> On Jan 14, 2018, at 12:13 PM, Nadav Amit <[email protected]> wrote: > > Currently, when page-table isolation is on to prevent the Meltdown bug > (CVE-2017-5754), CR3 is always loaded on system-call and interrupt. > > However, it appears that this is an unnecessary measure when programs > run in compatibility mode. In this mode only 32-bit registers are > available, which means that there *should* be no way for the CPU to > access, even speculatively, memory that belongs to the kernel, which > sits in high addresses.
You're assuming that TIF_IA32 prevents the execution of 64-bit code. It doesn't. I've occasionally considered adding an opt-in hardening mechanism to enforce 32-bit or 64-bit execution, but we don't have this now. Anything like this would also need to spend on SMEP, I think -- the pseudo-SMEP granted by PTI is too valuable to give up on old boxes, I think.
