From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752473AbdLDQvA (ORCPT ); Mon, 4 Dec 2017 11:51:00 -0500 Received: from Galois.linutronix.de ([146.0.238.70]:59727 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752080AbdLDQuu (ORCPT ); Mon, 4 Dec 2017 11:50:50 -0500 Message-Id: <20171204140706.296109558@linutronix.de> User-Agent: quilt/0.63-1 Date: Mon, 04 Dec 2017 15:07:06 +0100 From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Linus Torvalds , Andy Lutomirsky , Peter Zijlstra , Dave Hansen , Borislav Petkov , Greg KH , keescook@google.com, hughd@google.com, Brian Gerst , Josh Poimboeuf , Denys Vlasenko , Rik van Riel , Boris Ostrovsky , Juergen Gross , David Laight , Eduardo Valentin , aliguori@amazon.com, Will Deacon , daniel.gruss@iaik.tugraz.at Subject: [patch 00/60] x86/kpti: Kernel Page Table Isolation (was KAISER) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This series is a major overhaul of the KAISER patches: 1) Entry code Mostly the same, except for a handful of fixlets and delta improvements folded into the corresponding patches New: Map TSS read only into the user space visible mapping This is 64bit only, as 32bit needs the TSS mapped RW AMD confirmed that there is no issue with that. It would be nice to get confirmation from Intel as well. 2) Namespace Several people including Linus requested to change the KAISER name. We came up with a list of technically correct acronyms: User Address Space Separation, prefix uass_ Forcefully Unmap Complete Kernel With Interrupt Trampolines, prefix fuckwit_ but we are politically correct people so we settled for Kernel Page Table Isolation, prefix kpti_ Linus, your call :) 3) The actual isolation patches - Replaced the magic kaiser_add/remove_mapping() code by mapping everything which needs to be shared with user space into the fixmap - PMD aligned the shared fixmap so the PTE page can be shared between user and kernel space page tables - Integrated all fixes and Peters rewrite of the PCID/TLB flush code. - Restructured the patch set in a way that it is simpler to review - Got rid of the strange wording of shadow page tables, because they are not shadowish at all. KASAN, virt etc. use shadows, but these tables are actively in use and integral part of the functionality - Moved the debugfs files into a new directory so they don't clutter the debugfs root directory. LIMITATIONS: - allmod/yes config builds fail right now because the fixmap grows too large and breaks the EFI assumptions. This is still investigated. A possible solution is just to use one of the address space holes and grab a separate pgdir to map the cpu entry area. Not hard to do and it wont change much of the principle of these patches. TODOs: - This needs a thorough review again. Sorry. - Please verify that all fixlets have been integrated. The mail threads are horribly scattered so I might have missed something. - Rewrite documentation. I dropped the documentation patch as it not longer applies. - Handle native vsyscalls. Right now the patch set supports only emulation, but it should be possible to support native as well. Nothing urgent, I'd rather prefer to kill them completely. - Populate a branch with minimal prerequisite patches to apply. Thanks to Andy Lutomirsky, Peter Zijlstra, Ingo Molnar, Borislav Petkov and Dave Hansen for all the help with this. The patches apply on top of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/urgent and are available from git in git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git WIP.x86/kpti and as tarball from https://tglx.de/~tglx/patches-kpti-119.tar.bz2 Signature file for the uncompressed tarball https://tglx.de/~tglx/patches-kpti-119.tar.sig Thanks, tglx