linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Alexandre Chartre <alexandre.chartre@oracle.com>
To: "tglx@linutronix.de"@aserv0121.oracle.com,
	"mingo@redhat.com"@aserv0121.oracle.com,
	"bp@alien8.de"@aserv0121.oracle.com,
	"hpa@zytor.com"@aserv0121.oracle.com,
	"x86@kernel.org"@aserv0121.oracle.com,
	"dave.hansen@linux.intel.com"@aserv0121.oracle.com,
	"luto@kernel.org"@aserv0121.oracle.com,
	"peterz@infradead.org"@aserv0121.oracle.com,
	"linux-kernel@vger.kernel.org"@aserv0121.oracle.com,
	"thomas.lendacky@amd.com"@aserv0121.oracle.com,
	"jroedel@suse.de"@aserv0121.oracle.com
Cc: "konrad.wilk@oracle.com"@aserv0121.oracle.com,
	"jan.setjeeilers@oracle.com"@aserv0121.oracle.com,
	"junaids@google.com"@aserv0121.oracle.com,
	"oweisse@google.com"@aserv0121.oracle.com,
	"rppt@linux.vnet.ibm.com"@aserv0121.oracle.com,
	"graf@amazon.de"@aserv0121.oracle.com,
	"mgross@linux.intel.com"@aserv0121.oracle.com,
	"kuzuno@gmail.com"@aserv0121.oracle.com,
	"alexandre.chartre@oracle.com"@aserv0121.oracle.com
Subject: [RFC][PATCH 10/24] x86/pti: Introduce per-task PTI trampoline stack
Date: Mon,  9 Nov 2020 12:23:05 +0100	[thread overview]
Message-ID: <20201109112319.264511-11-alexandre.chartre@oracle.com> (raw)
In-Reply-To: <20201109112319.264511-1-alexandre.chartre@oracle.com>

Double the size of the kernel stack when using PTI. The entire stack
is mapped into the kernel address space, and the top half of the stack
(the PTI stack) is also mapped into the user address space.

The PTI stack will be used as a per-task trampoline stack instead of
the current per-cpu trampoline stack. This will allow running more
code on the trampoline stack, in particular code that schedules the
task out.

Signed-off-by: Alexandre Chartre <alexandre.chartre@oracle.com>
---
 arch/x86/include/asm/page_64_types.h | 36 +++++++++++++++++++++++++++-
 arch/x86/include/asm/processor.h     |  3 +++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h
index 3f49dac03617..733accc20fdb 100644
--- a/arch/x86/include/asm/page_64_types.h
+++ b/arch/x86/include/asm/page_64_types.h
@@ -12,7 +12,41 @@
 #define KASAN_STACK_ORDER 0
 #endif
 
-#define THREAD_SIZE_ORDER	(2 + KASAN_STACK_ORDER)
+#ifdef CONFIG_PAGE_TABLE_ISOLATION
+/*
+ * PTI doubles the size of the stack. The entire stack is mapped into
+ * the kernel address space. However, only the top half of the stack is
+ * mapped into the user address space.
+ *
+ * On syscall or interrupt, user mode enters the kernel with the user
+ * page-table, and the stack pointer is switched to the top of the
+ * stack (which is mapped in the user address space and in the kernel).
+ * The syscall/interrupt handler will then later decide when to switch
+ * to the kernel address space, and to switch to the top of the kernel
+ * stack which is only mapped in the kernel.
+ *
+ *   +-------------+
+ *   |             | ^                       ^
+ *   | kernel-only | | KERNEL_STACK_SIZE     |
+ *   |    stack    | |                       |
+ *   |             | V                       |
+ *   +-------------+ <- top of kernel stack  | THREAD_SIZE
+ *   |             | ^                       |
+ *   | kernel and  | | KERNEL_STACK_SIZE     |
+ *   | PTI stack   | |                       |
+ *   |             | V                       v
+ *   +-------------+ <- top of stack
+ */
+#define PTI_STACK_ORDER 1
+#else
+#define PTI_STACK_ORDER 0
+#endif
+
+#define KERNEL_STACK_ORDER 2
+#define KERNEL_STACK_SIZE (PAGE_SIZE << KERNEL_STACK_ORDER)
+
+#define THREAD_SIZE_ORDER	\
+	(KERNEL_STACK_ORDER + PTI_STACK_ORDER + KASAN_STACK_ORDER)
 #define THREAD_SIZE  (PAGE_SIZE << THREAD_SIZE_ORDER)
 
 #define EXCEPTION_STACK_ORDER (0 + KASAN_STACK_ORDER)
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 82a08b585818..47b1b806535b 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -769,6 +769,9 @@ static inline void spin_lock_prefetch(const void *x)
 
 #define task_top_of_stack(task) ((unsigned long)(task_pt_regs(task) + 1))
 
