan 2018 12:20:38 -0500 Received: from mail-pl0-f46.google.com ([209.85.160.46]:35164 "EHLO mail-pl0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S967023AbeAORUf (ORCPT ); Mon, 15 Jan 2018 12:20:35 -0500 X-Google-Smtp-Source: ACJfBovCnyxWQiSTlgsknPcVx35xksqxoutT69OtauLv8eHXNfiLEJJGiNMNd6/tMNbK8Kk6UjDvtw== Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: [RFC] x86: Avoid CR3 load on compatibility mode with PTI From: Andy Lutomirski X-Mailer: iPhone Mail (15C202) In-Reply-To: <20180114201306.3554-1-namit@vmware.com> Date: Mon, 15 Jan 2018 09:20:33 -0800 Cc: linux-kernel@vger.kernel.org, dave.hansen@linux.intel.com, luto@kernel.org, tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, nadav.amit@gmail.com, w@1wt.eu Content-Transfer-Encoding: 8BIT Message-Id: References: <20180114201306.3554-1-namit@vmware.com> To: Nadav Amit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: > On Jan 14, 2018, at 12:13 PM, Nadav Amit wrote: > > Currently, when page-table isolation is on to prevent the Meltdown bug > (CVE-2017-5754), CR3 is always loaded on system-call and interrupt. > > However, it appears that this is an unnecessary measure when programs > run in compatibility mode. In this mode only 32-bit registers are > available, which means that there *should* be no way for the CPU to > access, even speculatively, memory that belongs to the kernel, which > sits in high addresses. You're assuming that TIF_IA32 prevents the execution of 64-bit code. It doesn't. I've occasionally considered adding an opt-in hardening mechanism to enforce 32-bit or 64-bit execution, but we don't have this now. Anything like this would also need to spend on SMEP, I think -- the pseudo-SMEP granted by PTI is too valuable to give up on old boxes, I think.