All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 00/39 v8] PTI support for x86-32
@ 2018-07-18  9:40 Joerg Roedel
  2018-07-18  9:40 ` [PATCH 01/39] x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c Joerg Roedel
                   ` (40 more replies)
  0 siblings, 41 replies; 97+ messages in thread
From: Joerg Roedel @ 2018-07-18  9:40 UTC (permalink / raw)
  To: Thomas Gleixner, Ingo Molnar, H . Peter Anvin
  Cc: x86, linux-kernel, linux-mm, Linus Torvalds, Andy Lutomirski,
	Dave Hansen, Josh Poimboeuf, Juergen Gross, Peter Zijlstra,
	Borislav Petkov, Jiri Kosina, Boris Ostrovsky, Brian Gerst,
	David Laight, Denys Vlasenko, Eduardo Valentin, Greg KH,
	Will Deacon, aliguori, daniel.gruss, hughd, keescook,
	Andrea Arcangeli, Waiman Long, Pavel Machek,
	David H . Gutteridge, jroedel, joro

Hi,

here is version 8 of my patches to enable PTI on x86-32. The
last version got some good review which I mostly worked into
this version.

I didn't rebase it to v4.18-rc5, as that base didn't boot on
x86-32 because of a regression introduced by

	e181ae0c5db9 ('mm: zero unavailable pages before memmap init')

But that is already being worked on. The rebase I tried
showed no conflicts, so these patches should apply cleanly
there as well.

The changes to v7 are:

	* Fixed kbuild error (one patch failed to build)

	* Removed segment loading changes from SAVE_ALL

	* More restrictive entry-stack check in
	  SWITCH_TO_KERNEL_STACK

	* Renamed TSS_entry_stack to TSS_entry2task_stack

	* Documented properly what will go into TSS.sp1

	* Fixed comment for clearing high-bits of the dword
	  containing CS-slot in pt_regs

	* Fixed X86_FEATURE_PCID check for x86-32 in pti_init()

	* Made entry-debugging depend on CONFIG_DEBUG_ENTRY
	  instead of a new config option

	* Dropped cpu_current_top_of_stack->tss.sp1 patch.
	  It was actually subtly broken on x86-32 because
	  there is a difference between the task-stack
	  pointer and cpu_current_top_of_stack. The formula
	  is:

		task_stack = cpu_current_top_of_stack - padding
	
	  On x86-64 the padding is zero, so there is no
	  difference, but on x86-32 it is 8 or 16 bytes so
	  that cpu_current_top_of_stack can't point to
	  tss.sp1 without breaking current_pt_regs().

	* Renamed update_sp0 to update_task_stack() and made
	  that function update TSS.sp1 on x86-32. This is
	  also needed for VM86 mode. I think it can also be
	  implemented this way on x86-64, but that will be a
	  separate patch outside of this patch-set.

The patches still need fixes already in tip-tree to work
correctly. I merged these fixes into the branch I pushed to

	git://git.kernel.org/pub/scm/linux/kernel/git/joro/linux.git pti-x32-v8

for easier testing. The code survived >12h overnight testing
with my usual

	* 'perf top' for NMI load

	* x86-selftests in a loop (except mpx and pkeys
	  which are not supported on the machine)

	* kernel-compile in a loop

all in parallel. I also boot-tested x86-64 and !PAE config
again and ran my GLB-test to make sure that the global
mappings between user and kernel page-table are identical.
All that succeeded and showed no regressions.

Previous versions of this patch-set are:

	* For v7:
	  Post : https://lore.kernel.org/lkml/1531308586-29340-1-git-send-email-joro@8bytes.org/
	  Git  : git://git.kernel.org/pub/scm/linux/kernel/git/joro/linux.git pti-x32-v7

	* For v6:
	  Post : https://lore.kernel.org/lkml/1524498460-25530-1-git-send-email-joro@8bytes.org/
	  Git  : git://git.kernel.org/pub/scm/linux/kernel/git/joro/linux.git pti-x32-v6

	* For v5:
	  Post : https://marc.info/?l=linux-kernel&m=152389297705480&w=2
	  Git  : git://git.kernel.org/pub/scm/linux/kernel/git/joro/linux.git pti-x32-v5

	* For v4:
	  Post : https://marc.info/?l=linux-kernel&m=152122860630236&w=2
	  Git  : git://git.kernel.org/pub/scm/linux/kernel/git/joro/linux.git pti-x32-v4

	* For v3:
	  Post : https://marc.info/?l=linux-kernel&m=152024559419876&w=2
	  Git  : git://git.kernel.org/pub/scm/linux/kernel/git/joro/linux.git pti-x32-v3

	* For v2:
	  Post : https://marc.info/?l=linux-kernel&m=151816914932088&w=2
	  Git  : git://git.kernel.org/pub/scm/linux/kernel/git/joro/linux.git pti-x32-v2

Please review.

Thanks,

	Joerg


Joerg Roedel (39):
  x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c
  x86/entry/32: Rename TSS_sysenter_sp0 to TSS_entry2task_stack
  x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler
  x86/entry/32: Put ESPFIX code into a macro
  x86/entry/32: Unshare NMI return path
  x86/entry/32: Split off return-to-kernel path
  x86/entry/32: Enter the kernel via trampoline stack
  x86/entry/32: Leave the kernel via trampoline stack
  x86/entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI
  x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack
  x86/entry/32: Simplify debug entry point
  x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points
  x86/entry/32: Add PTI cr3 switches to NMI handler code
  x86/entry: Rename update_sp0 to update_task_stack
  x86/pgtable: Rename pti_set_user_pgd to pti_set_user_pgtbl
  x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled
  x86/pgtable/32: Allocate 8k page-tables when PTI is enabled
  x86/pgtable: Move pgdp kernel/user conversion functions to pgtable.h
  x86/pgtable: Move pti_set_user_pgtbl() to pgtable.h
  x86/pgtable: Move two more functions from pgtable_64.h to pgtable.h
  x86/mm/pae: Populate valid user PGD entries
  x86/mm/pae: Populate the user page-table with user pgd's
  x86/mm/legacy: Populate the user page-table with user pgd's
  x86/mm/pti: Add an overflow check to pti_clone_pmds()
  x86/mm/pti: Define X86_CR3_PTI_PCID_USER_BIT on x86_32
  x86/mm/pti: Clone CPU_ENTRY_AREA on PMD level on x86_32
  x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit
  x86/mm/pti: Keep permissions when cloning kernel text in
    pti_clone_kernel_text()
  x86/mm/pti: Introduce pti_finalize()
  x86/mm/pti: Clone entry-text again in pti_finalize()
  x86/mm/dump_pagetables: Define INIT_PGD
  x86/pgtable/pae: Use separate kernel PMDs for user page-table
  x86/ldt: Reserve address-space range on 32 bit for the LDT
  x86/ldt: Define LDT_END_ADDR
  x86/ldt: Split out sanity check in map_ldt_struct()
  x86/ldt: Enable LDT user-mapping for PAE
  x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32
  x86/mm/pti: Add Warning when booting on a PCID capable CPU
  x86/entry/32: Add debug code to check entry/exit cr3

