Re: [PATCH 1/7] x86/cpu: Enumerate LASS CPUID and CR4 bits

From: Chen, Yian
Date: Wed Jan 11 2023 - 14:23:12 EST

Next message: Liam Howlett: "Re: [Regression] Bug 216911 - get_unmapped_area returns addresses below mmap_min_addr"
Previous message: Aaron Plattner: "Re: [PATCH 11/11] video/aperture: Only remove sysfb on the default vga pci device"
In reply to: Chen, Yian: "Re: [PATCH 1/7] x86/cpu: Enumerate LASS CPUID and CR4 bits"
Next in thread: Yian Chen: "[PATCH 2/7] x86: Add CONFIG option X86_LASS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/10/2023 12:14 PM, Sohil Mehta wrote:

On 1/9/2023 9:51 PM, Yian Chen wrote:

LASS (Linear Address Space Separation) is a CPU feature to
prevent speculative address access in user/kernel mode.

Would it be better to say?

LASS (Linear Address Space Separation) is a security feature that intends to prevent unintentional speculative address access across user/kernel mode.

Sure, I will revise the statement precisely.

LASS partitions 64-bit virtual address space into two
halves, lower address (LA[63]=0) and upper address
(LA[63]=1). It stops any data access or code execution
1. from upper half address space to any lower half address
2, from lower half address space to any upper half address
and generates #GP fault for a violation.

I am not sure if this is the best way to say it. The kernel already partitions the address space this way. LASS takes what is already the typical OS implementation and bakes it into the hardware architecture.

Yes, LASS by design matches the addressing usage in OS. I will try to include this in the statement.

In Linux, this means LASS does not allow both kernel code
to access any user space address and user code to access
any kernel space address.

There is clearly an overlap between the protections provided by paging and with SMAP and SMEP. It would be useful to paraphrase some of the information mentioned in the spec regarding how LASS differs from them.

Yes, I will differentiate between LASS and SMAP more clearly.

"With these mode-based protections, paging can prevent malicious software from directly reading or writing memory inappropriately. To enforce these protections, the processor must traverse the hierarchy of paging structures in memory. Unprivileged software can use timing information resulting from this traversal to determine details about the paging structures, and these details may be used to determine the layout of supervisor memory.

Linear-address space separation (LASS) is an independent mechanism that enforces the same mode-based protections as paging but without traversing the paging structures. Because the protections enforced by LASS are applied before paging, “probes” by malicious software will provide no paging-based timing information."

Yes, I will also state the advantage of LASS.

Signed-off-by: Yian Chen <yian.chen@xxxxxxxxx>
Reviewed-by: Tony Luck <tony.luck@xxxxxxxxx>

Thanks,
Yian

Next message: Liam Howlett: "Re: [Regression] Bug 216911 - get_unmapped_area returns addresses below mmap_min_addr"
Previous message: Aaron Plattner: "Re: [PATCH 11/11] video/aperture: Only remove sysfb on the default vga pci device"
In reply to: Chen, Yian: "Re: [PATCH 1/7] x86/cpu: Enumerate LASS CPUID and CR4 bits"
Next in thread: Yian Chen: "[PATCH 2/7] x86: Add CONFIG option X86_LASS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]