On 03/05/2018 11:04 PM, Ingo Molnar wrote:
> * H. Peter Anvin wrote:
>> On NX-enabled hardware NX works with PDE, but the PDPDT in general doesn't
>> have permission bits (it's really more of a set of four CR3s than a page
>> table level.)
> The 4 PDPDT entries are also shadowed in the CPU and are
On Mon, Mar 05, 2018 at 01:58:32PM -0800, Linus Torvalds wrote:
> On Mon, Mar 5, 2018 at 1:35 PM, Joerg Roedel wrote:
> > I could probably add some debug instrumentation to check for that in my
> > future testing, as there is no NX protection in the user address-range
> > for the kernel-cr3.
>
>
* H. Peter Anvin wrote:
> On NX-enabled hardware NX works with PDE, but the PDPDT in general doesn't
> have permission bits (it's really more of a set of four CR3s than a page
> table level.)
The 4 PDPDT entries are also shadowed in the CPU and are only refreshed
on CR3 loads, not spontaneously
On 03/05/18 13:58, Linus Torvalds wrote:
> On Mon, Mar 5, 2018 at 1:35 PM, Joerg Roedel wrote:
>> On Mon, Mar 05, 2018 at 12:50:33PM -0800, Linus Torvalds wrote:
>>>
>>> Ahh, good. So presumably Joerg actually did check it, just didn't even
>>> notice ;)
>>
>> Yeah, sort of. I ran the test, but i
On Mon, Mar 5, 2018 at 1:35 PM, Joerg Roedel wrote:
> On Mon, Mar 05, 2018 at 12:50:33PM -0800, Linus Torvalds wrote:
>>
>> Ahh, good. So presumably Joerg actually did check it, just didn't even
>> notice ;)
>
> Yeah, sort of. I ran the test, but it didn't catch the failure case in
> previous ver
On Mon, Mar 05, 2018 at 12:50:33PM -0800, Linus Torvalds wrote:
> On Mon, Mar 5, 2018 at 12:38 PM, Brian Gerst wrote:
> >
> > There already is a test: single_step_syscall.c
>
> Ahh, good. So presumably Joerg actually did check it, just didn't even notice
> ;)
Yeah, sort of. I ran the test, but
On Mon, Mar 5, 2018 at 12:38 PM, Brian Gerst wrote:
>
> There already is a test: single_step_syscall.c
Ahh, good. So presumably Joerg actually did check it, just didn't even notice ;)
Linus
On Mon, Mar 5, 2018 at 1:23 PM, Linus Torvalds
wrote:
> On Mon, Mar 5, 2018 at 5:12 AM, Joerg Roedel wrote:
>>
>>> The things is, we *know* that we will restore two segment registers with the
>>> user cr3 already loaded: CS and SS get restored with the final iret.
>>
>> Yeah, I know, but the iret
On Mon, Mar 05, 2018 at 10:23:59AM -0800, Linus Torvalds wrote:
> On Mon, Mar 5, 2018 at 5:12 AM, Joerg Roedel wrote:
> >
> >> The things is, we *know* that we will restore two segment registers with
> >> the
> >> user cr3 already loaded: CS and SS get restored with the final iret.
> >
> > Yeah,
On Mon, Mar 5, 2018 at 5:12 AM, Joerg Roedel wrote:
>
>> The things is, we *know* that we will restore two segment registers with the
>> user cr3 already loaded: CS and SS get restored with the final iret.
>
> Yeah, I know, but the iret-exception path is fine because it will
> deliver a SIGILL and
On Mon, Mar 5, 2018 at 11:44 AM, Joerg Roedel wrote:
> On Mon, Mar 05, 2018 at 09:51:29AM -0500, Brian Gerst wrote:
>> For the IRET fault case you will still need to catch it in the
>> exception code. See the 64-bit code (.Lerror_bad_iret) for example.
>> For 32-bit, you could just expand that ch
On Mon, Mar 05, 2018 at 09:51:29AM -0500, Brian Gerst wrote:
> For the IRET fault case you will still need to catch it in the
> exception code. See the 64-bit code (.Lerror_bad_iret) for example.
> For 32-bit, you could just expand that check to cover the whole exit
> prologue after the CR3 switch
On Mon, Mar 5, 2018 at 8:12 AM, Joerg Roedel wrote:
> On Mon, Mar 05, 2018 at 04:17:45AM -0800, Linus Torvalds wrote:
>> Restoring the segments can cause exceptions that need to be
>> handled. With PTI enabled, we still need to be on kernel cr3
>> when the exception happens. For the cr
On Mon, Mar 05, 2018 at 04:17:45AM -0800, Linus Torvalds wrote:
> Restoring the segments can cause exceptions that need to be
> handled. With PTI enabled, we still need to be on kernel cr3
> when the exception happens. For the cr3-switch we need
> at least one integer scratch regist
From: Joerg Roedel
Restoring the segments can cause exceptions that need to be
handled. With PTI enabled, we still need to be on kernel cr3
when the exception happens. For the cr3-switch we need
at least one integer scratch register, so we can't switch
with the user integer registers already load
15 matches
Mail list logo
