From: Sohil Mehta <sohil.mehta@intel.com>
To: Yian Chen <yian.chen@intel.com>, <linux-kernel@vger.kernel.org>,
<x86@kernel.org>, Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Ravi Shankar <ravi.v.shankar@intel.com>,
"Tony Luck" <tony.luck@intel.com>,
Paul Lai <paul.c.lai@intel.com>
Subject: Re: [PATCH 1/7] x86/cpu: Enumerate LASS CPUID and CR4 bits
Date: Tue, 10 Jan 2023 12:14:10 -0800 [thread overview]
Message-ID: <9d935618-8f84-2d6e-4f4c-9d38eec2ba67@intel.com> (raw)
In-Reply-To: <20230110055204.3227669-2-yian.chen@intel.com>
On 1/9/2023 9:51 PM, Yian Chen wrote:
> LASS (Linear Address Space Separation) is a CPU feature to
> prevent speculative address access in user/kernel mode.
>
Would it be better to say?
LASS (Linear Address Space Separation) is a security feature that
intends to prevent unintentional speculative address access across
user/kernel mode.
> LASS partitions 64-bit virtual address space into two
> halves, lower address (LA[63]=0) and upper address
> (LA[63]=1). It stops any data access or code execution
> 1. from upper half address space to any lower half address
> 2, from lower half address space to any upper half address
> and generates #GP fault for a violation.
>
I am not sure if this is the best way to say it. The kernel already
partitions the address space this way. LASS takes what is already the
typical OS implementation and bakes it into the hardware architecture.
> In Linux, this means LASS does not allow both kernel code
> to access any user space address and user code to access
> any kernel space address.
>
There is clearly an overlap between the protections provided by paging
and with SMAP and SMEP. It would be useful to paraphrase some of the
information mentioned in the spec regarding how LASS differs from them.
"With these mode-based protections, paging can prevent malicious
software from directly reading or writing memory inappropriately. To
enforce these protections, the processor must traverse the hierarchy of
paging structures in memory. Unprivileged software can use timing
information resulting from this traversal to determine details about the
paging structures, and these details may be used to determine the layout
of supervisor memory.
Linear-address space separation (LASS) is an independent mechanism that
enforces the same mode-based protections as paging but without
traversing the paging structures. Because the protections enforced by
LASS are applied before paging, “probes” by malicious software will
provide no paging-based timing information."
> Signed-off-by: Yian Chen <yian.chen@intel.com>
> Reviewed-by: Tony Luck <tony.luck@intel.com>
next prev parent reply other threads:[~2023-01-10 20:14 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-10 5:51 [PATCH 0/7] Enable LASS (Linear Address space Separation) Yian Chen
2023-01-10 5:51 ` [PATCH 1/7] x86/cpu: Enumerate LASS CPUID and CR4 bits Yian Chen
2023-01-10 20:14 ` Sohil Mehta [this message]
2023-01-11 0:13 ` Dave Hansen
2023-01-11 23:23 ` Chen, Yian
2023-01-12 0:06 ` Luck, Tony
2023-01-12 0:15 ` Chen, Yian
2023-01-11 19:21 ` Chen, Yian
2023-01-10 5:51 ` [PATCH 2/7] x86: Add CONFIG option X86_LASS Yian Chen
2023-01-10 21:05 ` Sohil Mehta
2023-01-12 0:13 ` Chen, Yian
2023-01-10 5:52 ` [PATCH 3/7] x86/cpu: Disable kernel LASS when patching kernel alternatives Yian Chen
2023-01-10 21:04 ` Peter Zijlstra
2023-01-11 1:01 ` Chen, Yian
2023-01-11 9:10 ` Peter Zijlstra
2023-01-10 22:41 ` Sohil Mehta
2023-01-12 0:27 ` Chen, Yian
2023-01-12 0:37 ` Dave Hansen
2023-01-12 18:36 ` Chen, Yian
2023-01-12 18:48 ` Dave Hansen
2023-02-01 2:25 ` Sohil Mehta
2023-02-01 18:20 ` Dave Hansen
2023-02-01 2:10 ` Sohil Mehta
2023-01-10 5:52 ` [PATCH 4/7] x86/vsyscall: Setup vsyscall to compromise LASS protection Yian Chen
2023-01-11 0:34 ` Sohil Mehta
2023-01-12 1:43 ` Chen, Yian
2023-01-12 2:49 ` Sohil Mehta
2023-01-21 4:09 ` Andy Lutomirski
2023-01-10 5:52 ` [PATCH 5/7] x86/cpu: Enable LASS (Linear Address Space Separation) Yian Chen
2023-01-11 22:22 ` Sohil Mehta
2023-01-12 17:56 ` Chen, Yian
2023-01-12 18:17 ` Dave Hansen
2023-01-13 1:17 ` Sohil Mehta
2023-01-13 19:39 ` Sohil Mehta
2023-01-10 5:52 ` [PATCH 6/7] x86/cpu: Set LASS as pinning sensitive CR4 bit Yian Chen
2023-01-10 5:52 ` [PATCH 7/7] x86/kvm: Expose LASS feature to VM guest Yian Chen
2023-02-07 3:21 ` Wang, Lei
2023-02-09 17:18 ` Sean Christopherson
2023-01-10 19:48 ` [PATCH 0/7] Enable LASS (Linear Address space Separation) Sohil Mehta
2023-01-10 22:57 ` Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9d935618-8f84-2d6e-4f4c-9d38eec2ba67@intel.com \
--to=sohil.mehta@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=paul.c.lai@intel.com \
--cc=ravi.v.shankar@intel.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=yian.chen@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox