From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755710AbcEESk7 (ORCPT <rfc822;w@1wt.eu>);
	Thu, 5 May 2016 14:40:59 -0400
Received: from mail-wm0-f54.google.com ([74.125.82.54]:37123 "EHLO
	mail-wm0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751844AbcEESk6 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 5 May 2016 14:40:58 -0400
Date: Thu, 5 May 2016 20:40:52 +0200
From: Ingo Molnar <mingo@kernel.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>, Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@alien8.de>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>, X86 ML <x86@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH] [RFC] x86: work around MPX Erratum
Message-ID: <20160505184052.GA6110@gmail.com>
References: <20160502220341.9E8C34FC@viggo.jf.intel.com>
 <20160503064354.GA11112@gmail.com>
 <57291268.3060006@intel.com>
 <CALCETrUiaN9+BvEeO7n6L5AQmSrY_Y1LU7xftRjqvmKLcxROnQ@mail.gmail.com>
 <57291B88.6010702@intel.com>
 <CALCETrUuHWW70E9UtfjnHhJ92H5sVcWLUd-bsEcysEg7e3gPtA@mail.gmail.com>
 <20160504064400.GA18084@gmail.com>
 <CALCETrV46=nj+ZqW_c4GgUhyykypBRznDqUyngRceXEUPJMBoA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CALCETrV46=nj+ZqW_c4GgUhyykypBRznDqUyngRceXEUPJMBoA@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


* Andy Lutomirski <luto@amacapital.net> wrote:

> On Tue, May 3, 2016 at 11:44 PM, Ingo Molnar <mingo@kernel.org> wrote:
> >
> > * Andy Lutomirski <luto@amacapital.net> wrote:
> >
> >> On Tue, May 3, 2016 at 2:43 PM, Dave Hansen <dave.hansen@intel.com> wrote:
> >> > On 05/03/2016 02:31 PM, Andy Lutomirski wrote:
> >> >> Having actually read the erratum: how can this affect Linux at all
> >> >> under any scenario where user code hasn't already completely
> >> >> compromised the kernel?
> >> >>
> >> >> I.e. why do we care about this erratum?
> >> >
> >> > First of all, with SMEP, it doesn't affect us.  At all.
> >> >
> >> > Without SMEP, there would have to be a page accessible to userspace that the
> >> > kernel executes instructions from.  The only thing that I can think of that's
> >> > normally user-accessible and not _controlled_ by userspace is the VDSO.  But
> >> > the kernel never actually executes from it, so it doesn't matter here.
> >> >
> >> > I've heard reports of (but no actual cases in the wild of) folks remapping
> >> > kernel text to be user-accessible so that userspace can execute it, or of
> >> > having the kernel jump into user-provided libraries. Those are both obviously
> >> > bonkers and would only be done with out-of-tree gunk, but even if somebody did
> >> > that, they would be safe from the erratum, with this workaround.
> >>
> >> I'm not convinced this is worth adding any code for, though.  If someone adds
> >> out of tree crap that does this and manually turns off SMEP, I think they should
> >> get to keep both pieces.  Frankly, I think I'd *prefer* if the kernel crashed
> >> when calling user addresses like that just to discourage it.
> >
> > So the thing is, this doesn't have to be any (or much) code per se: my suggestion
> > was to make MPX depend on SMEP on the Kconfig level, so that it's not possible to
> > build MPX without having SMEP.
> 
> I don't think I understand that suggestion.  How can Kconfig protect against:
> 
> qemu -cpu host,-smep
> 
> ?

Right, it cannot - but I think the latest patch was pretty close and pretty 
simple.

Thanks,

	Ingo