From: Andy Lutomirski <luto@kernel.org>
To: "Bae, Chang Seok" <chang.seok.bae@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>, X86 ML <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Borislav Petkov <bpetkov@suse.de>,
Brian Gerst <brgerst@gmail.com>, Stas Sergeev <stsp@list.ru>
Subject: Re: FSGSBASE ABI considerations
Date: Mon, 7 Aug 2017 09:14:43 -0700 [thread overview]
Message-ID: <CALCETrXOV1yKrrmyYwz_pX5mQuD0PvsLd5MwUt9Gp1ySwUu0Qw@mail.gmail.com> (raw)
In-Reply-To: <C9BB696F3A938947B10DCAD29FAB8FFA669B3389@CRSMSX101.amr.corp.intel.com>
On Jul 31, 2017, at 5:23 PM, Bae, Chang Seok <chang.seok.bae@intel.com> wrote:
>> On an FSGSBASE-enabled system, I think we need to provide deterministic, documented, tested behavior. I can think of three plausible choices:
>> 1a. modify_ldt() immediately updates FSBASE and GSBASE all threads that reference the modified selector.
>> 1b. modify_ldt() immediatley updates FSBASE and GSBASE on all threads that reference the LDT.
>> 2. modify_ldt() leaves FSBASE and GSBASE alone on all threads.
>> (2) is trivial to implement, whereas (1a) and (1b) are a bit nasty to implement when FSGSBASE is on.
>
>> The tricky bit is that 32-bit kernels can't do (2), so, if we want modify_ldt() to behave the same on 32-bit and 64-bit kernels, we're stuck with (1).
>
> While implementing (1) is still unclear for context switch, here is one idea for (1b):
> - thread struct has new entry for ldt pointer that last seen
> - modify_ldt happens
> - ldtr upated for active threads via IPI
> - for inactive threads being scheduled in, ldtr updated before __switch_to
> - in __switch_to, read ldtr by sldt and compare the new ldt pointer
> sldt is ucode that likely takes only a couple cycles
> - mostly matched given modify_ldt is rare
> - unmatched, don't write gsbase if gs indicating LDT
That won't be reliable -- LDTR could change more than once and be
reused between context switches. If we went this route, I think we'd
put a u64 version in ldt_struct. We'd also need to audit and fix up
every access to thread.fs/gsbase.
next prev parent reply other threads:[~2017-08-07 16:15 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-31 3:05 FSGSBASE ABI considerations Andy Lutomirski
2017-07-31 4:38 ` Linus Torvalds
2017-07-31 14:14 ` Andy Lutomirski
2017-07-31 10:55 ` Kirill A. Shutemov
2017-07-31 14:16 ` Andy Lutomirski
2017-07-31 21:23 ` Bae, Chang Seok
2017-08-07 16:14 ` Andy Lutomirski [this message]
2017-08-07 8:06 ` Stas Sergeev
2017-08-07 16:20 ` Andy Lutomirski
2017-08-07 16:49 ` Christopher Lameter
2017-08-07 17:35 ` Linus Torvalds
2017-08-07 19:07 ` Andy Lutomirski
2017-08-07 21:32 ` Stas Sergeev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALCETrXOV1yKrrmyYwz_pX5mQuD0PvsLd5MwUt9Gp1ySwUu0Qw@mail.gmail.com \
--to=luto@kernel.org \
--cc=bpetkov@suse.de \
--cc=brgerst@gmail.com \
--cc=chang.seok.bae@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stsp@list.ru \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).