 arch/x86/entry/entry_32.S                   | 624 +++++++++++++++++++++++-----
 arch/x86/include/asm/mmu_context.h          |   5 -
 arch/x86/include/asm/pgtable-2level.h       |   9 +
 arch/x86/include/asm/pgtable-2level_types.h |   3 +
 arch/x86/include/asm/pgtable-3level.h       |   7 +
 arch/x86/include/asm/pgtable-3level_types.h |   6 +-
 arch/x86/include/asm/pgtable.h              |  87 ++++
 arch/x86/include/asm/pgtable_32.h           |   2 -
 arch/x86/include/asm/pgtable_32_types.h     |   9 +-
 arch/x86/include/asm/pgtable_64.h           |  89 +---
 arch/x86/include/asm/pgtable_64_types.h     |   3 +
 arch/x86/include/asm/pgtable_types.h        |  28 +-
 arch/x86/include/asm/processor-flags.h      |   8 +-
 arch/x86/include/asm/pti.h                  |   3 +-
 arch/x86/include/asm/sections.h             |   1 +
 arch/x86/include/asm/switch_to.h            |  16 +-
 arch/x86/kernel/asm-offsets.c               |   5 +
 arch/x86/kernel/asm-offsets_32.c            |  10 +-
 arch/x86/kernel/asm-offsets_64.c            |   2 -
 arch/x86/kernel/cpu/common.c                |   5 +-
 arch/x86/kernel/head_32.S                   |  20 +-
 arch/x86/kernel/ldt.c                       | 137 ++++--
 arch/x86/kernel/process.c                   |   2 -
 arch/x86/kernel/process_32.c                |   2 +-
 arch/x86/kernel/process_64.c                |   2 +-
 arch/x86/kernel/vm86_32.c                   |   4 +-
 arch/x86/kernel/vmlinux.lds.S               |  17 +-
 arch/x86/mm/dump_pagetables.c               |  21 +-
 arch/x86/mm/init_64.c                       |   6 -
 arch/x86/mm/pgtable.c                       | 105 ++++-
 arch/x86/mm/pti.c                           |  73 +++-
 include/linux/pti.h                         |   1 +
 init/main.c                                 |   7 +
 security/Kconfig                            |   2 +-
 34 files changed, 1014 insertions(+), 307 deletions(-)

-- 
2.7.4


^ permalink raw reply	[flat|nested] 97+ messages in thread

end of thread, other threads:[~2018-10-18  6:22 UTC | newest]

