Re: [PATCH 05/23] x86, kaiser: unmap kernel from userspace page tables (core patch)
From: Dave Hansen
Date: Fri Jan 05 2018 - 00:18:09 EST
On 01/04/2018 08:16 PM, Yisheng Xie wrote:
>> === Page Table Poisoning ===
>>
>> KAISER has two copies of the page tables: one for the kernel and
>> one for when running in userspace.
>
> So, we have 2 page table, thinking about this case:
> If _ONE_ process includes _TWO_ threads, one run in user space, the other
> run in kernel, they can run in one core with Hyper-Threading, right?
Yes.
> So both userspace and kernel space is valid, right? And for one core
> with Hyper-Threading, they may share TLB, so the timing problem
> described in the paper may still exist?
No. The TLB is managed per logical CPU (hyperthread), as is the CR3
register that points to the page tables. Two threads running the same
process might use the same CR3 _value_, but that does not mean they
share TLB entries.
One thread *can* be in the kernel with the kernel page tables while the
other is in userspace with the user page tables active. They will even
use a different PCID/ASID for the same page tables normally.
> Can this case still be protected by KAISER?
Yes.