On 11/20/2017 09:21 AM, Thomas Gleixner wrote:
>> +KAISER logically keeps a "copy" of the page tables which unmap
>> +the kernel while in userspace. The kernel manages the page
>> +tables as normal, but the "copying" is done with a few tricks
>> +that mean that we do not have to manage two full
On 11/20/2017 09:21 AM, Thomas Gleixner wrote:
>> +KAISER logically keeps a "copy" of the page tables which unmap
>> +the kernel while in userspace. The kernel manages the page
>> +tables as normal, but the "copying" is done with a few tricks
>> +that mean that we do not have to manage two full
On 11/20/2017 09:21 AM, Thomas Gleixner wrote:
>> +}
>> +
>> static inline void native_set_p4d(p4d_t *p4dp, p4d_t p4d)
>> {
>> +#if defined(CONFIG_KAISER) && !defined(CONFIG_X86_5LEVEL)
>> +/*
>> + * set_pgd() does not get called when we are running
>> + * CONFIG_X86_5LEVEL=y. So,
On 11/20/2017 09:21 AM, Thomas Gleixner wrote:
>> +}
>> +
>> static inline void native_set_p4d(p4d_t *p4dp, p4d_t p4d)
>> {
>> +#if defined(CONFIG_KAISER) && !defined(CONFIG_X86_5LEVEL)
>> +/*
>> + * set_pgd() does not get called when we are running
>> + * CONFIG_X86_5LEVEL=y. So,
On 11/20/2017 09:21 AM, Thomas Gleixner wrote:
>> +page tables are switched to the full "kernel" copy. When the
>> +system switches back to user mode, the user/shadow copy is used.
>> +
>> +The minimalistic kernel portion of the user page tables try to
>> +map only what is needed to enter/exit
On 11/20/2017 09:21 AM, Thomas Gleixner wrote:
>> +page tables are switched to the full "kernel" copy. When the
>> +system switches back to user mode, the user/shadow copy is used.
>> +
>> +The minimalistic kernel portion of the user page tables try to
>> +map only what is needed to enter/exit
On 11/20/2017 09:21 AM, Thomas Gleixner wrote:
>> +pgd = native_get_shadow_pgd(pgd_offset_k(0UL));
>> +for (i = PTRS_PER_PGD / 2; i < PTRS_PER_PGD; i++) {
>> +unsigned long addr = PAGE_OFFSET + i * PGDIR_SIZE;
> This looks wrong. The kernel address space gets incremented by
On 11/20/2017 09:21 AM, Thomas Gleixner wrote:
>> +pgd = native_get_shadow_pgd(pgd_offset_k(0UL));
>> +for (i = PTRS_PER_PGD / 2; i < PTRS_PER_PGD; i++) {
>> +unsigned long addr = PAGE_OFFSET + i * PGDIR_SIZE;
> This looks wrong. The kernel address space gets incremented by
On Fri, 10 Nov 2017, Dave Hansen wrote:
> diff -puN arch/x86/entry/entry_64.S~kaiser-base arch/x86/entry/entry_64.S
> --- a/arch/x86/entry/entry_64.S~kaiser-base 2017-11-10 11:22:09.007244950
> -0800
> +++ b/arch/x86/entry/entry_64.S 2017-11-10 11:22:09.031244950 -0800
> @@ -145,6 +145,16
On Fri, 10 Nov 2017, Dave Hansen wrote:
> diff -puN arch/x86/entry/entry_64.S~kaiser-base arch/x86/entry/entry_64.S
> --- a/arch/x86/entry/entry_64.S~kaiser-base 2017-11-10 11:22:09.007244950
> -0800
> +++ b/arch/x86/entry/entry_64.S 2017-11-10 11:22:09.031244950 -0800
> @@ -145,6 +145,16
From: Dave Hansen
These patches are based on work from a team at Graz University of
Technology: https://github.com/IAIK/KAISER . This work would not have
been possible without their work as a starting point.
KAISER is a countermeasure against side channel attacks
From: Dave Hansen
These patches are based on work from a team at Graz University of
Technology: https://github.com/IAIK/KAISER . This work would not have
been possible without their work as a starting point.
KAISER is a countermeasure against side channel attacks against kernel
virtual
* Dave Hansen wrote:
> From: Dave Hansen
>
> These patches are based on work from a team at Graz University of
> Technology: https://github.com/IAIK/KAISER . This work would not have
> been possible without their work as a starting
* Dave Hansen wrote:
> From: Dave Hansen
>
> These patches are based on work from a team at Graz University of
> Technology: https://github.com/IAIK/KAISER . This work would not have
> been possible without their work as a starting point.
> Note: The original KAISER authors signed-off on
From: Dave Hansen
These patches are based on work from a team at Graz University of
Technology: https://github.com/IAIK/KAISER . This work would not have
been possible without their work as a starting point.
KAISER is a countermeasure against side channel attacks
From: Dave Hansen
These patches are based on work from a team at Graz University of
Technology: https://github.com/IAIK/KAISER . This work would not have
been possible without their work as a starting point.
KAISER is a countermeasure against side channel attacks against kernel
virtual
16 matches
Mail list logo