Re: Linux 6.11-rc1

[Guenter Roeck]

On 7/31/24 09:17, Linus Torvalds wrote:
> On Wed, 31 Jul 2024 at 08:55, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> > Right, so Thomas found that i386-pti fails to map the entire entry text.
> > Specifically pti_clone_pgtable() hard relies -- and does not verify --
> > that the start address is aligned to the given granularity.
> >
> > Now, i386 does not align __entry_text_start, and so the termination
> > condition goes sideways and pte_clone_entry() does not always work right
> > and it becomes a games of code layout roulette.
>
> Lovely.
>
> > Also, should we just kill PTI on 32bit perhaps?
>
> I don't think there's much technical reason to keep it - I can't
> imagine any security-conscious people actually use 32-bit x86 any more
> - but apart from fixing this bug I wonder how much of a maintenance
> burden it is? I think most of the code is shared with 64-bit, isn't
> it? The 32-bit case in many ways is simpler, even if it happened to
> hit this odd alignment issue because it's obviously also a lot less
> tested.
>
> I'd rather kill highmem and X86_PAE, but I also suspect that horror
> has a much larger chance of still being used.

I guess there is at least one user - me with my annoying boot tests ;-).

But seriously the question is: How likely is it for that code to find
potential problems in the 64-bit code ? pti_clone_pgtable() doesn't
seem to be 32-bit specific.

Guenter