Received: by 10.223.185.116 with SMTP id b49csp2421797wrg;
        Thu, 22 Feb 2018 13:31:22 -0800 (PST)
X-Google-Smtp-Source: AH8x227UcP9Y+K3oYvVItQgmw4DsXT5jZiehl8KVWo87V+fcw06m0KdJBH6aT7tlO9xLa85PZToL
X-Received: by 2002:a17:902:bf0a:: with SMTP id bi10-v6mr7862837plb.181.1519335082196;
        Thu, 22 Feb 2018 13:31:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519335082; cv=none;
        d=google.com; s=arc-20160816;
        b=tCMQwkY8F65X2bjzi+LUIL5rCofnFRI1uQvaBZB2SkEVAVflCoeaxtGyvRNfyNH12f
         u1hJ0WHmtqUJByyqCmNA/QNZtFDYSomEdPt7w4l40jWEDqfi65LOwKVjuM2atjO1HRey
         8lUB0kom5cKVV6rjKVLwjOHdY7ZgkQvTTYsCDFtbAWRDleFHr+UZmZPbmDxxId1LKZb8
         fcaj6jaehGvfzwbU7aSPc7fAMNk0ZVlKD6KBKoImcQhMemnOC/1vX1r42SeQbz2jTmYl
         Rz88vF8OFj95wDjsxxFfjhux8chDcx7sgrt2X0dh3LGUj31y0p3vxXji1IFKerGI+7jY
         V2EQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:cc:references:to:subject:arc-authentication-results;
        bh=c/PsnUfoHtzS0ajt74ymOHE1FfmTFKrZM4UhL2hXkwk=;
        b=j9b0en0V1HiqkO5eZEjr5lX8L+682kVrr9Qc5dSb8y5xTeOw0rGmBgpyFLFK7bPHFz
         M0pzEiy9dj2ReLeRiOG9lYNF8vYRfbL/ltWTU+wsvTJsWoSqkcbIkZdsA64TpiO25TZN
         xmn5nc2PXlpj7pOp4eNG3ldxEITtZjINGTM+DF2LhzUVj1Qq5RaTFCclPUuQa7IgSyX3
         CKjjXIZm3reyLJyymRJtov6QsxWg7egkXRaLW9raXo6/JCTiVEOGdseRCr8VHWkmqJqu
         h/ntzfyQe/GzoL+8gY/YOqMWdQCzo0eBLgxK4SW4LXwQIegT5tIVCLxZwpICt3iwHSy6
         DTgg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 65-v6si616014plb.635.2018.02.22.13.31.06;
        Thu, 22 Feb 2018 13:31:22 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751406AbeBVVaD (ORCPT <rfc822;charleyewang@gmail.com>
        + 99 others); Thu, 22 Feb 2018 16:30:03 -0500
Received: from mga14.intel.com ([192.55.52.115]:36625 "EHLO mga14.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751180AbeBVVaC (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 22 Feb 2018 16:30:02 -0500
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Feb 2018 13:30:01 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.47,378,1515484800"; 
   d="scan'208";a="19714589"
Received: from lkannan-mobl3.amr.corp.intel.com (HELO [10.254.100.148]) ([10.254.100.148])
  by fmsmga008.fm.intel.com with ESMTP; 22 Feb 2018 13:30:01 -0800
Subject: Re: [RFC][PATCH 04/10] x86/espfix: use kernel-default PTE mask
To:     Nadav Amit <namit@vmware.com>
References: <20180222203651.B776810C@viggo.jf.intel.com>
 <20180222203658.80705136@viggo.jf.intel.com>
 <93613F56-C778-4EA0-8945-A0B8ABC1A5FD@vmware.com>
Cc:     "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "aarcange@redhat.com" <aarcange@redhat.com>,
        "luto@kernel.org" <luto@kernel.org>,
        "torvalds@linux-foundation.org" <torvalds@linux-foundation.org>,
        "keescook@google.com" <keescook@google.com>,
        "hughd@google.com" <hughd@google.com>,
        "jgross@suse.com" <jgross@suse.com>,
        "x86@kernel.org" <x86@kernel.org>
From:   Dave Hansen <dave.hansen@linux.intel.com>
Message-ID: <f90cef60-1710-1d99-61ee-4527067b115f@linux.intel.com>
Date:   Thu, 22 Feb 2018 13:30:01 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <93613F56-C778-4EA0-8945-A0B8ABC1A5FD@vmware.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 02/22/2018 01:27 PM, Nadav Amit wrote:
> Dave Hansen <dave.hansen@linux.intel.com> wrote:
>> From: Dave Hansen <dave.hansen@linux.intel.com>
>> In creating its page tables, the espfix code masks its PGTABLE_PROT
>> value with the supported mask: __supported_pte_mask.  This ensures
>> that unsupported bits are not set in the final PTE.  But, it also
>> sets _PAGE_GLOBAL which we do not want for PTE.  Use
>> __default_kernel_pte_mask instead which clears _PAGE_GLOBAL for PTI.
> 
> Can you please explain what is your concern? Exposing more gadgets for
> speculative ROP attacks?
> 
> Or is it a general rule of not exposing any kernel code &data more than
> absolutely necessary?

I think it's good practice to just expose only the *minimal* amount of
data necessary.  It's easier to audit and less likely to expose things
accidentall.