Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

Dmitry Safonov <0x7f454...@gmail.com> wrote: > 2018-02-16 7:11 GMT+00:00 Cyrill Gorcunov : >> On Thu, Feb 15, 2018 at 11:29:42PM +, Andy Lutomirski wrote: >> ... >> +bool pti_handle_segment_not_present(long error_code) >> +{ >> + if

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

Dmitry Safonov <0x7f454...@gmail.com> wrote: > 2018-02-16 7:11 GMT+00:00 Cyrill Gorcunov : >> On Thu, Feb 15, 2018 at 11:29:42PM +, Andy Lutomirski wrote: >> ... >> +bool pti_handle_segment_not_present(long error_code) >> +{ >> + if (!static_cpu_has(X86_FEATURE_PTI)) >>

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

2018-02-16 7:11 GMT+00:00 Cyrill Gorcunov : > On Thu, Feb 15, 2018 at 11:29:42PM +, Andy Lutomirski wrote: > ... >> >>> +bool pti_handle_segment_not_present(long error_code) >> >>> +{ >> >>> + if (!static_cpu_has(X86_FEATURE_PTI)) >> >>> + return false;

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

2018-02-16 7:11 GMT+00:00 Cyrill Gorcunov : > On Thu, Feb 15, 2018 at 11:29:42PM +, Andy Lutomirski wrote: > ... >> >>> +bool pti_handle_segment_not_present(long error_code) >> >>> +{ >> >>> + if (!static_cpu_has(X86_FEATURE_PTI)) >> >>> + return false; >> >>> + >> >>> +

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

2018-02-15 20:02 GMT+00:00 Andy Lutomirski : > On Thu, Feb 15, 2018 at 4:36 PM, Nadav Amit wrote: >> Based on the understanding that there should be no way for userspace to >> address the kernel-space from compatibility mode, disable it while >> running in

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

2018-02-15 20:02 GMT+00:00 Andy Lutomirski : > On Thu, Feb 15, 2018 at 4:36 PM, Nadav Amit wrote: >> Based on the understanding that there should be no way for userspace to >> address the kernel-space from compatibility mode, disable it while >> running in compatibility mode as long as the 64-bit

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

>> On Feb 15, 2018, at 4:08 PM, Linus Torvalds >> wrote: >> >> On Thu, Feb 15, 2018 at 3:29 PM, Andy Lutomirski wrote: >> >> It's possible we could get away with adding the prctl but making the >> default be that only the bitness that matches

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

>> On Feb 15, 2018, at 4:08 PM, Linus Torvalds >> wrote: >> >> On Thu, Feb 15, 2018 at 3:29 PM, Andy Lutomirski wrote: >> >> It's possible we could get away with adding the prctl but making the >> default be that only the bitness that matches the program being run is >> allowed. After all,

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On Thu, Feb 15, 2018 at 11:29:42PM +, Andy Lutomirski wrote: ... > >>> +bool pti_handle_segment_not_present(long error_code) > >>> +{ > >>> + if (!static_cpu_has(X86_FEATURE_PTI)) > >>> + return false; > >>> + > >>> + if ((unsigned short)error_code !=

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On Thu, Feb 15, 2018 at 11:29:42PM +, Andy Lutomirski wrote: ... > >>> +bool pti_handle_segment_not_present(long error_code) > >>> +{ > >>> + if (!static_cpu_has(X86_FEATURE_PTI)) > >>> + return false; > >>> + > >>> + if ((unsigned short)error_code !=

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

Andy Lutomirski wrote: > On Fri, Feb 16, 2018 at 12:42 AM, Linus Torvalds > wrote: >> On Thu, Feb 15, 2018 at 4:22 PM, Nadav Amit wrote: >>> It is not too pretty, I agree, but it should do the work. There is only one >>>

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

Andy Lutomirski wrote: > On Fri, Feb 16, 2018 at 12:42 AM, Linus Torvalds > wrote: >> On Thu, Feb 15, 2018 at 4:22 PM, Nadav Amit wrote: >>> It is not too pretty, I agree, but it should do the work. There is only one >>> problematic descriptor that can be used to switch from compatibility-mode

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On Fri, Feb 16, 2018 at 12:42 AM, Linus Torvalds wrote: > On Thu, Feb 15, 2018 at 4:22 PM, Nadav Amit wrote: >> >> It is not too pretty, I agree, but it should do the work. There is only one >> problematic descriptor that can be used to switch

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On Fri, Feb 16, 2018 at 12:42 AM, Linus Torvalds wrote: > On Thu, Feb 15, 2018 at 4:22 PM, Nadav Amit wrote: >> >> It is not too pretty, I agree, but it should do the work. There is only one >> problematic descriptor that can be used to switch from compatibility-mode to >> long-mode in the GDT

