On Sun, 26 Aug 2018, Andy Lutomirski wrote: > > On Aug 26, 2018, at 9:47 AM, Kees Cook <keesc...@chromium.org> wrote: > >> On Sun, Aug 26, 2018 at 7:20 AM, Andy Lutomirski <l...@amacapital.net> > >> wrote: > >>> I tried to convince Ingo to use this method for doing "write rarely" > >>> and he soundly rejected it. :) I've always liked this because AFAICT, > >>> it's local to the CPU. I had proposed it in > >>> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=kspp/write-rarely&id=9ab0cb2618ebbc51f830ceaa06b7d2182fe1a52d > >> > >> Ingo, can you clarify why you hate it? I personally would rather use CR3, > >> but CR0 seems like a fine first step, at least for text_poke. > > > > Sorry, it looks like it was tglx, not Ingo: > > > > https://lkml.kernel.org/r/alpine.DEB.2.20.1704071048360.1716@nanos > > > > This thread is long, and one thing that I think went unanswered was > > "why do we want this to be fast?" the answer is: for doing page table > > updates. Page tables are becoming a bigger target for attacks now, and > > it's be nice if they could stay read-only unless they're getting > > updated (with something like this). > > > > > It kind of sounds like tglx would prefer the CR3 approach. And indeed my > patch has a serious problem wrt the NMI code.
That's exactly the problem I have with CR0. It leaves everything and some more writeable for any code which can interrupt that section. Performance wise CR0 is not that much better than CR3 except that it has the costs nicely hidden. Thanks, tglx