+#define task_top_of_kernel_stack(task) \
+	((void *)(((unsigned long)task_stack_page(task)) + KERNEL_STACK_SIZE))
+
 #define task_pt_regs(task) \
 ({									\
 	unsigned long __ptr = (unsigned long)task_stack_page(task);	\
-- 
2.18.4


  parent reply	other threads:[~2020-11-09 11:24 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-09 11:22 [RFC][PATCH 00/24] x86/pti: Defer CR3 switch to C code Alexandre Chartre
2020-11-09 11:22 ` [RFC][PATCH 01/24] x86/syscall: Add wrapper for invoking syscall function Alexandre Chartre
2020-11-09 17:25   ` Andy Lutomirski
2020-11-09 17:45     ` Alexandre Chartre
2020-11-09 11:22 ` [RFC][PATCH 02/24] x86/entry: Update asm_call_on_stack to support more function arguments Alexandre Chartre
2020-11-09 11:22 ` [RFC][PATCH 03/24] x86/entry: Consolidate IST entry from userspace Alexandre Chartre
2020-11-09 11:22 ` [RFC][PATCH 04/24] x86/sev-es: Define a setup stack function for the VC idtentry Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 05/24] x86/entry: Implement ret_from_fork body with C code Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 06/24] x86/pti: Provide C variants of PTI switch CR3 macros Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 07/24] x86/entry: Fill ESPFIX stack using C code Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 08/24] x86/entry: Add C version of SWAPGS and SWAPGS_UNSAFE_STACK Alexandre Chartre
2020-11-09 17:38   ` Andy Lutomirski
2020-11-09 18:04     ` Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 09/24] x86/entry: Add C version of paranoid_entry/exit Alexandre Chartre
2020-11-09 11:23 ` Alexandre Chartre [this message]
2020-11-09 11:23 ` [RFC][PATCH 11/24] x86/pti: Function to clone page-table entries from a specified mm Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 12/24] x86/pti: Function to map per-cpu page-table entry Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 13/24] x86/pti: Extend PTI user mappings Alexandre Chartre
2020-11-09 17:28   ` Andy Lutomirski
2020-11-09 17:52     ` Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 14/24] x86/pti: Use PTI stack instead of trampoline stack Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 15/24] x86/pti: Execute syscall functions on the kernel stack Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 16/24] x86/pti: Execute IDT handlers " Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 17/24] x86/pti: Execute IDT handlers with error code " Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 18/24] x86/pti: Execute system vector handlers " Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 19/24] x86/pti: Execute page fault handler " Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 20/24] x86/pti: Execute NMI " Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 21/24] x86/entry: Disable stack-protector for IST entry C handlers Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 22/24] x86/entry: Defer paranoid entry/exit to C code Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 23/24] x86/entry: Remove paranoid_entry and paranoid_exit Alexandre Chartre
2020-11-09 11:23 ` [RFC][PATCH 24/24] x86/pti: Defer CR3 switch to C code for non-IST and syscall entries Alexandre Chartre
2020-11-09 14:00 ` [RFC][PATCH 00/24] x86/pti: Defer CR3 switch to C code Alexandre Chartre
2020-11-09 14:44 Alexandre Chartre
2020-11-09 14:44 ` [RFC][PATCH 10/24] x86/pti: Introduce per-task PTI trampoline stack Alexandre Chartre

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201109112319.264511-11-alexandre.chartre@oracle.com \
    --to=alexandre.chartre@oracle.com \
    --cc="alexandre.chartre@oracle.com"@aserv0121.oracle.com \
    --cc="bp@alien8.de"@aserv0121.oracle.com \
    --cc="dave.hansen@linux.intel.com"@aserv0121.oracle.com \
    --cc="graf@amazon.de"@aserv0121.oracle.com \
    --cc="hpa@zytor.com"@aserv0121.oracle.com \
    --cc="jan.setjeeilers@oracle.com"@aserv0121.oracle.com \
    --cc="jroedel@suse.de"@aserv0121.oracle.com \
    --cc="junaids@google.com"@aserv0121.oracle.com \
    --cc="konrad.wilk@oracle.com"@aserv0121.oracle.com \
    --cc="kuzuno@gmail.com"@aserv0121.oracle.com \
    --cc="linux-kernel@vger.kernel.org"@aserv0121.oracle.com \
    --cc="luto@kernel.org"@aserv0121.oracle.com \
    --cc="mgross@linux.intel.com"@aserv0121.oracle.com \
    --cc="mingo@redhat.com"@aserv0121.oracle.com \
    --cc="oweisse@google.com"@aserv0121.oracle.com \
    --cc="peterz@infradead.org"@aserv0121.oracle.com \
    --cc="rppt@linux.vnet.ibm.com"@aserv0121.oracle.com \
    --cc="tglx@linutronix.de"@aserv0121.oracle.com \
    --cc="thomas.lendacky@amd.com"@aserv0121.oracle.com \
    --cc="x86@kernel.org"@aserv0121.oracle.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).