On Mon, 2018-08-20 at 15:59 -0700, Dave Hansen wrote: > On 08/20/2018 03:35 PM, Tycho Andersen wrote: > > Since meltdown hit, I haven't worked seriously on understand and > > implementing his suggestions, in part because it wasn't clear to me > > what pieces of the infrastructure we might be able to re-use. Someone > > who knows more about mm/ might be able to suggest an approach, though > > Unfortunately, I'm not sure there's much of KPTI we can reuse. KPTI > still has a very static kernel map (well, two static kernel maps) and > XPFO really needs a much more dynamic map. > > We do have a bit of infrastructure now to do TLB flushes near the kernel > exit point, but it's entirely for the user address space, which isn't > affected by XPFO. One option is to have separate kernel address spaces, both with and without the full physmap. If you need the physmap, then rather than manually mapping with 4KiB pages, you just switch. Having first ensured that no malicious guest or userspace is running on a sibling, of course. I'm not sure it's a win, but it might be worth looking at.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
