From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,FSL_HELO_FAKE,MAILING_LIST_MULTI,SPF_PASS,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BFCAC282DA for ; Wed, 17 Apr 2019 16:15:40 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1DF7320674 for ; Wed, 17 Apr 2019 16:15:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="C+yy8vfZ"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nyS/WVic" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1DF7320674 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=dqwBduuhOezAAkAq8hl4C8gDXwnbtcv6F28Gx0RBhXU=; b=C+yy8vfZ95m3xP E08OnkOQ2jBT9n9NUiLe+ua11AWBJgfPvZbyNqPaCec4191GVR1VvTwuufQY2wG2NEPYEMjyRCTqr aNOU09/Xr1NNK0pX7VStZN3/xzfGU8+ekMDsVbD1gsWJbpuV5agPMYVuFCGp5KeJdy69v8H0Oike2 bG2fd4+uTj/2ejteDC2veyZkcl3IcdAajEwjndDhn1WjUKJ3pnf97lBPrISeg3zLR1tNd9Is2BWkz k3KWNnNJKEULyPFSKGHMAwlY2cdfd9ADMIsbGu2yDwuR/d++CbTa8c/Z+zbdx+ZXARNjFoiH8WxQ6 7N8PwbCiOz5b9g8roANA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hGnDi-0002rK-59; Wed, 17 Apr 2019 16:15:34 +0000 Received: from mail-wr1-x444.google.com ([2a00:1450:4864:20::444]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hGnDe-0002qY-3I for linux-arm-kernel@lists.infradead.org; Wed, 17 Apr 2019 16:15:32 +0000 Received: by mail-wr1-x444.google.com with SMTP id w10so32760732wrm.4 for ; Wed, 17 Apr 2019 09:15:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=2E2gGWXwlEXHD0EdhjliuzLa0L4LUy3dnmNjJuBPY1M=; b=nyS/WViclzZJjR30HVMMB/ma7fcLYSTWP9QxF2Fshf4EJq6uRarq3jSaxiVNfV92fh zEZfmA69o8F7gNO5JT6uv0zE0OJeE7BWbIRv09fAQTN2l+N2dnFwJ9Lfuiiy6+74FoDp uGRo9f5/Goa9H9R9Ca2oLvyjv31O0I5e5WLdLO3tmvoyjg1wNvw+8b2zxVEfd9gJSTwJ +SSg2n/omewPli8xLPnvSElOhwgHU9I/P33Tw7RfhZ2LRLr+x5PTn04fXGfMHG1ZHR4/ XB7f4UjQbIdtenugCUJSD8W8ywk7H6JVByBN8MjE8ZURVuqLb51s1gVwQaBsfh/AY/u/ 6ICw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=2E2gGWXwlEXHD0EdhjliuzLa0L4LUy3dnmNjJuBPY1M=; b=KVDTkEdOBaWhpNzpBmmUxcNWYKCTHuc0X/1/970YQFfVMPJ3qZ9UGXydNOf8Ieoovh /P/sp0rXYcDFpAPb48CLzWzZlftOuGX4Z0HgAmY2Q1Bej+lWbWA5TOlnU3Q/JRq511Lz xKou7LYK558wAVtp5p8V5n0myb0k1Llhrcuas7z3sXjolVx3zn+49Xu8nDrcOxiUlr1v OlOQEt0PU4NUbfl53E0v8oRPWm2tCJkZAlS7DGJT9Ya5z4La8QB6gAa/oEUAVu+VdwVb eh+H7nvjjfIQr3w+7L7VFfV5DZGui3TGVrp4l1cJkZro10Z/w0Le94ooPT9Iue9s0jBT /FEA== X-Gm-Message-State: APjAAAUx2tmAIuNA8oAaTCz+lJStavg+wCTyo5CwakxIOsyMXuRmX5nY cSGnn5WZJ8yeFBnUNfBrUJo= X-Google-Smtp-Source: APXvYqy35ID2kalnRZopmGnEWCBLThqKczYiLY/rC35gAIxUEa+THgEb4y2voVmHavCnFbNEpnRFQQ== X-Received: by 2002:adf:dbce:: with SMTP id e14mr59140093wrj.249.1555517726742; Wed, 17 Apr 2019 09:15:26 -0700 (PDT) Received: from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213]) by smtp.gmail.com with ESMTPSA id y1sm154976060wrd.34.2019.04.17.09.15.24 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 17 Apr 2019 09:15:25 -0700 (PDT) Date: Wed, 17 Apr 2019 18:15:22 +0200 From: Ingo Molnar To: Khalid Aziz Subject: Re: [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO) Message-ID: <20190417161042.GA43453@gmail.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190417_091530_166865_61EE5444 X-CRM114-Status: GOOD ( 14.80 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Dave Hansen , linux-doc@vger.kernel.org, linux-mm@kvack.org, deepa.srinivasan@oracle.com, "H. Peter Anvin" , Thomas Gleixner , tycho@tycho.ws, x86@kernel.org, iommu@lists.linux-foundation.org, jsteckli@amazon.de, Arjan van de Ven , Peter Zijlstra , konrad.wilk@oracle.com, jcm@redhat.com, Greg Kroah-Hartman , Borislav Petkov , Andy Lutomirski , boris.ostrovsky@oracle.com, chris.hyser@oracle.com, linux-arm-kernel@lists.infradead.org, Khalid Aziz , juergh@gmail.com, andrew.cooper3@citrix.com, linux-kernel@vger.kernel.org, tyhicks@canonical.com, linux-security-module@vger.kernel.org, Juerg Haefliger , keescook@google.com, Andrew Morton , Linus Torvalds , dwmw@amazon.co.uk Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org [ Sorry, had to trim the Cc: list from hell. Tried to keep all the mailing lists and all x86 developers. ] * Khalid Aziz wrote: > From: Juerg Haefliger > > This patch adds basic support infrastructure for XPFO which protects > against 'ret2dir' kernel attacks. The basic idea is to enforce > exclusive ownership of page frames by either the kernel or userspace, > unless explicitly requested by the kernel. Whenever a page destined for > userspace is allocated, it is unmapped from physmap (the kernel's page > table). When such a page is reclaimed from userspace, it is mapped back > to physmap. Individual architectures can enable full XPFO support using > this infrastructure by supplying architecture specific pieces. I have a higher level, meta question: Is there any updated analysis outlining why this XPFO overhead would be required on x86-64 kernels running on SMAP/SMEP CPUs which should be all recent Intel and AMD CPUs, and with kernel that mark all direct kernel mappings as non-executable - which should be all reasonably modern kernels later than v4.0 or so? I.e. the original motivation of the XPFO patches was to prevent execution of direct kernel mappings. Is this motivation still present if those mappings are non-executable? (Sorry if this has been asked and answered in previous discussions.) Thanks, Ingo _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel