Received: by 10.223.185.116 with SMTP id b49csp848290wrg;
        Fri, 16 Feb 2018 08:08:39 -0800 (PST)
X-Google-Smtp-Source: AH8x225yUXvG4nHDc5uITF7ibWSjWcuYWj36reqsjCarNnQTb2TQOKfotBJWPwnRjtMF6U8zIpjw
X-Received: by 10.98.55.66 with SMTP id e63mr6687264pfa.102.1518797319183;
        Fri, 16 Feb 2018 08:08:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518797319; cv=none;
        d=google.com; s=arc-20160816;
        b=jihk/3PStukbSz1qwPrXo0M/6zOBEDIqYyG5T9nTPQi8bd20zakSLr8GeisbWB8aNA
         fsQtMMQrNUsQskEM2dAdkb/GwS51UEDPRfRRWYYThChvKfVUa9QVCOLSGwiccV/dE97F
         Zw8pzCVrptWtsO458iQegVoFfahFP23MVXX/sYEJxP9g+dy1UALaqwH3jNTs1EEZcRhP
         m8huYRBi6TwR7cvGrUOehFj80Ott8xOBr/wLO36nYWPiohWa76QYC/xbk98qzetryuJC
         /C3bh2d1U56dEayRfkEgfrIwwcDLZMGfX6KtYp9QLLHCtK6EnI2ZFFgC2m86G3dqbBu4
         tcug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=v6FiiHvsAXD52OvExeCw17XkLDsKC4w4d9Q9Y4nXmjA=;
        b=OYc8ADdFSNEML/2DYgrlvRT+rxkDUiDjYtwTNuj8eLCAxKxVSKz7tcmHJmhLfsBYLE
         75pD0P5o890DuZP4wJl1QZYLD7iHBylxmi75O5JCeF9JnXTfTHh4UGyzccEIwmBIZgrM
         2o6FNBIyNjxyi9oclCz4wcTTmJB/FpZobKk4srX1s0PScd8q9EdeXwTXPI8JYD8rB97x
         ha0T2Vfj+g2iyhuyV9BJDSH8+8ARz+68phswsytBMbumb3HH4rZeRY466Rt01p/Vjdji
         YM4k6RvlQS8hCX9COSqHy/KhrDDo09tKewUMaC5Uwiw34gAEgUry/siaZC88zFMptI6F
         bL7g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=mpnOLlyu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id ay5-v6si41089plb.146.2018.02.16.08.08.24;
        Fri, 16 Feb 2018 08:08:39 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=mpnOLlyu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756807AbeBPAnB (ORCPT <rfc822;kkdevenda@gmail.com> + 99 others);
        Thu, 15 Feb 2018 19:43:01 -0500
Received: from mail-io0-f182.google.com ([209.85.223.182]:42851 "EHLO
        mail-io0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752984AbeBPAm5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 15 Feb 2018 19:42:57 -0500
Received: by mail-io0-f182.google.com with SMTP id u84so2614016iod.9
        for <linux-kernel@vger.kernel.org>; Thu, 15 Feb 2018 16:42:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=v6FiiHvsAXD52OvExeCw17XkLDsKC4w4d9Q9Y4nXmjA=;
        b=mpnOLlyuV6sXXUguj6JieCgqZnUSwna4y+qUHhGf3IyXveb1+WQgVNpzG+phXsXpIi
         wP/miT90r5VNkM1Td/yqwmkZyIKTHbQpkyMIcNgYOMb6u+PF7EAbXMOLCJdNjBBp5Bht
         iAGN3enkIuUdyJj9QInz71/jsfOi9Ff2gQwoN9a420GV4ktgzD0mcidd/7qIwm1PcOh8
         mtYFd6qpWt7fCVl+w5wor6KPv2rsBde2k8Kz6SyXu2MjWrbBq40+m0GqlbrA4BKQJTSj
         vVSHG4i871Zb50qll1abO9BU5QYTajGXLg6/Og17esSd8hbimXHLVuX/zzyMto4TNGxC
         Wp6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=v6FiiHvsAXD52OvExeCw17XkLDsKC4w4d9Q9Y4nXmjA=;
        b=Yb/hMX6qWaawlKD0iDAo4TK9ukymJg2UWkcEA3EG+df5LlsIEO7Q2oNRqJ0usOdMYs
         QcvjHdggWy3pPUit3scF4KAzXejvAksI4Hk2caiBaDuwYJr1BuydzPki/Z5OSAI4LQTe
