[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9d935618-8f84-2d6e-4f4c-9d38eec2ba67@intel.com>
Date: Tue, 10 Jan 2023 12:14:10 -0800
From: Sohil Mehta <sohil.mehta@...el.com>
To: Yian Chen <yian.chen@...el.com>, <linux-kernel@...r.kernel.org>,
<x86@...nel.org>, Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Ravi Shankar <ravi.v.shankar@...el.com>,
"Tony Luck" <tony.luck@...el.com>, Paul Lai <paul.c.lai@...el.com>
Subject: Re: [PATCH 1/7] x86/cpu: Enumerate LASS CPUID and CR4 bits
On 1/9/2023 9:51 PM, Yian Chen wrote:
> LASS (Linear Address Space Separation) is a CPU feature to
> prevent speculative address access in user/kernel mode.
>
Would it be better to say?
LASS (Linear Address Space Separation) is a security feature that
intends to prevent unintentional speculative address access across
user/kernel mode.
> LASS partitions 64-bit virtual address space into two
> halves, lower address (LA[63]=0) and upper address
> (LA[63]=1). It stops any data access or code execution
> 1. from upper half address space to any lower half address
> 2, from lower half address space to any upper half address
> and generates #GP fault for a violation.
>
I am not sure if this is the best way to say it. The kernel already
partitions the address space this way. LASS takes what is already the
typical OS implementation and bakes it into the hardware architecture.
> In Linux, this means LASS does not allow both kernel code
> to access any user space address and user code to access
> any kernel space address.
>
There is clearly an overlap between the protections provided by paging
and with SMAP and SMEP. It would be useful to paraphrase some of the
information mentioned in the spec regarding how LASS differs from them.
"With these mode-based protections, paging can prevent malicious
software from directly reading or writing memory inappropriately. To
enforce these protections, the processor must traverse the hierarchy of
paging structures in memory. Unprivileged software can use timing
information resulting from this traversal to determine details about the
paging structures, and these details may be used to determine the layout
of supervisor memory.
Linear-address space separation (LASS) is an independent mechanism that
enforces the same mode-based protections as paging but without
traversing the paging structures. Because the protections enforced by
LASS are applied before paging, “probes” by malicious software will
provide no paging-based timing information."
> Signed-off-by: Yian Chen <yian.chen@...el.com>
> Reviewed-by: Tony Luck <tony.luck@...el.com>
Powered by blists - more mailing lists