Hi Alan,
On Thu, Jan 25, 2018 at 05:09:25PM +, Alan Cox wrote:
> On Mon, 22 Jan 2018 09:56:25 +0100
> Joerg Roedel wrote:
>
> > Hey Nadav,
> >
> > On Sun, Jan 21, 2018 at 03:46:24PM -0800, Nadav Amit wrote:
> > > It does seem that segmentation provides sufficient protection from
> > > Melt
On Thu, Jan 25, 2018 at 02:09:40PM -0800, Nadav Amit wrote:
> The PoC apparently does not work with 3GB of memory or more on 32-bit. Does
> you setup has more? Can you try the attack while setting max_addr=1G ?
No, I tested on:
Pentium M (Dothan): 1.5 GB RAM, PAE for NX, 2GB/2GB split
CONFIG_NOH
Krzysztof Mazur wrote:
> On Tue, Jan 16, 2018 at 05:36:43PM +0100, Joerg Roedel wrote:
>> From: Joerg Roedel
>>
>> Hi,
>>
>> here is my current WIP code to enable PTI on x86-32. It is
>> still in a pretty early state, but it successfully boots my
>> KVM guest with PAE and with legacy paging. T
On Mon, 22 Jan 2018 09:56:25 +0100
Joerg Roedel wrote:
> Hey Nadav,
>
> On Sun, Jan 21, 2018 at 03:46:24PM -0800, Nadav Amit wrote:
> > It does seem that segmentation provides sufficient protection from
> > Meltdown.
>
> Thanks for testing this, if this turns out to be true for all affected
On Tue, Jan 16, 2018 at 05:36:43PM +0100, Joerg Roedel wrote:
> From: Joerg Roedel
>
> Hi,
>
> here is my current WIP code to enable PTI on x86-32. It is
> still in a pretty early state, but it successfully boots my
> KVM guest with PAE and with legacy paging. The existing PTI
> code for x86-64
On Mon, 22 Jan 2018 09:56:25 +0100
Joerg Roedel wrote:
> Hey Nadav,
>
> On Sun, Jan 21, 2018 at 03:46:24PM -0800, Nadav Amit wrote:
> > It does seem that segmentation provides sufficient protection from
> > Meltdown.
>
> Thanks for testing this, if this turns out to be true for all affected
> of timing requirements vs complexity. At least theoretically one could
> imagine a machine which would take the trap after the speculative
> machine had already chased the pointer loop several levels down; this
> would most likely mean separate uops to allow for the existing
> out-of-order machi
On 01/22/18 12:14, Linus Torvalds wrote:
> On Sun, Jan 21, 2018 at 6:20 PM, wrote:
>>
>> No idea about Intel, but at least on Transmeta CPUs the limit check was
>> asynchronous with the access.
>
> Yes, but TMTA had a really odd uarch and didn't check segment limits natively.
>
Only on TM3000
On Sun, Jan 21, 2018 at 6:20 PM, wrote:
>
> No idea about Intel, but at least on Transmeta CPUs the limit check was
> asynchronous with the access.
Yes, but TMTA had a really odd uarch and didn't check segment limits natively.
When you do it in hardware. the limit check is actually fairly natu
On Mon, Jan 22, 2018 at 09:55:31AM +, David Laight wrote:
> That's made me remember something about segment limits applying in 64bit mode.
> I really can't remember the details at all.
> I'm sure it had something to do with one of the VM implementations restricting
> memory accesses.
Some AMD
From: Nadav Amit
> Sent: 21 January 2018 23:46
>
> I wanted to see whether segments protection can be a replacement for PTI
> (yes, excluding SMEP emulation), or whether speculative execution “ignores”
> limit checks, similarly to the way paging protection is skipped.
That's made me remember some
Hey Nadav,
On Sun, Jan 21, 2018 at 03:46:24PM -0800, Nadav Amit wrote:
> It does seem that segmentation provides sufficient protection from Meltdown.
Thanks for testing this, if this turns out to be true for all affected
uarchs it would be a great and better way of protection than enabling
PTI.
On January 21, 2018 6:11:07 PM PST, Linus Torvalds
wrote:
>On Sun, Jan 21, 2018 at 3:46 PM, Nadav Amit
>wrote:
>> I wanted to see whether segments protection can be a replacement for
>PTI
>> (yes, excluding SMEP emulation), or whether speculative execution
>“ignores”
>> limit checks, similarly t
Linus Torvalds wrote:
> On Sun, Jan 21, 2018 at 3:46 PM, Nadav Amit wrote:
>> I wanted to see whether segments protection can be a replacement for PTI
>> (yes, excluding SMEP emulation), or whether speculative execution “ignores”
>> limit checks, similarly to the way paging protection is skipped
On Sun, Jan 21, 2018 at 3:46 PM, Nadav Amit wrote:
> I wanted to see whether segments protection can be a replacement for PTI
> (yes, excluding SMEP emulation), or whether speculative execution “ignores”
> limit checks, similarly to the way paging protection is skipped.
>
> It does seem that segme
I wanted to see whether segments protection can be a replacement for PTI
(yes, excluding SMEP emulation), or whether speculative execution “ignores”
limit checks, similarly to the way paging protection is skipped.
