Received: by 10.223.185.116 with SMTP id b49csp2445791wrg; Thu, 22 Feb 2018 14:00:47 -0800 (PST) X-Google-Smtp-Source: AH8x227c+FH33DCACIcl685tE9+Z6sBpAQepv5U64wqGA/zUkyLlV4c6bQMTzEMrDmxvNBpoDVbp X-Received: by 10.99.122.12 with SMTP id v12mr6852402pgc.128.1519336846912; Thu, 22 Feb 2018 14:00:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519336846; cv=none; d=google.com; s=arc-20160816; b=iEB74VQpCok7QbbeUX2zwjQco0KG6YLFr6Xo92IF/M+IQqxK074Dnv2t7gv4UAFImk 9EgNjTDutaLJR3PWRBQsrvJqIazShcjuYj7g0FdbzkeiGhlhr6b0A7cwo/Sbdh1Ytq4d imNHbpieBLa2U/x4fMwEbjNh1UvMfVBP1NpbXRfnQPpqIINW+dSS8FVO0+K15nx2blsp OFmQByI6JcqgP/oYQFBf4piqsj+zgVtaJPILBT93SZnw0euEnkbXyAwFZHMvSSgfu5Ep H8TpUmpYmwQlimW7xzhqN3/snE8+KFGph0eczOFjSpUSOWx+F48ado4U7GT7u8buObZL DQVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dmarc-filter :arc-authentication-results; bh=W+3KbvYiTjHaYb8ayXJMZleVfM4qyu1fqVQ8ESK0j4E=; b=h8ryTfnUhNghSDGZxkyVY++zUEgeG8iDLV4uDwUdb8pN+LcNxirHaqYap7AjGKzR+T GEIp4BEzbkhnXtW5887Fxy+Jr5EThjtG1/EbQKgQMR8DkfX2XJuK0mMjzTfsPDCkkwQh TQrGL/+kpLm2HJMoBQu16P9RlX7vLt+R7qSYVaPPzzxYexWxMWJxGdiXTvd+cm5VGG2/ xaCEgvBNckzJEQkt9+22NKOG6wnGk7flco/HGVvSKUu6SpgD6vzMtGvTsQw8wD/YobJH mmEXIS/pV8FX/q9HL31wErKr4DVmLJoUjsKRU7dY5kv1s1oaBCvRvzElE0vlSv/5b6CK QHGg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c23-v6si244297plo.702.2018.02.22.14.00.31; Thu, 22 Feb 2018 14:00:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751688AbeBVV7p (ORCPT + 99 others); Thu, 22 Feb 2018 16:59:45 -0500 Received: from mail.kernel.org ([198.145.29.99]:41920 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751600AbeBVV7o (ORCPT ); Thu, 22 Feb 2018 16:59:44 -0500 Received: from mail-io0-f169.google.com (mail-io0-f169.google.com [209.85.223.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AB01421796 for ; Thu, 22 Feb 2018 21:59:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AB01421796 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org Received: by mail-io0-f169.google.com with SMTP id b34so7655523ioj.6 for ; Thu, 22 Feb 2018 13:59:43 -0800 (PST) X-Gm-Message-State: APf1xPAkwNJs1EYTT6rY20RTH+iUunGNU28uzDO3iUVExafpnrcZG/96 g8V2bBJef5h9/tzD8vm/fcRWDqjNEleO0Vr67LmAHg== X-Received: by 10.107.69.7 with SMTP id s7mr10495493ioa.6.1519336783086; Thu, 22 Feb 2018 13:59:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.137.101 with HTTP; Thu, 22 Feb 2018 13:59:22 -0800 (PST) In-Reply-To: References: <20180222203651.B776810C@viggo.jf.intel.com> <20180222203658.80705136@viggo.jf.intel.com> <93613F56-C778-4EA0-8945-A0B8ABC1A5FD@vmware.com> From: Andy Lutomirski Date: Thu, 22 Feb 2018 21:59:22 +0000 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC][PATCH 04/10] x86/espfix: use kernel-default PTE mask To: Dave Hansen Cc: Nadav Amit , "linux-kernel@vger.kernel.org" , "aarcange@redhat.com" , "luto@kernel.org" , "torvalds@linux-foundation.org" , "keescook@google.com" , "hughd@google.com" , "jgross@suse.com" , "x86@kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 22, 2018 at 9:30 PM, Dave Hansen wrote: > On 02/22/2018 01:27 PM, Nadav Amit wrote: >> Dave Hansen wrote: >>> From: Dave Hansen >>> In creating its page tables, the espfix code masks its PGTABLE_PROT >>> value with the supported mask: __supported_pte_mask. This ensures >>> that unsupported bits are not set in the final PTE. But, it also >>> sets _PAGE_GLOBAL which we do not want for PTE. Use >>> __default_kernel_pte_mask instead which clears _PAGE_GLOBAL for PTI. >> >> Can you please explain what is your concern? Exposing more gadgets for >> speculative ROP attacks? >> >> Or is it a general rule of not exposing any kernel code &data more than >> absolutely necessary? > > I think it's good practice to just expose only the *minimal* amount of > data necessary. It's easier to audit and less likely to expose things > accidentall. But espfix64 is geniunely global. I'm confused.