Mark, and team,
Before going upstream (specifically to Greg), we would like your opinion on the following issue:
PAGE_TABLE_ISOLATION feature - to mitigate meltdown - is not enabled by default for i686 (X32) mainly because it depends on HIGHMEM and X86_PAE.
X86_PAE is NOT default on x86 32bit compilations and it gets only automatically selected if HIGHMEM64G is set (which would justify its need).
With that, right now, all 32-bit kernels generated with default config options are susceptible to meltdown vulnerability (https://bugs.linaro.org/show_bug.cgi?id=4135).
We are thinking on enabling CONFIG_PAGE_TABLE_ISOLATION (w/ CONFIG_X86_PAE and CONFIG_HIGHMEM64G options) for our x86 32-bit builds, but we aren't sure if we should ask upstream to consider the same, since X86_PAE does not look like something that should be default.
What do you think ? Thanks for your inputs!
Rafael
On Fri, 14 Dec 2018 at 15:28, Rafael David Tinoco rafael.tinoco@linaro.org wrote:
Mark, and team,
Copying in Arnd as well.
Before going upstream (specifically to Greg), we would like your opinion
on the following issue:
PAGE_TABLE_ISOLATION feature - to mitigate meltdown - is not enabled by default for i686 (X32) mainly because it depends on HIGHMEM and X86_PAE.
X86_PAE is NOT default on x86 32bit compilations and it gets only automatically selected if HIGHMEM64G is set (which would justify its need).
With that, right now, all 32-bit kernels generated with default config options are susceptible to meltdown vulnerability (https://bugs.linaro.org/show_bug.cgi?id=4135).
We are thinking on enabling CONFIG_PAGE_TABLE_ISOLATION (w/ CONFIG_X86_PAE and CONFIG_HIGHMEM64G options) for our x86 32-bit builds, but we aren't sure if we should ask upstream to consider the same, since X86_PAE does not look like something that should be default.
I don't really have a solid sense of what the right answer is, I think it's worth proposing upstream. It depends what the purpose of the defconfig is - if it's a recommended starting point for making your production configuration (in which case it's good to turn on all the security stuff probably) or if it's something else like a good starting point for your development testing (in which case perhaps meh). My sense is that it's something we have some expectation people will run in production so we should turn on security stuff but like I say that's not 100% solid.
What do you think ? Thanks for your inputs!
Rafael
Rafael D. Tinoco Linaro - Kernel Validation
On Fri, Dec 14, 2018 at 6:21 PM Mark Brown mark.brown@linaro.org wrote:
On Fri, 14 Dec 2018 at 15:28, Rafael David Tinoco rafael.tinoco@linaro.org wrote:
Mark, and team,
Copying in Arnd as well.
Before going upstream (specifically to Greg), we would like your opinion on the following issue:
PAGE_TABLE_ISOLATION feature - to mitigate meltdown - is not enabled by default for i686 (X32) mainly because it depends on HIGHMEM and X86_PAE.
X86_PAE is NOT default on x86 32bit compilations and it gets only automatically selected if HIGHMEM64G is set (which would justify its need).
With that, right now, all 32-bit kernels generated with default config options are susceptible to meltdown vulnerability (https://bugs.linaro.org/show_bug.cgi?id=4135).
We are thinking on enabling CONFIG_PAGE_TABLE_ISOLATION (w/ CONFIG_X86_PAE and CONFIG_HIGHMEM64G options) for our x86 32-bit builds, but we aren't sure if we should ask upstream to consider the same, since X86_PAE does not look like something that should be default.
I don't really have a solid sense of what the right answer is, I think it's worth proposing upstream. It depends what the purpose of the defconfig is - if it's a recommended starting point for making your production configuration (in which case it's good to turn on all the security stuff probably) or if it's something else like a good starting point for your development testing (in which case perhaps meh). My sense is that it's something we have some expectation people will run in production so we should turn on security stuff but like I say that's not 100% solid.
I'm fairly sure that the i386_defconfig file is fairly meaningless, nobody really uses it, and nobody has bothered to update it with PTI since it's just not that important.
In practice, very few people run 32-bit x86 kernels these days, and they tend to have specific needs that the defconfg won't meet.
I also see that a fairly recent commit 61a6bd83abf2 ("Revert "x86/mm/legacy: Populate the user page-table with user pgd's"") introduced the X86_PAE dependency, and before that it would have been enabled in the defconfig.
If you want to enable it, I recommend referencing that patch, and adding the people listed in the changelog to Cc as well, they might have an opinion.
Arnd
-
Arnd Bergmann -
Mark Brown -
Rafael David Tinoco