lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9d935618-8f84-2d6e-4f4c-9d38eec2ba67@intel.com>
Date:   Tue, 10 Jan 2023 12:14:10 -0800
From:   Sohil Mehta <sohil.mehta@...el.com>
To:     Yian Chen <yian.chen@...el.com>, <linux-kernel@...r.kernel.org>,
        <x86@...nel.org>, Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Ravi Shankar <ravi.v.shankar@...el.com>,
        "Tony Luck" <tony.luck@...el.com>, Paul Lai <paul.c.lai@...el.com>
Subject: Re: [PATCH 1/7] x86/cpu: Enumerate LASS CPUID and CR4 bits

On 1/9/2023 9:51 PM, Yian Chen wrote:
> LASS (Linear Address Space Separation) is a CPU feature to
> prevent speculative address access in user/kernel mode.
> 

Would it be better to say?

LASS (Linear Address Space Separation) is a security feature that 
intends to prevent unintentional speculative address access across 
user/kernel mode.


> LASS partitions 64-bit virtual address space into two
> halves, lower address (LA[63]=0) and upper address
> (LA[63]=1). It stops any data access or code execution
>      1. from upper half address space to any lower half address
>      2, from lower half address space to any upper half address
> and generates #GP fault for a violation.
> 

I am not sure if this is the best way to say it. The kernel already 
partitions the address space this way. LASS takes what is already the 
typical OS implementation and bakes it into the hardware architecture.

> In Linux, this means LASS does not allow both kernel code
> to access any user space address and user code to access
> any kernel space address.
> 

There is clearly an overlap between the protections provided by paging 
and with SMAP and SMEP. It would be useful to paraphrase some of the 
information mentioned in the spec regarding how LASS differs from them.

"With these mode-based protections, paging can prevent malicious 
software from directly reading or writing memory inappropriately. To 
enforce these protections, the processor must traverse the hierarchy of 
paging structures in memory. Unprivileged software can use timing 
information resulting from this traversal to determine details about the 
paging structures, and these details may be used to determine the layout 
of supervisor memory.

Linear-address space separation (LASS) is an independent mechanism that 
enforces the same mode-based protections as paging but without 
traversing the paging structures. Because the protections enforced by 
LASS are applied before paging, “probes” by malicious software will 
provide no paging-based timing information."

> Signed-off-by: Yian Chen <yian.chen@...el.com>
> Reviewed-by: Tony Luck <tony.luck@...el.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