Re: [RFC] x86: Avoid CR3 load on compatibility mode with PTI

From: Willy Tarreau
Date: Mon Jan 15 2018 - 14:53:14 EST

Next message: Madhani, Himanshu: "Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout"
Previous message: Roman Gushchin: "Re: [PATCH bpf-next] bpftool: recognize BPF_PROG_TYPE_CGROUP_DEVICE programs"
In reply to: Dave Hansen: "Re: [RFC] x86: Avoid CR3 load on compatibility mode with PTI"
Next in thread: Nadav Amit: "Re: [RFC] x86: Avoid CR3 load on compatibility mode with PTI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 15, 2018 at 11:49:19AM -0800, Dave Hansen wrote:
> If we start disabling PTI willy nilly at points _away_ from the
> capability checks (like for 32-bit binaries, say), then it gets really
> hard to decide if we are doing the right things.
>
> Also, what's the end goal here? Run old 32-bit binaries better? You
> want to weaken the security of the whole implementation to do that?
> Sounds like a bad tradeoff to me.

In fact I understand it differently, which is that by running 32-bit,
he can recover the original performance without sacrifying security.
It's not that bad actually when you think about it since the vast
majority of performance-sensitive software doesn't need to access
even one GB of data.

Willy

Next message: Madhani, Himanshu: "Re: [PATCH] drivers/scsi/qla2xxx: fix double free bug after firmware timeout"
Previous message: Roman Gushchin: "Re: [PATCH bpf-next] bpftool: recognize BPF_PROG_TYPE_CGROUP_DEVICE programs"
In reply to: Dave Hansen: "Re: [RFC] x86: Avoid CR3 load on compatibility mode with PTI"
Next in thread: Nadav Amit: "Re: [RFC] x86: Avoid CR3 load on compatibility mode with PTI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]