On Thu, Feb 15, 2018 at 4:22 PM, Nadav Amit <nadav.a...@gmail.com> wrote: > > It is not too pretty, I agree, but it should do the work. There is only one > problematic descriptor that can be used to switch from compatibility-mode to > long-mode in the GDT (LDT descriptors always have the L-bit cleared). > Changing the descriptor's present bit on context switch when needed can do > the work.
Sure, I can see it working, but it's some really shady stuff, and now the scheduler needs to save/restore/check one more subtle bit. And if you get it wrong, things will happily work, except you've now defeated PTI. But you'll never notice, because you won't be testing for it, and the only people who will are the black hats. This is exactly the "security depends on it being in sync" thing that makes me go "eww" about the whole model. Get one thing wrong, and you'll blow all the PTI code out of the water. So now you tried to optimize one small case that most people won't use, but the downside is that you may make all our PTI work (and all the overhead for all the _normal_ cases) pointless. Linus