Received: by 10.223.185.116 with SMTP id b49csp997967wrg; Fri, 16 Feb 2018 10:32:03 -0800 (PST) X-Google-Smtp-Source: AH8x225FBszeitAj1qcqnm9zvl0Da/SofiABF85Tzzw49XquHy2P4m4YBpg3hbaP08xQJjqm89fc X-Received: by 10.98.17.15 with SMTP id z15mr7000430pfi.116.1518805922931; Fri, 16 Feb 2018 10:32:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518805922; cv=none; d=google.com; s=arc-20160816; b=c4E8ZnlKjtuVO8PnHJ/qUHr9f+4JUObLfskWL8Th6BeAjrYHyDzQOvecFa9GuAXE3x a/zSLEYV8CGl99iQHlle5WKREWvNfR1BSj02+b3FHe1CFZfefhiEwyEiT8WuNaOuC5jj b1onp985uxvET1/9joc1/xS9MjjPegc7bNH/HdBgllPbE3igXy8HyvS2B2FnjslKx8b/ yoYHyBAtStepBnzwXs4BCAKgtJW3wP72p7OXa9r0YlKhUVykPTHNo5/14LV0OKSR0JGc djNQn/ZXPs/g2lwQE/kT+v7ntnKxipfrQdiSxiSGHHCoixtRdtnUw6e+1f5BT5hhlCkv ricA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=xgSCirFAl9LFm7shTZcpPKwZIVRowx7WERdesZ9NVHs=; b=aSXeDW5Xerif68A0HqVSmCp5eYlmQXnHhatI3VAQnGX0dd+QzYIzeT4bKBUBh2mSX/ dqoDSsix+f0nbKq3SlHUrtKpuMNIQ8X93tkPo5WfAQrfvvtJM8rUlegzPBq4LjxO0ANJ DTmvfN77VD3z5ruO3mc7ferJyo+2k5Xiz/hpStLFD3+7DJNm9c2aSrKybD9yJPrXts4j RIt+u9MQeVD2Pkn9sqptW42Cp0g1v9gVKVhbTd0txF+7Kt+Vqyx3K4QeAE17hrb+PxCZ OK7fVy4C16e4kUu37qsU3JawJwILKInkzqcSXW6p7T8HYDZMBTSateyKZCQ6mU6yZImf R8Pg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h6-v6si7876plt.72.2018.02.16.10.31.48; Fri, 16 Feb 2018 10:32:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756839AbeBPApg (ORCPT + 99 others); Thu, 15 Feb 2018 19:45:36 -0500 Received: from ppsw-40.csi.cam.ac.uk ([131.111.8.140]:39076 "EHLO ppsw-40.csi.cam.ac.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756813AbeBPApf (ORCPT ); Thu, 15 Feb 2018 19:45:35 -0500 X-Cam-AntiVirus: no malware found X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus Received: from 88-111-108-209.dynamic.dsl.as9105.com ([88.111.108.209]:50135 helo=[192.168.1.6]) by ppsw-40.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.158]:587) with esmtpsa (PLAIN:amc96) (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) id 1emU9e-000BAa-jm (Exim 4.90_1) (return-path ); Fri, 16 Feb 2018 00:45:34 +0000 Subject: Re: [PATCH RFC v2 0/6] x86: Disabling PTI in compatibility mode To: Nadav Amit , Dave Hansen Cc: Ingo Molnar , Thomas Gleixner , Andy Lutomirski , Peter Zijlstra , Willy Tarreau , x86@kernel.org, linux-kernel@vger.kernel.org References: <20180215163602.61162-1-namit@vmware.com> <27a0082c-fadb-792a-740e-70932d51f1b5@linux.intel.com> <91CEEFA7-86C8-4731-BC7E-6AF5CC3A1BA4@gmail.com> From: Andrew Cooper Message-ID: Date: Fri, 16 Feb 2018 00:45:35 +0000 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <91CEEFA7-86C8-4731-BC7E-6AF5CC3A1BA4@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-GB Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 16/02/2018 00:25, Nadav Amit wrote: > Dave Hansen wrote: > >> On 02/15/2018 08:35 AM, Nadav Amit wrote: >>> I removed the PTI disabling while SMEP is unsupported, although I >>> must admit I did not fully understand why it is required. >> Do you mean you don't fully understand how PTI gives SMEP-like behavior >> on non-SMEP hardware? > No. I understand how it provide SMEP-like behavior, and I understand the value > of SMEP by itself. > > However, I do not understand why SMEP-like protection is required to protect > processes that run in compatibility-mode from Meltdown/Spectre attacks. As > far as I understand, the process should not be able to manipulate the kernel > to execute code in the low 4GB. Being 32bit is itself sufficient protection against Meltdown (as long as there nothing interesting of the kernels mapped below the 4G boundary). However, a 32bit compatibility process try to attack with Spectre/SP2 to redirect speculation back into userspace, at which point (if successful) the pipeline will be speculating in 64bit mode, and Meltdown is back on the table.  SMEP will block this attack vector, irrespective of other SP2 defences the kernel may employ, but a fully SP2-defended kernel doesn't require SMEP to be safe in this case. ~Andrew