On Thu, Jan 4, 2018 at 12:54 PM, Dave Hansen <dave.han...@linux.intel.com> wrote: > [...] > +For new userspace mappings, the kernel makes the entries in its > +page tables like normal. The only difference is when the kernel > +makes entries in the top (PGD) level. In addition to setting the > +entry in the main kernel PGD, a copy of the entry is made in the > +userspace page tables' PGD.
It might be worth noting that NX is set in the kernel's view of the userspace page tables. > [...] > +1. Increased Memory Use > + a. Each process now needs an order-1 PGD instead of order-0. > + (Consumes 4k per process). "Consumes an additional 4k per process" ? > [...] > + d. Process Context IDentifiers (PCID) is a CPU feature that > + allows us to skip flushing the entire TLB when switching page > + tables. This makes switching the page tables (at context > + switch, or kernel entry/exit) cheaper. But, on systems with > + PCID support, the context switch code must flush both the user > + and kernel entries out of the TLB. The user PCID TLB flush is > + deferred until the exit to userspace, minimizing the cost. Does this mean it's possible to bypass the NX on userspace pages? > [...] > + g. On systems without PCID support, each CR3 write flushes > + the entire TLB. That means that each syscall, interrupt > + or exception flushes the TLB. Is it worth clarifying this for hardware support of PCID vs INVPCID? Otherwise, looks good! Reviewed-by: Kees Cook <keesc...@chromium.org> -Kees -- Kees Cook Pixel Security
