[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7635c45d-97b3-4773-95db-e61ad872ce22@intel.com>
Date: Tue, 7 Oct 2025 16:11:51 -0700
From: Sohil Mehta <sohil.mehta@...el.com>
To: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>, "tglx@...utronix.de"
<tglx@...utronix.de>, "mingo@...hat.com" <mingo@...hat.com>, "bp@...en8.de"
<bp@...en8.de>, "x86@...nel.org" <x86@...nel.org>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>
CC: "corbet@....net" <corbet@....net>, "ardb@...nel.org" <ardb@...nel.org>,
"david.laight.linux@...il.com" <david.laight.linux@...il.com>,
"luto@...nel.org" <luto@...nel.org>, "jpoimboe@...nel.org"
<jpoimboe@...nel.org>, "andrew.cooper3@...rix.com"
<andrew.cooper3@...rix.com>, "Luck, Tony" <tony.luck@...el.com>,
"alexander.shishkin@...ux.intel.com" <alexander.shishkin@...ux.intel.com>,
"kas@...nel.org" <kas@...nel.org>, "seanjc@...gle.com" <seanjc@...gle.com>,
"rdunlap@...radead.org" <rdunlap@...radead.org>, "dwmw@...zon.co.uk"
<dwmw@...zon.co.uk>, "vegard.nossum@...cle.com" <vegard.nossum@...cle.com>,
"xin@...or.com" <xin@...or.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, "linux-doc@...r.kernel.org"
<linux-doc@...r.kernel.org>, "kees@...nel.org" <kees@...nel.org>,
"hpa@...or.com" <hpa@...or.com>, "peterz@...radead.org"
<peterz@...radead.org>, "linux-efi@...r.kernel.org"
<linux-efi@...r.kernel.org>, "geert@...ux-m68k.org" <geert@...ux-m68k.org>
Subject: Re: [PATCH v10 04/15] x86/cpu: Set LASS CR4 bit as pinning sensitive
On 10/7/2025 11:24 AM, Edgecombe, Rick P wrote:
>> Security features such as LASS are not expected to be disabled once
>> initialized. Add LASS to the CR4 pinned mask.
>>
>
> I was debating whether we really need this, given the LASS and CR pinning threat
> models. CR pinning seems to be about after an attacker has already hijacked a
> control flow and is looking to escalate it into more control.
Can you please explain more? How is LASS different from SMAP and SMEP
for which the CR pinning code was initially added?
> We could maybe get
> away with dropping this and the following patch. But it would still be good to
> get a warning if it gets turned off inadvertently I think. It might be worth
> adding justification like that to the log.
My understanding from the previous discussions was that CR pinning
deferral might be beneficial independent of LASS.
https://lore.kernel.org/lkml/c59aa7ac-62a6-45ec-b626-de518b25f7d9@intel.com/
The pinning enforcement provides the warning and reprograms the bit.
Maybe, I've misunderstood your comment.
Powered by blists - more mailing lists