lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 4 Dec 2017 10:28:28 -0800
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        "the arch/x86 maintainers" <x86@...nel.org>,
        Andy Lutomirsky <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Dave Hansen <dave.hansen@...el.com>,
        Borislav Petkov <bpetkov@...e.de>,
        Greg KH <gregkh@...uxfoundation.org>,
        Kees Cook <keescook@...gle.com>,
        Hugh Dickins <hughd@...gle.com>,
        Brian Gerst <brgerst@...il.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Denys Vlasenko <dvlasenk@...hat.com>,
        Rik van Riel <riel@...hat.com>,
        Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        Juergen Gross <jgross@...e.com>,
        David Laight <David.Laight@...lab.com>,
        Eduardo Valentin <eduval@...zon.com>,
        "Liguori, Anthony" <aliguori@...zon.com>,
        Will Deacon <will.deacon@....com>,
        Daniel Gruss <daniel.gruss@...k.tugraz.at>
Subject: Re: [patch 00/60] x86/kpti: Kernel Page Table Isolation (was KAISER)

On Mon, Dec 4, 2017 at 10:18 AM, Thomas Gleixner <tglx@...utronix.de> wrote:
>>
>> How much of this is considered worth trying to integrate early?
>
> Probably the entry changes, but we need to sort out that fixmap issue first
> and that affects the entry changes as well. Give me a day or two and I can
> tell you.

Sure. I've skimmed through the patches, and a number of the early ones
seem to be "obviously safe and independently nice cleanups". Even the
sysenter stack setup etc that isn't really required without the other
work seems sane and fine.

In fact, I have to say that the patches themselves look very good.
Nothing made me go "Christ, what an ugly hack". Maybe that is because
of just the skimming through, but still, it was not an unpleasant
read-through.

The problem, of course, is how *subtle* all the interactions are, and
how one missed "oh, the CPU also needs this" makes for some really
nasty breakage.  So it may all look nice and clean, and then blow up
horribly in some very particular configuration.

And yes, paravirtualization is evil.

            Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