On Fri, Jul 12, 2019 at 06:54:22AM -0700, Dave Hansen wrote: > On 7/12/19 5:50 AM, Peter Zijlstra wrote: > > PTI is not mapping kernel space to avoid speculation crap (meltdown). > > ASI is not mapping part of kernel space to avoid (different) speculation crap (MDS). > > > > See how very similar they are? > > That's an interesting point. > > I'd add that PTI maps a part of kernel space that partially overlaps > with what ASI wants. Right, wherever we put the boundary, we need whatever is required to cross it. > > But looking at it that way, it makes no sense to retain 3 address > > spaces, namely: > > > > user / kernel exposed / kernel private. > > > > Specifically, it makes no sense to expose part of the kernel through MDS > > but not through Meltdown. Therefore we can merge the user and kernel > > exposed address spaces. > > > > And then we've fully replaced PTI. > > So, in one address space (PTI/user or ASI), we say, "screw it" and all > the data mapped is exposed to speculation attacks. We have to be very > careful about what we map and expose here. Yes, which is why, in an earlier email, I've asked for a clear definition of 'sensitive" :-) > So, maybe we're not replacing PTI as much as we're growing PTI so that > we can run more kernel code with the (now inappropriately named) user > page tables. Right.
