[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8ac54f52-5bf0-bf6c-2473-7f0cf2a1a957@intel.com>
Date: Tue, 10 Jan 2023 14:57:17 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: Yian Chen <yian.chen@...el.com>, linux-kernel@...r.kernel.org,
x86@...nel.org, Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Tony Luck <tony.luck@...el.com>,
Sohil Mehta <sohil.mehta@...el.com>,
Paul Lai <paul.c.lai@...el.com>
Subject: Re: [PATCH 0/7] Enable LASS (Linear Address space Separation)
On 1/9/23 21:51, Yian Chen wrote:
> LASS (Linear Address Space Separation) is a security
> extension that prevents speculative address accesses across
> user/kernel mode. The LASS details have been published in
> Chapter 11 in
> https://cdrdv2.intel.com/v1/dl/getContent/671368
>
> LASS works in 64-bit mode only and partitions the 64-bit
> virtual address space into two halves:
> 1. Lower half (LA[63]=0) --> user space
> 2. Upper half (LA[63]=1) --> kernel space
> When LASS is enabled, a general protection #GP(0) fault will
> be generated if software accesses the address from the half in
> which it resides to another half, e.g., either from user space
> to upper half, or from kernel space to lower half. This
> protection applies to data access, code execution, cache line
> flushing instructions.
This does a good job of explaining the nuts and bolts -- *what* LASS
does. It does a less good job of explaining why this was built, how it
can benefit end users and who cares about it.
LASS seemed really cool when we were reeling from Meltdown. It would
*obviously* have been a godsend five years ago. But, it's less clear
what role it plays today and how important it is.
Could you enlighten us, please?
Powered by blists - more mailing lists