Re: [PATCHv6 01/16] x86/cpu: Enumerate the LASS feature bits

From: Randy Dunlap
Date: Fri Jun 20 2025 - 12:05:52 EST

Next message: Pasha Tatashin: "Re: [RFC v2 05/16] luo: luo_core: integrate with KHO"
Previous message: Michael Kelley: "RE: [PATCH] tools/hv: fcopy: Fix irregularities with size of ring buffer"
In reply to: H. Peter Anvin: "Re: [PATCHv6 01/16] x86/cpu: Enumerate the LASS feature bits"
Next in thread: Xin Li: "Re: [PATCHv6 01/16] x86/cpu: Enumerate the LASS feature bits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi--

On 6/20/25 6:53 AM, Kirill A. Shutemov wrote:
> From: Sohil Mehta <sohil.mehta@xxxxxxxxx>
>
> Linear Address Space Separation (LASS) is a security feature that
> intends to prevent malicious virtual address space accesses across
> user/kernel mode.
>
> Such mode based access protection already exists today with paging and
> features such as SMEP and SMAP. However, to enforce these protections,
> the processor must traverse the paging structures in memory. Malicious
> software can use timing information resulting from this traversal to
> determine details about the paging structures, and these details may
> also be used to determine the layout of the kernel memory.
>
> The LASS mechanism provides the same mode-based protections as paging
> but without traversing the paging structures. Because the protections
> enforced by LASS are applied before paging, software will not be able to
> derive paging-based timing information from the various caching
> structures such as the TLBs, mid-level caches, page walker, data caches,
> etc.
>
> LASS enforcement relies on the typical kernel implementation to divide
> the 64-bit virtual address space into two halves:
> Addr[63]=0 -> User address space
> Addr[63]=1 -> Kernel address space
>
> Any data access or code execution across address spaces typically
> results in a #GP fault.
>
> The LASS enforcement for kernel data access is dependent on CR4.SMAP
> being set. The enforcement can be disabled by toggling the RFLAGS.AC bit
> similar to SMAP.
>
> Define the CPU feature bits to enumerate this feature and include
> feature dependencies to reflect the same.
>
> Co-developed-by: Yian Chen <yian.chen@xxxxxxxxx>
> Signed-off-by: Yian Chen <yian.chen@xxxxxxxxx>
> Signed-off-by: Sohil Mehta <sohil.mehta@xxxxxxxxx>
> Signed-off-by: Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> ---
> arch/x86/Kconfig.cpufeatures | 4 ++++
> arch/x86/include/asm/cpufeatures.h | 1 +
> arch/x86/include/asm/smap.h | 22 +++++++++++++++++++--
> arch/x86/include/uapi/asm/processor-flags.h | 2 ++
> arch/x86/kernel/cpu/cpuid-deps.c | 1 +
> tools/arch/x86/include/asm/cpufeatures.h | 1 +
> 6 files changed, 29 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/Kconfig.cpufeatures b/arch/x86/Kconfig.cpufeatures
> index 250c10627ab3..9574c198fc08 100644
> --- a/arch/x86/Kconfig.cpufeatures
> +++ b/arch/x86/Kconfig.cpufeatures
> @@ -124,6 +124,10 @@ config X86_DISABLED_FEATURE_PCID
> def_bool y
> depends on !X86_64
>
> +config X86_DISABLED_FEATURE_LASS
> + def_bool y
> + depends on !X86_64

Please explain why this is !X86_64.
Thanks.

> +
> config X86_DISABLED_FEATURE_PKU
> def_bool y
> depends on !X86_INTEL_MEMORY_PROTECTION_KEYS

--
~Randy

Next message: Pasha Tatashin: "Re: [RFC v2 05/16] luo: luo_core: integrate with KHO"
Previous message: Michael Kelley: "RE: [PATCH] tools/hv: fcopy: Fix irregularities with size of ring buffer"
In reply to: H. Peter Anvin: "Re: [PATCHv6 01/16] x86/cpu: Enumerate the LASS feature bits"
Next in thread: Xin Li: "Re: [PATCHv6 01/16] x86/cpu: Enumerate the LASS feature bits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]