Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp735837yba;
        Fri, 26 Apr 2019 07:58:52 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwuiKD6RMM2CKQgn5603mHMG2LUMYlYEFaSrKXvB2dnL/uF+ifjWwI4Q4Pf660qI4s3Xhuz
X-Received: by 2002:a63:8dc8:: with SMTP id z191mr7971283pgd.9.1556290732054;
        Fri, 26 Apr 2019 07:58:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556290732; cv=none;
        d=google.com; s=arc-20160816;
        b=nPubjvTapbbnclI6GjxpHVovHWn5/MQCfIMrAO0uvEvOZNdH0RGqGQFhLHyajoHxt4
         4j70vPemb2/5LWlHE6wd0kosCvvFkbkGINBTcLN+Mwye2gWDPuS8CnI+9ApXjdcg/Yfo
         DlxZrJGToQImC2AJZHNs8u6sBtw/VqQyPcB89YmoyPcYUhPwak4HthX+FGP8/YSwS9eT
         E4d3dTaGX+GtYt5MKTjw8uYyv1nBxKRb1WWfYsxSHIdSgk5nwAFbEeZ04wTJzYheEkCR
         KKJNTYW643/6O/ng5Ek/URFO0fVwDu6wr9kunqC8SkexFu3PdP1vrEHpbuQvynVxmvZA
         7yxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id
         :dkim-signature:dkim-signature;
        bh=6p8CjruhjRNbBQYEm03bK5FWvpGTt1RHALQOrOT1VD4=;
        b=0EHZvGHJDUjGwO5rrG2RPJB7FM/K9QLH7T6ecGUBZeObUtxTqh9jCYR1mz2mBugYop
         7yPx/MPs000XAbzxC3jY8sDd6Yrd6bum6qcOtY/OJyI9+4fdp9hsGMOZ1CekpvK8cpYk
         x3cduqsgPyjOsHhywm0Kgx7GRC/aMVqN/EeB462FaVAa0oFfuorEf5hTiCni656GK17B
         4xIjZjq1gEiYPUb01J8JACWMWgWstDtha6oGChzIj5I4YMejabav3FTFrWkbXoAcLHzm
         Fko+IVeIvOlg/L53qaH4MiLwQb7FXQeqqLPa6Zi/qHcr+aH1k4wpUT+fGcRRvV5bZnMX
         +NDg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=qaIDOuC8;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=IIFGf7Gv;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e14si23369200pgv.210.2019.04.26.07.58.36;
        Fri, 26 Apr 2019 07:58:52 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=qaIDOuC8;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=IIFGf7Gv;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726495AbfDZO5m (ORCPT <rfc822;ablacktshirt@gmail.com>
        + 99 others); Fri, 26 Apr 2019 10:57:42 -0400
Received: from bedivere.hansenpartnership.com ([66.63.167.143]:49228 "EHLO
        bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726120AbfDZO5l (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 26 Apr 2019 10:57:41 -0400
Received: from localhost (localhost [127.0.0.1])
        by bedivere.hansenpartnership.com (Postfix) with ESMTP id 1D8068EE121;
        Fri, 26 Apr 2019 07:57:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1556290660;
        bh=MZ013Ph+lwQOoeohYQwwAPYLitvi2p0CBYiqPPjHpqI=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=qaIDOuC8aei1p/7IP9m9Fe7r3xqglUB9MVs7PdBCgZ558WNyEKGsDorTWf6PNNGxB
         BTCy/bnugUhZTtol9nQJKxUOW5moxnmy6Gtwb+BQs14FYokmStzrgIUIm+keNdtkd3
         r5f9oNC6yUkycIj3GOuPJLi7exfOyTK4AX48QUlM=
Received: from bedivere.hansenpartnership.com ([127.0.0.1])
        by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id hitVsonP8-dL; Fri, 26 Apr 2019 07:57:39 -0700 (PDT)
Received: from [153.66.254.194] (unknown [50.35.68.20])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 2A3368EE079;
        Fri, 26 Apr 2019 07:57:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1556290659;
        bh=MZ013Ph+lwQOoeohYQwwAPYLitvi2p0CBYiqPPjHpqI=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=IIFGf7GvQu8MCRHZXr1XtGW4XmqGJGBhgBm0P/VIYkiYQnktRNLrbXtK7lNWiswf4
         CKM8fUqVlquzGGDbVl94Z804nFWX6K13cOYwj/7elY9L73iANUBV0998IYN5LsYoUi
         OS2d0wMqqxyLuYMsxisTCzOk+GuvidU3cUz4dVWY=
Message-ID: <1556290658.2833.28.camel@HansenPartnership.com>
Subject: Re: [RFC PATCH 2/7] x86/sci: add core implementation for system
 call isolation
From:   James Bottomley <James.Bottomley@HansenPartnership.com>
To:     Dave Hansen <dave.hansen@intel.com>,
        Mike Rapoport <rppt@linux.ibm.com>,
        linux-kernel@vger.kernel.org
Cc:     Alexandre Chartre <alexandre.chartre@oracle.com>,
        Andy Lutomirski <luto@kernel.org>,
        Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Jonathan Adams <jwadams@google.com>,
        Kees Cook <keescook@chromium.org>,
        Paul Turner <pjt@google.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>, linux-mm@kvack.org,
        linux-security-module@vger.kernel.org, x86@kernel.org
Date:   Fri, 26 Apr 2019 07:57:38 -0700
In-Reply-To: <627d9321-466f-c4ed-c658-6b8567648dc6@intel.com>
References: <1556228754-12996-1-git-send-email-rppt@linux.ibm.com>
         <1556228754-12996-3-git-send-email-rppt@linux.ibm.com>
         <627d9321-466f-c4ed-c658-6b8567648dc6@intel.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.26.6 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 2019-04-26 at 07:46 -0700, Dave Hansen wrote:
> On 4/25/19 2:45 PM, Mike Rapoport wrote:
> > After the isolated system call finishes, the mappings created
> > during its execution are cleared.
> 
> Yikes.  I guess that stops someone from calling write() a bunch of
> times on every filesystem using every block device driver and all the
> DM code to get a lot of code/data faulted in.  But, it also means not
> even long-running processes will ever have a chance of behaving
> anything close to normally.
> 
> Is this something you think can be rectified or is there something
> fundamental that would keep SCI page tables from being cached across
> different invocations of the same syscall?

There is some work being done to look at pre-populating the isolated
address space with the expected execution footprint of the system call,
yes.  It lessens the ROP gadget protection slightly because you might
find a gadget in the pre-populated code, but it solves a lot of the
overhead problem.

James