Thread overview: 97+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-18  9:40 [PATCH 00/39 v8] PTI support for x86-32 Joerg Roedel
2018-07-18  9:40 ` [PATCH 01/39] x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c Joerg Roedel
2018-07-19 23:18   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 02/39] x86/entry/32: Rename TSS_sysenter_sp0 to TSS_entry2task_stack Joerg Roedel
2018-07-19 23:19   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 03/39] x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler Joerg Roedel
2018-07-19 23:19   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 04/39] x86/entry/32: Put ESPFIX code into a macro Joerg Roedel
2018-07-19 23:20   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 05/39] x86/entry/32: Unshare NMI return path Joerg Roedel
2018-07-19 23:21   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 06/39] x86/entry/32: Split off return-to-kernel path Joerg Roedel
2018-07-19 23:21   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 07/39] x86/entry/32: Enter the kernel via trampoline stack Joerg Roedel
2018-07-18 18:09   ` Brian Gerst
2018-07-19 20:52     ` Thomas Gleixner
2018-07-19 23:22   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 08/39] x86/entry/32: Leave " Joerg Roedel
2018-07-19 23:22   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 09/39] x86/entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI Joerg Roedel
2018-07-19 23:23   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 10/39] x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack Joerg Roedel
2018-07-19 23:23   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-10-12 18:29   ` [PATCH 10/39] " Jan Kiszka
2018-10-13  9:54     ` [PATCH] x86/entry/32: Fix setup of CS high bits Jan Kiszka
2018-10-13 15:12       ` Andy Lutomirski
2018-10-15 13:08         ` Jan Kiszka
2018-10-15 13:14           ` David Laight
2018-10-15 13:18             ` Jan Kiszka
2018-10-15 13:29               ` David Laight
2018-10-15  9:10       ` Joerg Roedel
2018-10-15 14:09       ` [PATCH v2] " Jan Kiszka
2018-10-15 14:09         ` Jan Kiszka
2018-10-15 15:09         ` [tip:x86/urgent] x86/entry/32: Clear the " tip-bot for Jan Kiszka
2018-10-18  6:21         ` tip-bot for Jan Kiszka
2018-07-18  9:40 ` [PATCH 11/39] x86/entry/32: Simplify debug entry point Joerg Roedel
2018-07-19 23:24   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 12/39] x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points Joerg Roedel
2018-07-19 23:24   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 13/39] x86/entry/32: Add PTI cr3 switches to NMI handler code Joerg Roedel
2018-07-19 23:25   ` [tip:x86/pti] x86/entry/32: Add PTI CR3 " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 14/39] x86/entry: Rename update_sp0 to update_task_stack Joerg Roedel
2018-07-19 23:25   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 15/39] x86/pgtable: Rename pti_set_user_pgd to pti_set_user_pgtbl Joerg Roedel
2018-07-19 23:26   ` [tip:x86/pti] x86/pgtable: Rename pti_set_user_pgd() to pti_set_user_pgtbl() tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 16/39] x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled Joerg Roedel
2018-07-19 23:26   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 17/39] x86/pgtable/32: Allocate 8k page-tables " Joerg Roedel
2018-07-19 23:27   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 18/39] x86/pgtable: Move pgdp kernel/user conversion functions to pgtable.h Joerg Roedel
2018-07-19 23:27   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 19/39] x86/pgtable: Move pti_set_user_pgtbl() " Joerg Roedel
2018-07-19 23:28   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 20/39] x86/pgtable: Move two more functions from pgtable_64.h " Joerg Roedel
2018-07-19 23:28   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 21/39] x86/mm/pae: Populate valid user PGD entries Joerg Roedel
2018-07-19 23:29   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:40 ` [PATCH 22/39] x86/mm/pae: Populate the user page-table with user pgd's Joerg Roedel
2018-07-19 23:30   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 23/39] x86/mm/legacy: " Joerg Roedel
2018-07-19 23:30   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 24/39] x86/mm/pti: Add an overflow check to pti_clone_pmds() Joerg Roedel
2018-07-19 23:31   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 25/39] x86/mm/pti: Define X86_CR3_PTI_PCID_USER_BIT on x86_32 Joerg Roedel
2018-07-19 23:31   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 26/39] x86/mm/pti: Clone CPU_ENTRY_AREA on PMD level " Joerg Roedel
2018-07-19 23:32   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 27/39] x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit Joerg Roedel
2018-07-19 23:32   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 28/39] x86/mm/pti: Keep permissions when cloning kernel text in pti_clone_kernel_text() Joerg Roedel
2018-07-19 23:33   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 29/39] x86/mm/pti: Introduce pti_finalize() Joerg Roedel
2018-07-19 23:33   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 30/39] x86/mm/pti: Clone entry-text again in pti_finalize() Joerg Roedel
2018-07-19 23:34   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 31/39] x86/mm/dump_pagetables: Define INIT_PGD Joerg Roedel
2018-07-19 23:34   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 32/39] x86/pgtable/pae: Use separate kernel PMDs for user page-table Joerg Roedel
2018-07-19 23:35   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-10-05 14:06   ` [PATCH 32/39] " Arnd Bergmann
2018-07-18  9:41 ` [PATCH 33/39] x86/ldt: Reserve address-space range on 32 bit for the LDT Joerg Roedel
2018-07-19 23:35   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 34/39] x86/ldt: Define LDT_END_ADDR Joerg Roedel
2018-07-19 23:36   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 35/39] x86/ldt: Split out sanity check in map_ldt_struct() Joerg Roedel
2018-07-19 23:36   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 36/39] x86/ldt: Enable LDT user-mapping for PAE Joerg Roedel
2018-07-19 23:37   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 37/39] x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 Joerg Roedel
2018-07-19 23:37   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 38/39] x86/mm/pti: Add Warning when booting on a PCID capable CPU Joerg Roedel
2018-07-19 23:38   ` [tip:x86/pti] " tip-bot for Joerg Roedel
2018-07-18  9:41 ` [PATCH 39/39] x86/entry/32: Add debug code to check entry/exit cr3 Joerg Roedel
2018-07-19 23:38   ` [tip:x86/pti] x86/entry/32: Add debug code to check entry/exit CR3 tip-bot for Joerg Roedel
2018-07-18 11:59 ` [PATCH 00/39 v8] PTI support for x86-32 Pavel Machek
2018-07-19 23:21 ` Thomas Gleixner
2018-07-20  7:59   ` Joerg Roedel

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.