On 01/04/2018 05:43 PM, Hector Martin 'marcan' wrote: > On 2018-01-05 09:24, Dave Hansen wrote: >> + Not specifying this option nothing is equivalent to >> + pti=auto. > > -nothing
Sure, will fix. >> +Page Table Isolation (pti, previously known as KAISER[1]) is a >> +countermeasure against attacks on kernel address information such >> +as the "Meltdown" approach[2]. > > It's not really just address information, but any data. Maybe "attacks > that leak kernel memory"? It's not just kernel leaks either, though. >> +To avoid leaking address information, we create an new, independent > > Same issue here. Also an -> a. Will fix. >> +copy of the page tables which are used only when running userspace > > are -> is. The copy is singular. I've reworded the sentence to remove the ambiguity. >> +applications. When the kernel is entered via syscalls, interrupts or >> +exceptions, page tables are switched to the full "kernel" copy. When > > "the page tables". No thanks. It's fine the way it is. >> +crippled by setting the NX bit in the top level. This ensures >> +that if a kernel->user CR3 switch is missed that userspace will >> +crash immediately upon executing its first instruction. > > "that userspace" -> "then userspace"
