Hi-- On 6/20/25 6:53 AM, Kirill A. Shutemov wrote: > From: Sohil Mehta <sohil.mehta@xxxxxxxxx> > > Linear Address Space Separation (LASS) is a security feature that > intends to prevent malicious virtual address space accesses across > user/kernel mode. > > Such mode based access protection already exists today with paging and > features such as SMEP and SMAP. However, to enforce these protections, > the processor must traverse the paging structures in memory. Malicious > software can use timing information resulting from this traversal to > determine details about the paging structures, and these details may > also be used to determine the layout of the kernel memory. > > The LASS mechanism provides the same mode-based protections as paging > but without traversing the paging structures. Because the protections > enforced by LASS are applied before paging, software will not be able to > derive paging-based timing information from the various caching > structures such as the TLBs, mid-level caches, page walker, data caches, > etc. > > LASS enforcement relies on the typical kernel implementation to divide > the 64-bit virtual address space into two halves: > Addr[63]=0 -> User address space > Addr[63]=1 -> Kernel address space > > Any data access or code execution across address spaces typically > results in a #GP fault. > > The LASS enforcement for kernel data access is dependent on CR4.SMAP > being set. The enforcement can be disabled by toggling the RFLAGS.AC bit > similar to SMAP. > > Define the CPU feature bits to enumerate this feature and include > feature dependencies to reflect the same. > > Co-developed-by: Yian Chen <yian.chen@xxxxxxxxx> > Signed-off-by: Yian Chen <yian.chen@xxxxxxxxx> > Signed-off-by: Sohil Mehta <sohil.mehta@xxxxxxxxx> > Signed-off-by: Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx> > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> > --- > arch/x86/Kconfig.cpufeatures | 4 ++++ > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/smap.h | 22 +++++++++++++++++++-- > arch/x86/include/uapi/asm/processor-flags.h | 2 ++ > arch/x86/kernel/cpu/cpuid-deps.c | 1 + > tools/arch/x86/include/asm/cpufeatures.h | 1 + > 6 files changed, 29 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/Kconfig.cpufeatures b/arch/x86/Kconfig.cpufeatures > index 250c10627ab3..9574c198fc08 100644 > --- a/arch/x86/Kconfig.cpufeatures > +++ b/arch/x86/Kconfig.cpufeatures > @@ -124,6 +124,10 @@ config X86_DISABLED_FEATURE_PCID > def_bool y > depends on !X86_64 > > +config X86_DISABLED_FEATURE_LASS > + def_bool y > + depends on !X86_64 Please explain why this is !X86_64. Thanks. > + > config X86_DISABLED_FEATURE_PKU > def_bool y > depends on !X86_INTEL_MEMORY_PROTECTION_KEYS -- ~Randy
