Received: by 10.223.185.116 with SMTP id b49csp2243187wrg; Thu, 15 Feb 2018 08:38:35 -0800 (PST) X-Google-Smtp-Source: AH8x2244xROnvjA7p762BVlm1QdWUvnDnjfNbGilfs59OW6C0DWLS0hu8vwOSsptX6EhLZR/L9zE X-Received: by 10.99.120.5 with SMTP id t5mr2659039pgc.156.1518712714974; Thu, 15 Feb 2018 08:38:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518712714; cv=none; d=google.com; s=arc-20160816; b=PjLg+asfNFw7SJg7vwj6J6cJ5ENI7qGT2pqRLF9LuIUBLU5j2pvUne9JYpjmd78VAu QMCZvEbV7nDWizmPmCwObj4ArgPJsrqB/1HVFEjBIq1qch/IIxaZMGRyt+deL9evjs6w oAk/fevI8kdcF1fiIPAReCWRmgdauddxT2ZKegLnnydwSepEKbibl6+slYLF4iYiqNoo 2ikyK3cY+CTxOds+C8zyBvrut1Otg1sIKs0q40nDeAHRxqc76XAyi99xPTy69weGpKBA PxBoc0mlw5SiPmT0qz+sxgqniYhnNQqnKCMc4ayZsVUjETCEbAdhWuBs2znf54gLmeSg oKIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:arc-authentication-results; bh=MTpbWqgoBKwBI001M1+754+9JFCKGSmXyW78LYGIO3A=; b=Wd3diY7p27BDfOQaEvwqG0nckQs5cTBA96iBvmMEKn4yqVyLWV4oq+ASrIzMK9FgbU SOSaxqFXARDVLN5sMy1h4GBp+i2hj817XYNvdGrD23eTqMTJ7eyraf5bMUyMrEtUER+T EuRZjEmn2HrLnRzD0b82FAoaTJd8pOu0bfa9J3EUcpuQvscxqHiyPP3SzaHFI4uw7vVj EfevvU1huu4L0bcCnaJeXhXXgLI9Ni4ySB7d/2JTvMMXjxu8fcljUVfBtEdA9o9EoixQ 5sTOvbYkJcq6BRSA9gQaTTe/y/y+5p+JeWjHmsTLQYOwoIojPAzzy2K8jDr1prchRxeY +A7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m10-v6si3272921plt.185.2018.02.15.08.38.20; Thu, 15 Feb 2018 08:38:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1426117AbeBOQg4 (ORCPT + 99 others); Thu, 15 Feb 2018 11:36:56 -0500 Received: from ex13-edg-ou-002.vmware.com ([208.91.0.190]:37394 "EHLO EX13-EDG-OU-002.vmware.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1426083AbeBOQgT (ORCPT ); Thu, 15 Feb 2018 11:36:19 -0500 Received: from sc9-mailhost3.vmware.com (10.113.161.73) by EX13-EDG-OU-002.vmware.com (10.113.208.156) with Microsoft SMTP Server id 15.0.1156.6; Thu, 15 Feb 2018 08:36:07 -0800 Received: from ubuntu.localdomain (unknown [10.2.101.129]) by sc9-mailhost3.vmware.com (Postfix) with ESMTP id 0786040B58; Thu, 15 Feb 2018 08:36:16 -0800 (PST) From: Nadav Amit To: Ingo Molnar CC: Thomas Gleixner , Andy Lutomirski , Peter Zijlstra , Dave Hansen , Willy Tarreau , Nadav Amit , , , Nadav Amit Subject: [PATCH RFC v2 3/6] x86: Switching page-table isolation Date: Thu, 15 Feb 2018 08:35:59 -0800 Message-ID: <20180215163602.61162-4-namit@vmware.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20180215163602.61162-1-namit@vmware.com> References: <20180215163602.61162-1-namit@vmware.com> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: None (EX13-EDG-OU-002.vmware.com: namit@vmware.com does not designate permitted sender hosts) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On context switch, switch the page-table isolation according to the new task. Accordingly, restore or remove CS64. The different types of disabling are kept as a bitmap in order to quickly check whether a certain type of disabling was switched, although it is assumed only a single type is set at a given time. The code prepares the facility for future disabling of PTI in other means (prctl). To do so, the logic means that greater "disabling" value means stronger disabling, and should override lower ones. Signed-off-by: Nadav Amit --- arch/x86/include/asm/pti.h | 22 ++++++++++++++++++++++ arch/x86/include/asm/tlbflush.h | 12 ++++++++++++ arch/x86/mm/tlb.c | 25 +++++++++++++++++++++++++ 3 files changed, 59 insertions(+) diff --git a/arch/x86/include/asm/pti.h b/arch/x86/include/asm/pti.h index 96a5fbfedf7a..78a333699874 100644 --- a/arch/x86/include/asm/pti.h +++ b/arch/x86/include/asm/pti.h @@ -3,6 +3,11 @@ #define _ASM_X86_PTI_H #ifndef __ASSEMBLY__ +#include + +#define PTI_DISABLE_OFF (0) +#define PTI_DISABLE_IA32 (1 << 0) + #ifdef CONFIG_PAGE_TABLE_ISOLATION static inline unsigned short mm_pti_disable(struct mm_struct *mm) { @@ -12,10 +17,27 @@ static inline unsigned short mm_pti_disable(struct mm_struct *mm) return mm->context.pti_disable; } +static inline void pti_update_user_cs64(unsigned short prev_pti_disable, + unsigned short next_pti_disable) +{ + struct desc_struct user_cs, *d; + + if ((prev_pti_disable ^ next_pti_disable) & PTI_DISABLE_IA32) + return; + + d = get_cpu_gdt_rw(smp_processor_id()); + user_cs = d[GDT_ENTRY_DEFAULT_USER_CS]; + user_cs.p = !(next_pti_disable & PTI_DISABLE_IA32); + write_gdt_entry(d, GDT_ENTRY_DEFAULT_USER_CS, &user_cs, DESCTYPE_S); +} + extern void pti_init(void); extern void pti_check_boottime_disable(void); #else static inline unsigned short mm_pti_disable(struct mm_struct *mm) { return 0; } +static inline unsigned short mm_pti_disable(struct mm_struct *mm); +static inline void pti_update_user_cs64(unsigned short prev_pti_disable, + unsigned short next_pti_disable) { } static inline void pti_check_boottime_disable(void) { } #endif diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h index cf91a484bb41..ea65cf951c49 100644 --- a/arch/x86/include/asm/tlbflush.h +++ b/arch/x86/include/asm/tlbflush.h @@ -310,6 +310,18 @@ static inline unsigned short cpu_pti_disable(void) return this_cpu_read(cpu_tlbstate.pti_disable); } +static inline void set_cpu_pti_disable(unsigned short disable) +{ + /* + * Enabling/disabling CS64 and updating the state must be done + * atomically + */ + WARN_ON_ONCE(preemptible()); + + pti_update_user_cs64(cpu_pti_disable(), disable); + this_cpu_write(cpu_tlbstate.pti_disable, disable); +} + /* * Save some of cr4 feature set we're using (e.g. Pentium 4MB * enable and PPro Global page enable), so that any CPU's that boot diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 5bfe61a5e8e3..c67ef3fb4f35 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -178,6 +178,28 @@ static void sync_current_stack_to_mm(struct mm_struct *mm) } } } +static void switch_pti_disable(struct mm_struct *mm) +{ +#ifdef CONFIG_PAGE_TABLE_ISOLATION + unsigned short prev_pti_disable, next_pti_disable; + + if (!static_cpu_has(X86_FEATURE_PTI)) + return; + + prev_pti_disable = cpu_pti_disable(); + + /* + * Avoid concurrent changes to mm_pti_disable()), since we need to + * ensure both CS64 and the CPU indication are identical + */ + next_pti_disable = READ_ONCE(mm->context.pti_disable); + + if (prev_pti_disable == next_pti_disable) + return; + + set_cpu_pti_disable(next_pti_disable); +#endif +} void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, struct task_struct *tsk) @@ -292,6 +314,9 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, trace_tlb_flush_rcuidle(TLB_FLUSH_ON_TASK_SWITCH, 0); } + /* Disable/reenable page-table isolation as needed */ + switch_pti_disable(next); + this_cpu_write(cpu_tlbstate.loaded_mm, next); this_cpu_write(cpu_tlbstate.loaded_mm_asid, new_asid); } -- 2.14.1