From mboxrd@z Thu Jan  1 00:00:00 1970
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751341AbeAEFSE (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Fri, 5 Jan 2018 00:18:04 -0500
Received: from mga01.intel.com ([192.55.52.88]:52295 "EHLO mga01.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751065AbeAEFSD (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 5 Jan 2018 00:18:03 -0500
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.46,317,1511856000"; 
   d="scan'208";a="189956535"
Subject: Re: [PATCH 05/23] x86, kaiser: unmap kernel from userspace page
 tables (core patch)
To: Yisheng Xie <xieyisheng1@huawei.com>, linux-kernel@vger.kernel.org
References: <20171123003438.48A0EEDE@viggo.jf.intel.com>
 <20171123003447.1DB395E3@viggo.jf.intel.com>
 <e80ac5b1-c562-fc60-ee84-30a3a40bde60@huawei.com>
Cc: linux-mm@kvack.org, richard.fellner@student.tugraz.at,
        moritz.lipp@iaik.tugraz.at, daniel.gruss@iaik.tugraz.at,
        michael.schwarz@iaik.tugraz.at, luto@kernel.org,
        torvalds@linux-foundation.org, keescook@google.com,
        hughd@google.com, x86@kernel.org
From: Dave Hansen <dave.hansen@linux.intel.com>
Message-ID: <93776eb2-b6d4-679a-280c-8ba558a69c34@linux.intel.com>
Date: Thu, 4 Jan 2018 21:18:02 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <e80ac5b1-c562-fc60-ee84-30a3a40bde60@huawei.com>
Content-Type: text/plain; charset=windows-1252
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On 01/04/2018 08:16 PM, Yisheng Xie wrote:
>> === Page Table Poisoning ===
>>
>> KAISER has two copies of the page tables: one for the kernel and
>> one for when running in userspace.  
> 
> So, we have 2 page table, thinking about this case:
> If _ONE_ process includes _TWO_ threads, one run in user space, the other
> run in kernel, they can run in one core with Hyper-Threading, right?

Yes.

> So both userspace and kernel space is valid, right? And for one core
> with Hyper-Threading, they may share TLB, so the timing problem
> described in the paper may still exist?

No.  The TLB is managed per logical CPU (hyperthread), as is the CR3
register that points to the page tables.  Two threads running the same
process might use the same CR3 _value_, but that does not mean they
share TLB entries.

One thread *can* be in the kernel with the kernel page tables while the
other is in userspace with the user page tables active.  They will even
use a different PCID/ASID for the same page tables normally.

> Can this case still be protected by KAISER?

Yes.