From: Thomas Gleixner <tglx@linutronix.de>
To: Alexandre Chartre <alexandre.chartre@oracle.com>,
Borislav Petkov <bp@alien8.de>
Cc: mingo@redhat.com, hpa@zytor.com, x86@kernel.org,
dave.hansen@linux.intel.com, luto@kernel.org,
peterz@infradead.org, linux-kernel@vger.kernel.org,
thomas.lendacky@amd.com, jroedel@suse.de, konrad.wilk@oracle.com,
jan.setjeeilers@oracle.com, junaids@google.com,
oweisse@google.com, rppt@linux.vnet.ibm.com, graf@amazon.de,
mgross@linux.intel.com, kuzuno@gmail.com
Subject: Re: [RFC][PATCH v2 00/21] x86/pti: Defer CR3 switch to C code
Date: Thu, 19 Nov 2020 20:32:42 +0100 [thread overview]
Message-ID: <87a6vdp2g5.fsf@nanos.tec.linutronix.de> (raw)
In-Reply-To: <692599af-53c8-7881-2bc7-8898085400cd@oracle.com>
On Tue, Nov 17 2020 at 09:19, Alexandre Chartre wrote:
> On 11/16/20 9:24 PM, Borislav Petkov wrote:
>> On Mon, Nov 16, 2020 at 03:47:36PM +0100, Alexandre Chartre wrote:
>> So PTI was added exactly to *not* have kernel memory mapped in the user
>> page table. You're partially reversing that...
>
> We are not reversing PTI, we are extending it.
You widen the exposure surface without providing an argument why it is safe.
> PTI removes all kernel mapping from the user page-table. However there's
> no issue with mapping some kernel data into the user page-table as long as
> these data have no sensitive information.
Define sensitive information.
> Actually, PTI is already doing that but with a very limited scope. PTI adds
> into the user page-table some kernel mappings which are needed for userland
> to enter the kernel (such as the kernel entry text, the ESPFIX, the
> CPU_ENTRY_AREA_BASE...).
>
> So here, we are extending the PTI mapping so that we can execute more kernel
> code while using the user page-table; it's a kind of PTI on steroids.
Let's just look at a syscall:
noinstr long syscall_enter_from_user_mode(struct pt_regs *regs, long syscall)
{
long ret;
enter_from_user_mode(regs);
lockdep_hardirqs_off();
user_exit_irqoff();
trace_hardirqs_off_finish();
So just looking at the 3 calls above, how are you going to guarantee
that everything these callchains touch is mapped into user space?
Not to talk about everything which comes after that.
Thanks,
tglx
prev parent reply other threads:[~2020-11-19 19:32 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 14:47 [RFC][PATCH v2 00/21] x86/pti: Defer CR3 switch to C code Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 01/21] x86/syscall: Add wrapper for invoking syscall function Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 02/21] x86/entry: Update asm_call_on_stack to support more function arguments Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 03/21] x86/entry: Consolidate IST entry from userspace Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 04/21] x86/sev-es: Define a setup stack function for the VC idtentry Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 05/21] x86/entry: Implement ret_from_fork body with C code Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 06/21] x86/pti: Provide C variants of PTI switch CR3 macros Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 07/21] x86/entry: Fill ESPFIX stack using C code Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 08/21] x86/pti: Introduce per-task PTI trampoline stack Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 09/21] x86/pti: Function to clone page-table entries from a specified mm Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 10/21] x86/pti: Function to map per-cpu page-table entry Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 11/21] x86/pti: Extend PTI user mappings Alexandre Chartre
