Re: [PATCH] x86/doc: add PTI description

[Kees Cook]

On Thu, Jan 4, 2018 at 12:54 PM, Dave Hansen
<dave.hansen@xxxxxxxxxxxxxxx> wrote:
> [...]
> +For new userspace mappings, the kernel makes the entries in its
> +page tables like normal.  The only difference is when the kernel
> +makes entries in the top (PGD) level.  In addition to setting the
> +entry in the main kernel PGD, a copy of the entry is made in the
> +userspace page tables' PGD.

It might be worth noting that NX is set in the kernel's view of the
userspace page tables.

> [...]
> +1. Increased Memory Use
> +  a. Each process now needs an order-1 PGD instead of order-0.
> +     (Consumes 4k per process).

"Consumes an additional 4k per process" ?

> [...]
> +  d. Process Context IDentifiers (PCID) is a CPU feature that
> +     allows us to skip flushing the entire TLB when switching page
> +     tables.  This makes switching the page tables (at context
> +     switch, or kernel entry/exit) cheaper.  But, on systems with
> +     PCID support, the context switch code must flush both the user
> +     and kernel entries out of the TLB.  The user PCID TLB flush is
> +     deferred until the exit to userspace, minimizing the cost.

Does this mean it's possible to bypass the NX on userspace pages?

> [...]
> +  g. On systems without PCID support, each CR3 write flushes
> +     the entire TLB.  That means that each syscall, interrupt
> +     or exception flushes the TLB.

Is it worth clarifying this for hardware support of PCID vs INVPCID?

Otherwise, looks good!

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

-Kees

-- 
Kees Cook
Pixel Security