Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1058191ybi; Fri, 12 Jul 2019 09:02:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqzoJumlTfGu8fDNPmq++ZryKLrERFT7Ao9u//JloIF/uOjveOE4sgu+/8Gz/D5Np1WkGCs6 X-Received: by 2002:a63:360d:: with SMTP id d13mr11659522pga.80.1562947334562; Fri, 12 Jul 2019 09:02:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562947334; cv=none; d=google.com; s=arc-20160816; b=SrwKm3DxCIWNMY6OV220feI1G7/h56o6rPdEDCFTXy6j86mTBuo16h5bQmCuXtLmVb QX+CbwmN6bvP0m8EtMLiilNt5rosy3nxT++Maqi6/ynk992QNGkw/bgmysizKVOD3gcl IcemwTzLqugpL8d3sFQ44k+omEUjXXOfnMg6jrLZM3s9oUpm2L9imxkLHKByiwzwzJbo ukD9433KcVShAFb/h4pyZbiJ+gQxWYw8UOX0f2OJSaq8egxGXzzn7rImUplDnu/6geOb 4amjzM1fxEH7OTvOgnRdIXXIjPd+dCvVAO00uZX9UOLoFxW8fh9rvpBT293cfPFp11dE 8HmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=YGyoAi4GqcaNnCz4i2Tl/uvMTRPEWr5xeeFUMv8DjT0=; b=SapiM30FuAXaOUcFoHYKgKewn/ZL5kxi1J+vzDNrqEQacoTL+Jspx/Z+X02468jDkF 0BG0tmJvZFMHg9MxMMY3xiRqQ7qh1LKQuPF/07MTAe1WNIULFJHp/VD33XkCgMtK4JOU DoEBscfoRh33xFwd1T1JjDGwM2IOiir9Sr23obESD7D2aHLpHF8e9yjE8fLgcho6GVmT xoUG/7mnXzcFYhGB+3QpBx4/MDIPU0YpKgx705pb+S/1ZiDgnpyxkO6vYCmBh5/yytZm Rx2HxlEpMNIhHz1QEQVlPIGMcr08qcpZnPJDKn+K9WuSMheNKc4BlMuuWdyReDhl9ZMR 9gvg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v33si8766365pgk.152.2019.07.12.09.01.58; Fri, 12 Jul 2019 09:02:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727357AbfGLQA4 (ORCPT + 99 others); Fri, 12 Jul 2019 12:00:56 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:44314 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726992AbfGLQAz (ORCPT ); Fri, 12 Jul 2019 12:00:55 -0400 Received: from [5.158.153.52] (helo=nanos.tec.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hlxyU-0004Ej-To; Fri, 12 Jul 2019 18:00:43 +0200 Date: Fri, 12 Jul 2019 18:00:42 +0200 (CEST) From: Thomas Gleixner To: Alexandre Chartre cc: Dave Hansen , pbonzini@redhat.com, rkrcmar@redhat.com, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, kvm@vger.kernel.org, x86@kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, konrad.wilk@oracle.com, jan.setjeeilers@oracle.com, liran.alon@oracle.com, jwadams@google.com, graf@amazon.de, rppt@linux.vnet.ibm.com Subject: Re: [RFC v2 00/27] Kernel Address Space Isolation In-Reply-To: <61d5851e-a8bf-e25c-e673-b71c8b83042c@oracle.com> Message-ID: References: <1562855138-19507-1-git-send-email-alexandre.chartre@oracle.com> <5cab2a0e-1034-8748-fcbe-a17cf4fa2cd4@intel.com> <61d5851e-a8bf-e25c-e673-b71c8b83042c@oracle.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 12 Jul 2019, Alexandre Chartre wrote: > On 7/12/19 12:44 PM, Thomas Gleixner wrote: > > That ASI thing is just PTI on steroids. > > > > So why do we need two versions of the same thing? That's absolutely bonkers > > and will just introduce subtle bugs and conflicting decisions all over the > > place. > > > > The need for ASI is very tightly coupled to the need for PTI and there is > > absolutely no point in keeping them separate. > > > > The only difference vs. interrupts and exceptions is that the PTI logic > > cares whether they enter from user or from kernel space while ASI only > > cares about the kernel entry. > > I think that's precisely what makes ASI and PTI different and independent. > PTI is just about switching between userland and kernel page-tables, while > ASI is about switching page-table inside the kernel. You can have ASI without > having PTI. You can also use ASI for kernel threads so for code that won't > be triggered from userland and so which won't involve PTI. It's still the same concept. And you can argue in circles it does not justify yet another mapping setup with is a different copy of some other mapping setup. Whether PTI is replaced by ASI or PTI is extended to handle ASI does not matter at all. Having two similar concepts side by side is a guarantee for disaster. > > So why do you want ot treat that differently? There is absolutely zero > > reason to do so. And there is no reason to create a pointlessly different > > version of PTI which introduces yet another variant of a restricted page > > table instead of just reusing and extending what's there already. > > > > As I've tried to explain, to me PTI and ASI are different and independent. > PTI manages switching between userland and kernel page-table, and ASI manages > switching between kernel and a reduced-kernel page-table. Again. It's the same concept and it does not matter what form of reduced page tables you use. You always need transition points and in order to make the transition points work you need reliably mapped bits and pieces. Also Paul wants to use the same concept for user space so trivial system calls can do w/o PTI. In some other thread you said yourself that this could be extended to cover the kvm ioctl, which is clearly a return to user space. Are we then going to add another set of randomly sprinkled transition points and yet another 'state machine' to duct-tape the fallout? Definitely not going to happen. Thanks, tglx