From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752239AbdKAIyc (ORCPT <rfc822;w@1wt.eu>);
        Wed, 1 Nov 2017 04:54:32 -0400
Received: from mail-wm0-f66.google.com ([74.125.82.66]:48264 "EHLO
        mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751417AbdKAIy3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 1 Nov 2017 04:54:29 -0400
X-Google-Smtp-Source: ABhQp+Rg2qRK9PQ4XFhx+yy1+uB0NG/3GvBNjIkZNH6/QGGNHIzGPELKQ1jehX+8fzoClXeFJBna0w==
Date: Wed, 1 Nov 2017 09:54:25 +0100
From: Ingo Molnar <mingo@kernel.org>
To: Dave Hansen <dave.hansen@linux.intel.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
        Andy Lutomirski <luto@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Peter Zijlstra <a.p.zijlstra@chello.nl>,
        "H. Peter Anvin" <hpa@zytor.com>, borisBrian Gerst <brgerst@gmail.com>,
        Denys Vlasenko <dvlasenk@redhat.com>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Thomas Garnier <thgarnie@google.com>
Subject: Re: [PATCH 00/23] KAISER: unmap most of the kernel from userspace
 page tables
Message-ID: <20171101085424.cwvc4nrrdhvjc3su@gmail.com>
References: <20171031223146.6B47C861@viggo.jf.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20171031223146.6B47C861@viggo.jf.intel.com>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


(Filled in the missing Cc: list)

* Dave Hansen <dave.hansen@linux.intel.com> wrote:

> tl;dr:
> 
> KAISER makes it harder to defeat KASLR, but makes syscalls and
> interrupts slower.  These patches are based on work from a team at
> Graz University of Technology posted here[1].  The major addition is
> support for Intel PCIDs which builds on top of Andy Lutomorski's PCID
> work merged for 4.14.  PCIDs make KAISER's overhead very reasonable
> for a wide variety of use cases.

Ok, while I never thought I'd see the 4g:4g patch come to 64-bit kernels ;-),
this series is a lot better than earlier versions of this feature, and it
solves a number of KASLR timing attacks rather fundamentally.

Beyond the inevitable cavalcade of (solvable) problems that will pop up during 
review, one major item I'd like to see addressed is runtime configurability: it 
should be possible to switch between a CR3-flushing and a regular syscall and page 
table model on the admin level, without restarting the kernel and apps. Distros 
really, really don't want to double the number of kernel variants they have.

The 'Kaiser off' runtime switch doesn't have to be as efficient as 
CONFIG_KAISER=n, at least initialloy, but at minimum it should avoid the most 
expensive page table switching paths in the syscall entry codepaths.

Also, this series should be based on Andy's latest syscall entry cleanup work.

Thanks,

	Ingo