Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function

[Andy Lutomirski]

> On Jun 10, 2019, at 5:08 PM, Dave Hansen <dave.hansen@xxxxxxxxx> wrote:
> 
>> On 6/10/19 4:54 PM, Andy Lutomirski wrote:
>> Another benefit of kernel management: we could plausibly auto-clear
>> the bits corresponding to munmapped regions. Is this worth it?
> 
> I did it for MPX.  I think I even went to the trouble of zapping the
> whole pages that got unused.
> 
> But, MPX tables took 80% of the address space, worst-case.  This takes
> 0.003% :)  The only case it would really matter would be a task was
> long-running, used legacy executables/JITs, and was mapping/unmapping
> text all over the address space.  That seems rather unlikely.

Every wasted page still costs 4K plus page table overhead.  The worst case is a JIT that doesnât clean up and leaks legacy bitmap memory all over. We can blame the JIT, but the actual attribution could be complicated.

It also matters when you unmap one thing, map something else, and are sad when the legacy bits are still set.

Admittedly, itâs a bit hard to imagine the exploit that takes advantage of this.