It does seem that segmentation provides sufficient protection from Meltdown.
The “re
Please ignore my previous email. I got it working… Sorry for the spam.
Nadav Amit wrote:
> I am looking on PTI on x86-32, but I did not mange to get the PoC to work on
> this setup (kaslr disabled, similar setup works on 64-bit).
>
> Did you use any PoC to “test” the protection?
>
> Thanks,
>
I am looking on PTI on x86-32, but I did not mange to get the PoC to work on
this setup (kaslr disabled, similar setup works on 64-bit).
Did you use any PoC to “test” the protection?
Thanks,
Nadav
Joerg Roedel wrote:
> From: Joerg Roedel
>
> Hi,
>
> here is my current WIP code to enable PT
On Fri 2018-01-19 12:07:26, Joerg Roedel wrote:
> Hey Pavel,
>
> On Fri, Jan 19, 2018 at 11:55:28AM +0100, Pavel Machek wrote:
> > Thanks for doing the work.
> >
> > I tried applying it on top of -next, and that did not succeed. Let me
> > try Linus tree...
>
> Thanks for your help with testing
Hey Pavel,
On Fri, Jan 19, 2018 at 11:55:28AM +0100, Pavel Machek wrote:
> Thanks for doing the work.
>
> I tried applying it on top of -next, and that did not succeed. Let me
> try Linus tree...
Thanks for your help with testing this patch-set, but I recommend to
wait for the next version, as r
Hi!
> From: Joerg Roedel
>
> Hi,
>
> here is my current WIP code to enable PTI on x86-32. It is
> still in a pretty early state, but it successfully boots my
> KVM guest with PAE and with legacy paging. The existing PTI
> code for x86-64 already prepares a lot of the stuff needed
> for 32 bit t
Hi Thomas,
thanks for your review, I'll work in your suggestions for the next post.
On Tue, Jan 16, 2018 at 10:20:40PM +0100, Thomas Gleixner wrote:
> On Tue, 16 Jan 2018, Joerg Roedel wrote:
> > 16 files changed, 333 insertions(+), 123 deletions(-)
>
> Impressively small and well done !
Than
Hi Andy,
thanks a lot for your review and input, especially on the entry-code
changes!
On Tue, Jan 16, 2018 at 02:26:22PM -0800, Andy Lutomirski wrote:
> On Tue, Jan 16, 2018 at 8:36 AM, Joerg Roedel wrote:
> > The code has not run on bare-metal yet, I'll test that in
> > the next days once I se
On Tue, Jan 16, 2018 at 8:36 AM, Joerg Roedel wrote:
> From: Joerg Roedel
>
> Hi,
>
> here is my current WIP code to enable PTI on x86-32. It is
> still in a pretty early state, but it successfully boots my
> KVM guest with PAE and with legacy paging. The existing PTI
> code for x86-64 already pr
On Tue, 16 Jan 2018, Joerg Roedel wrote:
> here is my current WIP code to enable PTI on x86-32. It is
> still in a pretty early state, but it successfully boots my
> KVM guest with PAE and with legacy paging. The existing PTI
> code for x86-64 already prepares a lot of the stuff needed
> for 32 bit
Hi Linus,
On Tue, Jan 16, 2018 at 10:59:01AM -0800, Linus Torvalds wrote:
> Yes, I'm very happy to see that this is actually not nearly as bad as
> I feared it might be,
Yeah, I was looking at the original PTI patches and my impression was
that a lot of the complicated stuff (like setting up the
On Tue, Jan 16, 2018 at 10:14:19AM -0800, Dave Hansen wrote:
> Joerg,
>
> Very cool!.
Thanks :)
> I really appreciate you putting this together. I don't see any real
> showstoppers or things that I think will *break* 64-bit. I just hope
> that we can merge this _slowly_ in case it breaks 64-bi
On 16/01/18 18:59, Linus Torvalds wrote:
> On Tue, Jan 16, 2018 at 8:36 AM, Joerg Roedel wrote:
>> One of the things that are surely broken is XEN_PV support.
>> I'd appreciate any help with testing and bugfixing on that
>> front.
> Xen PV and PTI don't work together even on x86-64 afaik, the Xen
On 01/16/2018 10:59 AM, Linus Torvalds wrote:
>> The code has not run on bare-metal yet, I'll test that in
>> the next days once I setup a 32 bit box again. I also havn't
>> tested Wine and DosEMU yet, so this might also be broken.
> .. and please run all the segment and syscall selfchecks that And
On Tue, Jan 16, 2018 at 8:36 AM, Joerg Roedel wrote:
>
> here is my current WIP code to enable PTI on x86-32. It is
> still in a pretty early state, but it successfully boots my
> KVM guest with PAE and with legacy paging. The existing PTI
> code for x86-64 already prepares a lot of the stuff need
Joerg,
Very cool!.
I really appreciate you putting this together. I don't see any real
showstoppers or things that I think will *break* 64-bit. I just hope
that we can merge this _slowly_ in case it breaks 64-bit along the way.
I didn't look at the assembly in too much detail.
31 matches
Mail list logo
