Received: by 10.223.176.46 with SMTP id f43csp2376689wra; Sun, 21 Jan 2018 18:41:11 -0800 (PST) X-Google-Smtp-Source: AH8x226cvwkfOpk7NrY1x8bnpFszeIWvZJmARFo/Kxd9ihgz8GclamTvO8+9w6GlE+DzMYuU1Ode X-Received: by 10.101.90.10 with SMTP id y10mr6069377pgs.445.1516588871621; Sun, 21 Jan 2018 18:41:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516588871; cv=none; d=google.com; s=arc-20160816; b=AP7/Su5SPr3LSvYh73P0EObRe7MBljDoybTuMF8lQHORFzR5sf49VJBiyEaeIN3AfT qjxnVKpoTXYOxZrjosuTsk3h/V4901oXA6adS22Qiy6S6giRkoeTNqcn+Z9GsY5BH2xW c1oPJrWPWwRhi2KhkRENrCdYKb2uxLSoYE1xxlSz6Vg6AhcYT3mqNZgyNKODJkzTlhpg FabqpmaQGPftj7jvh3m0nGwnnPrH2PRGzhoQGWvthWBgrqPlSVQEeStOgbcpeX1qBZ4W D2p/Sp1vFpVR4kWgyNk9R0IAEvzHsOLqfi26gIPo653xrTXSDdiWwWpHtl+hK+n1qWHO MXkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:from:cc:to:subject :content-transfer-encoding:mime-version:references:in-reply-to :user-agent:date:arc-authentication-results; bh=DcZIZW1QvV82jYLrRb6dECsY9elsCQEU5g3sm4nUMdM=; b=VWP3yU2jjTxOHxBwYAoM6Gccwdz8xJ/70WC+M2Q9+ffCaBrs14IwVCUTqGtKRa5x9/ PkdQgXJNBXjPM3enVCi12z1qQIEosUI5Whmm3kDzwHc7a391rwMYrikcKllt/PCRdOKT aTYPGzMrhN9IXcppUy9trIBALW/2kYa20SuyTwWTTXNW++uE/UOLmBSb3If7ovvnNKgf hV7pPG8TB48eoITmP7D4Nw5QEz+ql6H6iSEHL7R04p5jYhl+/KM9SysBbr/KVb+TaFIz uaEDcEnN0IwPrgK4ItvkKsZ9if4q1uoSnbqj66zeSc9GMe0QFgxwqwZMeuOw9ZasT2Ff YCsA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x4si13288387pgb.334.2018.01.21.18.40.56; Sun, 21 Jan 2018 18:41:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751113AbeAVCke convert rfc822-to-8bit (ORCPT + 99 others); Sun, 21 Jan 2018 21:40:34 -0500 Received: from terminus.zytor.com ([65.50.211.136]:38977 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751068AbeAVCkd (ORCPT ); Sun, 21 Jan 2018 21:40:33 -0500 Received: from [IPv6:2607:fb90:2711:a75e:b1e2:dbba:43ef:e9a9] ([172.56.39.165]) (authenticated bits=0) by mail.zytor.com (8.15.2/8.15.2) with ESMTPSA id w0M2KIeh032155 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sun, 21 Jan 2018 18:20:19 -0800 Date: Sun, 21 Jan 2018 18:20:11 -0800 User-Agent: K-9 Mail for Android In-Reply-To: References: <1516120619-1159-1-git-send-email-joro@8bytes.org> <5D89F55C-902A-4464-A64E-7157FF55FAD0@gmail.com> <886C924D-668F-4007-98CA-555DB6279E4F@gmail.com> <9CF1DD34-7C66-4F11-856D-B5E896988E16@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Subject: Re: [RFC PATCH 00/16] PTI support for x86-32 To: Linus Torvalds , Nadav Amit CC: Joerg Roedel , Thomas Gleixner , Ingo Molnar , the arch/x86 maintainers , LKML , "open list:MEMORY MANAGEMENT" , Andy Lutomirski , Dave Hansen , Josh Poimboeuf , Juergen Gross , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Greg KH , Will Deacon , "Liguori, Anthony" , Daniel Gruss , Hugh Dickins , Kees Cook , Andrea Arcangeli , Waiman Long , Joerg Roedel From: hpa@zytor.com Message-ID: <143DE376-A8A4-4A91-B4FF-E258D578242D@zytor.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On January 21, 2018 6:11:07 PM PST, Linus Torvalds wrote: >On Sun, Jan 21, 2018 at 3:46 PM, Nadav Amit >wrote: >> I wanted to see whether segments protection can be a replacement for >PTI >> (yes, excluding SMEP emulation), or whether speculative execution >“ignores” >> limit checks, similarly to the way paging protection is skipped. >> >> It does seem that segmentation provides sufficient protection from >Meltdown. >> The “reliability” test of Gratz PoC fails if the segment limit is set >to >> prevent access to the kernel memory. [ It passes if the limit is not >set, >> even if the DS is reloaded. ] My test is enclosed below. > >Interesting. It might not be entirely reliable for all >microarchitectures, though. > >> So my question: wouldn’t it be much more efficient to use >segmentation >> protection for x86-32, and allow users to choose whether they want >SMEP-like >> protection if needed (and then enable PTI)? > >That's what we did long long ago, with user space segments actually >using the limit (in fact, if you go back far enough, the kernel even >used the base). > >You'd have to make sure that the LDT loading etc do not allow CPL3 >segments with base+limit past TASK_SIZE, so that people can't generate >their own. And the TLS segments also need to be limited (and >remember, the limit has to be TASK_SIZE-base, not just TASK_SIZE). > >And we should check with Intel that segment limit checking really is >guaranteed to be done before any access. > >Too bad x86-64 got rid of the segments ;) > > Linus No idea about Intel, but at least on Transmeta CPUs the limit check was asynchronous with the access. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.