From: Ingo Molnar <mingo@kernel.org>
To: Khalid Aziz <khalid.aziz@oracle.com>
Cc: juergh@gmail.com, tycho@tycho.ws, jsteckli@amazon.de,
keescook@google.com, konrad.wilk@oracle.com,
Juerg Haefliger <juerg.haefliger@canonical.com>,
deepa.srinivasan@oracle.com, chris.hyser@oracle.com,
tyhicks@canonical.com, dwmw@amazon.co.uk,
andrew.cooper3@citrix.com, jcm@redhat.com,
boris.ostrovsky@oracle.com, iommu@lists.linux-foundation.org,
x86@kernel.org, linux-arm-kernel@lists.infradead.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, linux-security-module@vger.kernel.org,
Khalid Aziz <khalid@gonehiking.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Dave Hansen <dave@sr71.net>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>,
Arjan van de Ven <arjan@infradead.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Date: Wed, 17 Apr 2019 18:15:22 +0200 [thread overview]
Message-ID: <20190417161042.GA43453@gmail.com> (raw)
In-Reply-To: <f1ac3700970365fb979533294774af0b0dd84b3b.1554248002.git.khalid.aziz@oracle.com>
[ Sorry, had to trim the Cc: list from hell. Tried to keep all the
mailing lists and all x86 developers. ]
* Khalid Aziz <khalid.aziz@oracle.com> wrote:
> From: Juerg Haefliger <juerg.haefliger@canonical.com>
>
> This patch adds basic support infrastructure for XPFO which protects
> against 'ret2dir' kernel attacks. The basic idea is to enforce
> exclusive ownership of page frames by either the kernel or userspace,
> unless explicitly requested by the kernel. Whenever a page destined for
> userspace is allocated, it is unmapped from physmap (the kernel's page
> table). When such a page is reclaimed from userspace, it is mapped back
> to physmap. Individual architectures can enable full XPFO support using
> this infrastructure by supplying architecture specific pieces.
I have a higher level, meta question:
Is there any updated analysis outlining why this XPFO overhead would be
required on x86-64 kernels running on SMAP/SMEP CPUs which should be all
recent Intel and AMD CPUs, and with kernel that mark all direct kernel
mappings as non-executable - which should be all reasonably modern
kernels later than v4.0 or so?
I.e. the original motivation of the XPFO patches was to prevent execution
of direct kernel mappings. Is this motivation still present if those
mappings are non-executable?
(Sorry if this has been asked and answered in previous discussions.)
Thanks,
Ingo
next prev parent reply other threads:[~2019-04-17 16:15 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1554248001.git.khalid.aziz@oracle.com>
2019-04-04 16:44 ` [RFC PATCH v9 00/13] Add support for eXclusive Page Frame Ownership Nadav Amit
2019-04-04 17:18 ` Khalid Aziz
[not found] ` <f1ac3700970365fb979533294774af0b0dd84b3b.1554248002.git.khalid.aziz@oracle.com>
2019-04-17 16:15 ` Ingo Molnar [this message]
2019-04-17 16:49 ` [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO) Khalid Aziz
2019-04-17 17:09 ` Ingo Molnar
2019-04-17 17:19 ` Nadav Amit
2019-04-17 17:26 ` Ingo Molnar
2019-04-17 17:44 ` Nadav Amit
2019-04-17 21:19 ` Thomas Gleixner
[not found] ` <CAHk-=wgBMg9P-nYQR2pS0XwVdikPCBqLsMFqR9nk=wSmAd4_5g@mail.gmail.com>
2019-04-17 23:42 ` Thomas Gleixner
2019-04-17 23:52 ` Linus Torvalds
2019-04-18 4:41 ` Andy Lutomirski
2019-04-18 5:41 ` Kees Cook
2019-04-18 14:34 ` Khalid Aziz
2019-04-22 19:30 ` Khalid Aziz
2019-04-22 22:23 ` Kees Cook
2019-04-18 6:14 ` Thomas Gleixner
2019-04-17 17:33 ` Khalid Aziz
2019-04-17 19:49 ` Andy Lutomirski
2019-04-17 19:52 ` Tycho Andersen
2019-04-17 20:12 ` Khalid Aziz
2019-05-01 14:49 ` Waiman Long
2019-05-01 15:18 ` Khalid Aziz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190417161042.GA43453@gmail.com \
--to=mingo@kernel.org \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=andrew.cooper3@citrix.com \
--cc=arjan@infradead.org \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=chris.hyser@oracle.com \
--cc=dave@sr71.net \
--cc=deepa.srinivasan@oracle.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jcm@redhat.com \
--cc=jsteckli@amazon.de \
--cc=juerg.haefliger@canonical.com \
--cc=juergh@gmail.com \
--cc=keescook@google.com \
--cc=khalid.aziz@oracle.com \
--cc=khalid@gonehiking.org \
--cc=konrad.wilk@oracle.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=tycho@tycho.ws \
--cc=tyhicks@canonical.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).