Received: by 10.223.176.5 with SMTP id f5csp596806wra; Fri, 9 Feb 2018 04:13:31 -0800 (PST) X-Google-Smtp-Source: AH8x226pppPNxg7wHnm1ORaI0anrt5kdAyIfKFN5a52SRrnoXwv9PPS34Z3dmBFDeNkF+5pIvL/p X-Received: by 10.99.134.65 with SMTP id x62mr2154185pgd.291.1518178411271; Fri, 09 Feb 2018 04:13:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518178411; cv=none; d=google.com; s=arc-20160816; b=a/Vyl5+xrwn8uVyEUrO7jIrTM9pSdDsITkabFcdG3kLjjK9jefk4VThLo1JOY1kkmx ExTRfffIt4Z77Jaxen8QOYgojZObPlNyRhjm2Sar5zB5Zwc7uAEWbgUo7WWEtYysp79v QA7O7eEI7nYtjnyg2MpbVnQxlDZ02yEri9KZbxo+r1DDfmEG9KVQVpsbKUjs69YKVwLF pAoQXVrUo85yFDrgTpnA3ZrHKNLdsSltmyqVBYfKnbmFhnLxmzRRDUdMopX2L9wHXqDd tpPW9Fi7IYJVX2wdu1GgD6eajMFJgsvPeOq4OZH7td6OED6EAD3mJ/1ikFx/fQotzeWr 3kDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=DLXA/qx4w1IkPK2rlY5QnebgUMdIHP2dJdOBUil3uLQ=; b=AGaE8inc116jsL4ZOxypMPGn02k+X0JCBM/z39PSYh5JJUuAsBU/7hVkZS76bpviQw fdVkCQj4gnnBtxePxX5+y9krKPJ8DRQtooGY8sg/W682EoBzOHiE2ejR6ncH7UIz5/4g SUvMeGXe/jZmvarEZ5MFZaO/b/LcvlJRAa3XSaJZYV3q5ZYkl4m1PFzAK4I2mJs03n3Q M+zx2ogw4zoerbOzFzMgBEXiWloq6kcYPcSzRUFdFyhbGB6unaShb8Pv8ZXAXX8uSpxD km5SOb95Wu/mVa2GtceNeQIs/0ehXCBPXZQvvA7/0q4uhyQS8OpywuiEnBfByS3t9zE0 EsCQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r16si1320345pgu.397.2018.02.09.04.13.16; Fri, 09 Feb 2018 04:13:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752465AbeBIMLx (ORCPT + 99 others); Fri, 9 Feb 2018 07:11:53 -0500 Received: from mx2.suse.de ([195.135.220.15]:41058 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751124AbeBIMLw (ORCPT ); Fri, 9 Feb 2018 07:11:52 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id BCDDEACC0; Fri, 9 Feb 2018 12:11:48 +0000 (UTC) Subject: Re: [PATCH 00/31 v2] PTI support for x86_32 To: Joerg Roedel , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Linus Torvalds , Andy Lutomirski , Dave Hansen , Josh Poimboeuf , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Greg KH , Will Deacon , aliguori@amazon.com, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, Andrea Arcangeli , Waiman Long , Pavel Machek , jroedel@suse.de References: <1518168340-9392-1-git-send-email-joro@8bytes.org> From: Juergen Gross Message-ID: <35f19c79-7277-3ad8-50bf-8def929377b6@suse.com> Date: Fri, 9 Feb 2018 13:11:42 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <1518168340-9392-1-git-send-email-joro@8bytes.org> Content-Type: text/plain; charset=utf-8 Content-Language: de-DE Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 09/02/18 10:25, Joerg Roedel wrote: > Hi, > > here is the second version of my PTI implementation for > x86_32, based on tip/x86-pti-for-linus. It took a lot longer > than I had hoped, but there have been a number of obstacles > on the way. It also isn't the small patch-set anymore that v1 > was, but compared to it this one actually works :) > > The biggest changes were necessary in the entry code, a lot > of it is moving code around, but there are also significant > changes to get all cases covered. This includes NMIs and > exceptions on the kernel exit-path where we are already on > the entry-stack. To make this work I decided to mostly split > up the common kernel-exit path into a return-to-kernel, > return-to-user and return-from-nmi part. > > On the page-table side I had to do a lot of special cases > for PAE because PAE paging is so, well, special. The biggest > example here is the LDT mapping code, which needs to work on > the PMD level instead of PGD when PAE is enabled. > > During development I also experimented with unshared PMDs > between the kernel and the user page-tables for PAE. It > worked by allocating 8k PMDs and using the lower half for > the kernel and the upper half for the user page-table. While > this worked and allowed me to NX-protect the user-space > address-range in the kernel page-table, it also required 5 > order-1 allocations in low-mem for each process. In my > testing I got this to fail pretty quickly and trigger OOM, > so I abandoned the approach for now. > > Here is how I tested these patches: > > * Booted on a real machine (4C/8T, 16GB RAM) and run > an overnight load-test with 'perf top' running > (for the NMIs), the ldt_gdt selftest running in a > loop (for more stress on the entry/exit path) and > a -j16 kernel compile also running in a loop. The > box survived the test, which ran for more than 18 > hours. > > * Tested most x86 selftests in the kernel on the > real machine. This showed no regressions. I did > not run the mpx and protection-key tests, as the > machine does not support these features, and I > also skipped the check_initial_reg_state test, as > it made problems while compiling and it didn't > seem relevant enough to fix that for this > patch-set. > > * Boot tested all valid combinations of [NO]HIGHMEM* vs. > VMSPLIT* vs. PAE in KVM. All booted fine. > > * Did compile-tests with various configs (allyes, > allmod, defconfig, ..., basically what I usually > use to test the iommu-tree as well). All compiled > fine. > > * Some basic compile, boot and runtime testing of > 64 bit to make sure I didn't break anything there. > > I did not explicitly test wine and dosemu, but since the > vm86 and the ldt_gdt self-tests all passed fine I am > confident that those will also still work. > > XENPV is also untested from my side, but I added checks to > not do the stack switches in the entry-code when XENPV is > enabled, so hopefully it works. But someone should test it, > of course. That's unfortunate. 32 bit XENPV kernel is vulnerable to Meltdown, too. I'll have a look whether 32 bit XENPV is still working, though. Adding support for KPTI with Xen PV should probably be done later. :-) Juergen