Re: [PATCH 1/7] x86/cpu: Enumerate LASS CPUID and CR4 bits

[Chen, Yian]

On 1/10/2023 4:13 PM, Dave Hansen wrote:
> On 1/10/23 12:14, Sohil Mehta wrote:
> > On 1/9/2023 9:51 PM, Yian Chen wrote:
> > > LASS (Linear Address Space Separation) is a CPU feature to
> > > prevent speculative address access in user/kernel mode.
> >
> > Would it be better to say?
> >
> > LASS (Linear Address Space Separation) is a security feature that
> > intends to prevent unintentional speculative address access across
> > user/kernel mode.
>
> It's more than that, though.  The spec actually says this pretty nicely:
> >> Linear-address space separation (LASS) is an independent mechanism
> > that enforces the same mode-based protections as paging but without
> > traversing the paging structures. Because the protections enforced by
> > LASS are applied before paging, “probes” by malicious software will
> > provide no paging-based timing information
>
> So, it's not _just_ that it can prevent some speculative accesses.  It
> completely short-circuits paging itself and *ALL* of the baggage that
> goes along with paging.
>
> The TLB, mid-level caches, the page walker itself, the data cache
> impact...  all of it.  Gone.
>
> *THAT* is the important part here, IMNHO.
sure, how about if I rewrite the 1st paragraph as follows:

LASS (Linear Address Space Separation) is an independent security 
mechanism that enforces kernel and user mode-base protections, similar 
to Intel SMAP/SMEP in kernel mode, but enhanced without traversing the 
paging structures. Therefore, the protection will not leak paging-based 
timing information and prevent malicious software from probing the info. 
The LASS details have been published in Chapter 11 in
https://cdrdv2.intel.com/v1/dl/getContent/671368