Re: [RFC PATCH v3 6/8] x86/pti: don't mark the user PGD with _PAGE_NX.

From: Linus Torvalds
Date: Wed Jan 10 2018 - 14:54:25 EST

Next message: David Miller: "Re: [v2] net: gianfar_ptp: move set_fipers() to spinlock protecting area"
Previous message: Linus Torvalds: "Re: [RFC PATCH v2 6/6] x86/entry/pti: don't switch PGD on when pti_disable is set"
In reply to: Willy Tarreau: "[RFC PATCH v3 6/8] x86/pti: don't mark the user PGD with _PAGE_NX."
Next in thread: Andy Lutomirski: "Re: [RFC PATCH v3 6/8] x86/pti: don't mark the user PGD with _PAGE_NX."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 10, 2018 at 11:28 AM, Willy Tarreau <w@xxxxxx> wrote:
> Since we're going to keep running on the same PGD when returning to
> userspace for certain performance-critical tasks, we'll need the user
> pages to be executable. So this code disables the extra protection
> that was added consisting in marking user pages _PAGE_NX so that this
> pgd remains usable for userspace.

Yeah, no. This is wrong.

Sure, SMEP gives the same thing in most cases, but not for older CPU's.

So NX is a really nice way to make sure that PTI really does protect
against user-space gadgets.

We don't break that, and we definitely don't break that just because
of some broken notion of "let's make page table isolation per-thread".

Linus

Next message: David Miller: "Re: [v2] net: gianfar_ptp: move set_fipers() to spinlock protecting area"
Previous message: Linus Torvalds: "Re: [RFC PATCH v2 6/6] x86/entry/pti: don't switch PGD on when pti_disable is set"
In reply to: Willy Tarreau: "[RFC PATCH v3 6/8] x86/pti: don't mark the user PGD with _PAGE_NX."
Next in thread: Andy Lutomirski: "Re: [RFC PATCH v3 6/8] x86/pti: don't mark the user PGD with _PAGE_NX."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]