Re: [PATCH] x86/doc: add PTI description

On 01/04/2018 04:06 PM, Kees Cook wrote: >> + d. Process Context IDentifiers (PCID) is a CPU feature that >> + allows us to skip flushing the entire TLB when switching page >> + tables. This makes switching the page tables (at context >> + switch, or kernel entry/exit) cheaper. But,

Re: [PATCH] x86/doc: add PTI description

On 01/04/2018 04:06 PM, Kees Cook wrote: >> + d. Process Context IDentifiers (PCID) is a CPU feature that >> + allows us to skip flushing the entire TLB when switching page >> + tables. This makes switching the page tables (at context >> + switch, or kernel entry/exit) cheaper. But,

Re: [PATCH] x86/doc: add PTI description

On Thu, Jan 4, 2018 at 12:54 PM, Dave Hansen wrote: > [...] > +For new userspace mappings, the kernel makes the entries in its > +page tables like normal. The only difference is when the kernel > +makes entries in the top (PGD) level. In addition to setting the >

Re: [PATCH] x86/doc: add PTI description

On Thu, Jan 4, 2018 at 12:54 PM, Dave Hansen wrote: > [...] > +For new userspace mappings, the kernel makes the entries in its > +page tables like normal. The only difference is when the kernel > +makes entries in the top (PGD) level. In addition to setting the > +entry in the main kernel PGD,

Re: [PATCH] x86/doc: add PTI description

On Thu, 4 Jan 2018, Dave Hansen wrote: > > - pti=[X86_64] > + pti=[X86_64] Disable Page Table Isolation of user and That description is definitely wrong > + kernel address spaces. Disabling this feature > + removes

Re: [PATCH] x86/doc: add PTI description

On Thu, 4 Jan 2018, Dave Hansen wrote: > > - pti=[X86_64] > + pti=[X86_64] Disable Page Table Isolation of user and That description is definitely wrong > + kernel address spaces. Disabling this feature > + removes

[PATCH] x86/doc: add PTI description

This got kicked out of the PTI set as the implementation diverged from its contents. I've updated it so it can hopefully rejoin the set. --- From: Dave Hansen Add some details about how PTI works, what some of the downsides are, and how to debug it when things go

[PATCH] x86/doc: add PTI description

This got kicked out of the PTI set as the implementation diverged from its contents. I've updated it so it can hopefully rejoin the set. --- From: Dave Hansen Add some details about how PTI works, what some of the downsides are, and how to debug it when things go wrong. Also document the

Re: [PATCH] x86/doc: add PTI description

>> +copy of the page tables which are used only when running userspace >> +applications. When the kernel is entered via syscalls, interrupts or >> +exceptions, page tables are switched to the full "kernel" copy. When >> +the system switches back to user mode, the user copy is used again. > >

Re: [PATCH] x86/doc: add PTI description

>> +copy of the page tables which are used only when running userspace >> +applications. When the kernel is entered via syscalls, interrupts or >> +exceptions, page tables are switched to the full "kernel" copy. When >> +the system switches back to user mode, the user copy is used again. > >

Re: [PATCH] x86/doc: add PTI description

On 12/18/2017 02:04 PM, Dave Hansen wrote: > This got kicked out of the PTI set as the implementation diverged > from its contents. I've updated it so it can hopefully rejoin the > set. > > --- > > From: Dave Hansen > > Add some details about how PTI works, what

Re: [PATCH] x86/doc: add PTI description

On 12/18/2017 02:04 PM, Dave Hansen wrote: > This got kicked out of the PTI set as the implementation diverged > from its contents. I've updated it so it can hopefully rejoin the > set. > > --- > > From: Dave Hansen > > Add some details about how PTI works, what some of the downsides > are,

[PATCH] x86/doc: add PTI description

This got kicked out of the PTI set as the implementation diverged from its contents. I've updated it so it can hopefully rejoin the set. --- From: Dave Hansen Add some details about how PTI works, what some of the downsides are, and how to debug it when things go

[PATCH] x86/doc: add PTI description

This got kicked out of the PTI set as the implementation diverged from its contents. I've updated it so it can hopefully rejoin the set. --- From: Dave Hansen Add some details about how PTI works, what some of the downsides are, and how to debug it when things go wrong. Also document the