Re: [PATCH RFC v2 0/6] x86: Disabling PTI in compatibility mode
From: Nadav Amit
Date: Thu Feb 15 2018 - 19:25:40 EST
Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> wrote:
> On 02/15/2018 08:35 AM, Nadav Amit wrote:
>> I removed the PTI disabling while SMEP is unsupported, although I
>> must admit I did not fully understand why it is required.
>
> Do you mean you don't fully understand how PTI gives SMEP-like behavior
> on non-SMEP hardware?
No. I understand how it provide SMEP-like behavior, and I understand the value
of SMEP by itself.
However, I do not understand why SMEP-like protection is required to protect
processes that run in compatibility-mode from Meltdown/Spectre attacks. As
far as I understand, the process should not be able to manipulate the kernel
to execute code in the low 4GB.