2020-11-16 19:48 ` Andy Lutomirski
2020-11-16 20:21 ` Alexandre Chartre
2020-11-16 23:06 ` Andy Lutomirski
2020-11-17 8:42 ` Alexandre Chartre
2020-11-17 15:49 ` Andy Lutomirski
2020-11-19 19:15 ` Thomas Gleixner
2020-11-16 14:47 ` [RFC][PATCH v2 12/21] x86/pti: Use PTI stack instead of trampoline stack Alexandre Chartre
2020-11-16 16:57 ` Andy Lutomirski
2020-11-16 18:10 ` Alexandre Chartre
2020-11-16 18:34 ` Andy Lutomirski
2020-11-16 19:37 ` Alexandre Chartre
2020-11-17 15:09 ` Alexandre Chartre
2020-11-17 15:52 ` Andy Lutomirski
2020-11-17 17:01 ` Alexandre Chartre
2020-11-19 1:49 ` Andy Lutomirski
2020-11-19 8:05 ` Alexandre Chartre
2020-11-19 12:06 ` Alexandre Chartre
2020-11-19 16:06 ` Andy Lutomirski
2020-11-19 17:02 ` Alexandre Chartre
2020-11-16 21:24 ` David Laight
2020-11-17 8:27 ` Alexandre Chartre
2020-11-19 19:10 ` Thomas Gleixner
2020-11-19 19:55 ` Alexandre Chartre
2020-11-19 21:20 ` Thomas Gleixner
2020-11-24 7:20 ` [x86/pti] 5da9e742d1: PANIC:double_fault kernel test robot
2020-11-16 14:47 ` [RFC][PATCH v2 13/21] x86/pti: Execute syscall functions on the kernel stack Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 14/21] x86/pti: Execute IDT handlers " Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 15/21] x86/pti: Execute IDT handlers with error code " Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 16/21] x86/pti: Execute system vector handlers " Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 17/21] x86/pti: Execute page fault handler " Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 18/21] x86/pti: Execute NMI " Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 19/21] x86/pti: Defer CR3 switch to C code for IST entries Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 20/21] x86/pti: Defer CR3 switch to C code for non-IST and syscall entries Alexandre Chartre
2020-11-16 14:47 ` [RFC][PATCH v2 21/21] x86/pti: Use a different stack canary with the user and kernel page-table Alexandre Chartre
2020-11-16 16:56 ` Andy Lutomirski
2020-11-16 18:34 ` Alexandre Chartre
2020-11-16 20:17 ` [RFC][PATCH v2 00/21] x86/pti: Defer CR3 switch to C code Borislav Petkov
2020-11-17 7:56 ` Alexandre Chartre
2020-11-17 16:55 ` Borislav Petkov
2020-11-17 18:12 ` Alexandre Chartre
2020-11-17 18:28 ` Borislav Petkov
2020-11-17 19:02 ` Alexandre Chartre
2020-11-17 21:23 ` Borislav Petkov
2020-11-18 7:08 ` Alexandre Chartre
2020-11-17 21:26 ` Borislav Petkov
2020-11-18 7:41 ` Alexandre Chartre
2020-11-18 9:30 ` David Laight
2020-11-18 10:29 ` Alexandre Chartre
2020-11-18 13:22 ` David Laight
2020-11-18 17:15 ` Alexandre Chartre
2020-11-18 11:29 ` Borislav Petkov
2020-11-18 19:37 ` Alexandre Chartre
2020-11-16 20:24 ` Borislav Petkov
2020-11-17 8:19 ` Alexandre Chartre
2020-11-17 17:07 ` Borislav Petkov
2020-11-17 18:24 ` Alexandre Chartre
2020-11-19 19:32 ` Thomas Gleixner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a6vdp2g5.fsf@nanos.tec.linutronix.de \
--to=tglx@linutronix.de \
--cc=alexandre.chartre@oracle.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=graf@amazon.de \
--cc=hpa@zytor.com \
--cc=jan.setjeeilers@oracle.com \
--cc=jroedel@suse.de \
--cc=junaids@google.com \
--cc=konrad.wilk@oracle.com \
--cc=kuzuno@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mgross@linux.intel.com \
--cc=mingo@redhat.com \
--cc=oweisse@google.com \
--cc=peterz@infradead.org \
--cc=rppt@linux.vnet.ibm.com \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).