         3Xd3ZzxJQ0CiJSpZv/KRHpsXS+rSUuMP2c/idqTaBBqfgQuxZa0t0EjLeRxMck4K1vVu
         q6xf6m4ZihkD4LYV/6pnZgjs4XdNsJ4NsR5TGEglqTO5vhRh4L23aC8q9MAuWWMVgNtD
         WH3fXgk48CQcdr4xFqTVMiLUyIOjK5bR9GQsWQKTvevMnRs3oXlPq4NgrpbYhXQlL5DX
         UE6g==
X-Gm-Message-State: APf1xPDqLx/bxKAWVkNQk5m7jjNjYWTi6DvkzYlCSfdLoteCMi5kkg4C
        pNf8GF03zH52nnV/gitCFXDI1TYtkKIDj90tck8=
X-Received: by 10.107.78.5 with SMTP id c5mr6226625iob.120.1518741776381; Thu,
 15 Feb 2018 16:42:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.135.221 with HTTP; Thu, 15 Feb 2018 16:42:55 -0800 (PST)
In-Reply-To: <B723A40E-EFA4-4CCE-80F6-65960213761F@gmail.com>
References: <20180215163602.61162-1-namit@vmware.com> <20180215163602.61162-5-namit@vmware.com>
 <CALCETrUY4uZeG2fz=OQWGuyCOcBBNbep6TaJz82CZSP89=g3-A@mail.gmail.com>
 <9EB804CA-0EC9-4CBB-965A-F3C8520201E7@gmail.com> <CALCETrVP3BaOapL3eS8Tf=KFeM8VFPqvMoECGRkFa7WPLq=Asw@mail.gmail.com>
 <CA+55aFypED6i6pESAnk_RPUon_cyvdP3g-QZg2gspEBNAQWvmQ@mail.gmail.com> <B723A40E-EFA4-4CCE-80F6-65960213761F@gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Thu, 15 Feb 2018 16:42:55 -0800
X-Google-Sender-Auth: 7B3Y2pll6IrVRvoqPvZiUNg7WOc
Message-ID: <CA+55aFzNcbCxwimCokH2BPihc=vrusbz0NqCnHK3s4aUSLwe-A@mail.gmail.com>
Subject: Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode
To:     Nadav Amit <nadav.amit@gmail.com>
Cc:     Andy Lutomirski <luto@kernel.org>,
        Pavel Emelyanov <xemul@parallels.com>,
        Cyrill Gorcunov <gorcunov@openvz.org>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Zijlstra <peterz@infradead.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Willy Tarreau <w@1wt.eu>, X86 ML <x86@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Feb 15, 2018 at 4:22 PM, Nadav Amit <nadav.amit@gmail.com> wrote:
>
> It is not too pretty, I agree, but it should do the work. There is only one
> problematic descriptor that can be used to switch from compatibility-mode to
> long-mode in the GDT (LDT descriptors always have the L-bit cleared).
> Changing the descriptor's present bit on context switch when needed can do
> the work.

Sure, I can see it working, but it's some really shady stuff, and now
the scheduler needs to save/restore/check one more subtle bit.

And if you get it wrong, things will happily work, except you've now
defeated PTI. But you'll never notice, because you won't be testing
for it, and the only people who will are the black hats.

This is exactly the "security depends on it being in sync" thing that
makes me go "eww" about the whole model. Get one thing wrong, and
you'll blow all the PTI code out of the water.

So now you tried to optimize one small case that most people won't
use, but the downside is that you may make all our PTI work (and all
the overhead for all the _normal_ cases) pointless.

                 Linus