Re: [PATCH 2/7] x86: Add CONFIG option X86_LASS
From: Sohil Mehta
Date: Tue Jan 10 2023 - 16:05:46 EST
The subject can be better stated as:
x86/Kconfig: Add config option for LASS
On 1/9/2023 9:51 PM, Yian Chen wrote:
LASS is an Intel x86-64 only feature.
Add CONFIG
option X86_LASS and flag DISABLE_LASS to choose
opt-in/out the feature from kernel binary.
The second sentence is unnecessary.
CONFIG_X86_LASS is enabled by default because it
is a security feature which should have little
to no overhead or side effects.
Doesn't it have a side effect that it modifies default vsyscall behavior?
I am guessing the impact of the vsyscall change would be minimal.
However, should LASS be disabled by default at least initially to
minimize the impact on userspace?
A follow-up patch can then enable this by default once the overall
impact is clearly known.
If any issues are
found with specific use cases, the CONFIG option
makes it easy to disable.
This sentence is unnecessary.
+config X86_LASS
+ def_bool y
+ prompt "Linear Address Space Separation"
+ depends on X86_64 && CPU_SUP_INTEL
+ help
+ Linear Address Space Separation (LASS) is a processor
+ feature that mitigates address space layout probes.
+
Let's try to be consistent about what LASS is expected to do. This
definition is very different from the one in patch 1/7.
Also, we should include some information here on how enabling the LASS
config option can impact vsyscall behavior.
+ if unsure, say Y.
+