Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Aug 2016 12:02:33 +0200
From: Ard Biesheuvel <>
To: Mark Rutland <>
Cc: Catalin Marinas <>, Kees Cook <>,, Will Deacon <>, 
	Julien Grall <>, James Morse <>, 
	"" <>
Subject: Re: [PATCH 0/7] arm64: Privileged Access Never
 using TTBR0_EL1 switching

On 15 August 2016 at 11:58, Mark Rutland <> wrote:
> On Mon, Aug 15, 2016 at 10:48:42AM +0100, Catalin Marinas wrote:
>> On Sat, Aug 13, 2016 at 11:13:58AM +0200, Ard Biesheuvel wrote:
>> > On 12 August 2016 at 17:27, Catalin Marinas <> wrote:
>> > > This is the first (public) attempt at emulating PAN by disabling
>> > > TTBR0_EL1 accesses on arm64.
>> >
>> > I take it using TCR_EL1.EPD0 is too expensive?
>> It would require full TLB invalidation on entering/exiting the kernel
>> and again for any user access. That's because the architecture allows
>> this bit to be cached in the TLB so without TLBI we wouldn't have any
>> guarantee that the actual PAN was toggled. I'm not sure it's even clear
>> whether a TLBI by ASID or a local one would suffice (likely OK for the
>> latter).
> It's worth noting that even ignoring the TLB-caching of TCR_EL1.EPD0, the
> control only affects the behaviour on a TLB miss. Thus to use EPD0 we'd at
> least need TLB invalidation by ASID to remove previously-allocated entries from
> TLBs.

... or update the ASID to the reserved ASID in TTBR0_EL1, but leave
the actual TTBR address alone.

This would remove the need for a zero page, and for recording the
original TTBR address in a per-cpu variable.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.