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On Thu, Feb 15, 2018 at 4:22 PM, Nadav Amit wrote: > > It is not too pretty, I agree, but it should do the work. There is only one > problematic descriptor that can be used to switch from compatibility-mode to > long-mode in the GDT (LDT descriptors always have the L-bit

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On Thu, Feb 15, 2018 at 4:22 PM, Nadav Amit wrote: > > It is not too pretty, I agree, but it should do the work. There is only one > problematic descriptor that can be used to switch from compatibility-mode to > long-mode in the GDT (LDT descriptors always have the L-bit cleared). > Changing the

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On 16/02/2018 00:08, Linus Torvalds wrote: > On Thu, Feb 15, 2018 at 3:29 PM, Andy Lutomirski wrote: >> Linus, how would you feel about, by default, preventing 64-bit >> programs from long-jumping to __USER32_CS and vice versa? > How? It's a standard GDT entry. Are you going to

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On 16/02/2018 00:08, Linus Torvalds wrote: > On Thu, Feb 15, 2018 at 3:29 PM, Andy Lutomirski wrote: >> Linus, how would you feel about, by default, preventing 64-bit >> programs from long-jumping to __USER32_CS and vice versa? > How? It's a standard GDT entry. Are you going to start switching

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

Linus Torvalds wrote: > On Thu, Feb 15, 2018 at 3:29 PM, Andy Lutomirski wrote: >> It's possible we could get away with adding the prctl but making the >> default be that only the bitness that matches the program being run is >> allowed. After

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

Linus Torvalds wrote: > On Thu, Feb 15, 2018 at 3:29 PM, Andy Lutomirski wrote: >> It's possible we could get away with adding the prctl but making the >> default be that only the bitness that matches the program being run is >> allowed. After all, it's possible that CRIU is literally the only

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On Thu, Feb 15, 2018 at 3:29 PM, Andy Lutomirski wrote: > > It's possible we could get away with adding the prctl but making the > default be that only the bitness that matches the program being run is > allowed. After all, it's possible that CRIU is literally the only > program

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On Thu, Feb 15, 2018 at 3:29 PM, Andy Lutomirski wrote: > > It's possible we could get away with adding the prctl but making the > default be that only the bitness that matches the program being run is > allowed. After all, it's possible that CRIU is literally the only > program that switches

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On Thu, Feb 15, 2018 at 8:58 PM, Nadav Amit wrote: > Andy Lutomirski wrote: > >> On Thu, Feb 15, 2018 at 4:36 PM, Nadav Amit wrote: >>> Based on the understanding that there should be no way for userspace to >>> address the kernel-space

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On Thu, Feb 15, 2018 at 8:58 PM, Nadav Amit wrote: > Andy Lutomirski wrote: > >> On Thu, Feb 15, 2018 at 4:36 PM, Nadav Amit wrote: >>> Based on the understanding that there should be no way for userspace to >>> address the kernel-space from compatibility mode, disable it while >>> running in

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

Andy Lutomirski wrote: > On Thu, Feb 15, 2018 at 4:36 PM, Nadav Amit wrote: >> Based on the understanding that there should be no way for userspace to >> address the kernel-space from compatibility mode, disable it while >> running in compatibility mode as

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

Andy Lutomirski wrote: > On Thu, Feb 15, 2018 at 4:36 PM, Nadav Amit wrote: >> Based on the understanding that there should be no way for userspace to >> address the kernel-space from compatibility mode, disable it while >> running in compatibility mode as long as the 64-bit code segment of the

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On Thu, Feb 15, 2018 at 4:36 PM, Nadav Amit wrote: > Based on the understanding that there should be no way for userspace to > address the kernel-space from compatibility mode, disable it while > running in compatibility mode as long as the 64-bit code segment of the > user is

Re: [PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

On Thu, Feb 15, 2018 at 4:36 PM, Nadav Amit wrote: > Based on the understanding that there should be no way for userspace to > address the kernel-space from compatibility mode, disable it while > running in compatibility mode as long as the 64-bit code segment of the > user is not used. > >

[PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

Based on the understanding that there should be no way for userspace to address the kernel-space from compatibility mode, disable it while running in compatibility mode as long as the 64-bit code segment of the user is not used. Reenabling PTI is performed by restoring NX-bits to the userspace

[PATCH RFC v2 4/6] x86: Disable PTI on compatibility mode

Based on the understanding that there should be no way for userspace to address the kernel-space from compatibility mode, disable it while running in compatibility mode as long as the 64-bit code segment of the user is not used. Reenabling PTI is performed by restoring NX-bits to the userspace