Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp639531imm;
        Fri, 5 Oct 2018 09:19:52 -0700 (PDT)
X-Google-Smtp-Source: ACcGV611f1ZM6dfMx53o0LH2vaQN4QgcOjUS7yeRUp1tkVLb6NmUR6vgIakNGu5ROy5QjPIcweFT
X-Received: by 2002:a17:902:758f:: with SMTP id j15-v6mr12660533pll.160.1538756392423;
        Fri, 05 Oct 2018 09:19:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1538756392; cv=none;
        d=google.com; s=arc-20160816;
        b=mpUBgio0My0JTWbMCC7hr6MNTbNZxy8HmSekPi+LhXM99zqwI90/eizBQFvOlnM/yK
         ZAmWIfMKL9VbVOrNmiWDvY8iK9MU2QnEY8rJ4llq/X7mvyafZO3ouVevZp9ejiqu39/Y
         N+ngTUoxUEnPVBmC0TvQq2ms3EGS9q8y93ByaAIqtdodRm6/ypOkRNpqkZ6fbAVYOvXa
         vwW2KMBUL0O0BUEU6iQOggYb+7M3w+a9abaT9ahZbcNiXxEnSBSLR4xbdcGcETcvkNUZ
         PisNbJXQdWZRFnaQYks6e6a3UUT5RuQsxIXNqSJcf5ct2C8qs8NB9hEhE2F2Y8JWYThJ
         s7uA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id;
        bh=eutUayGl+auBlkk+vNKDwJ9nox7n5VgMLlAnkQtqhW8=;
        b=mKqNwh8jQpKk3auqyPkloTxQeiRh+c+ntN3N+jCUSBOH9jt61p7r8YCrSCnJ7VEyIf
         xGf2fGsc9dqmbSFYvQGVr5VoRnbGq1ONOqeflSQX+xBHGKBRwrbfoLZTignEShg74Hds
         0IetQUTiiP9mgL1ogp0Td3Dvx6+XyyHNaHr/PALVhK8YhedoWYCGmCW66qdDgP/ffM2l
         dCtttqXGl6SaY5jLw2nI0uU9M+1AWXkhMxTO/05NLQGXpNmZ3tONsGOnBxvTP9ULs7w6
         bmbv5gMw2JSAQYYL+5nw/HjfERZa0O2zakuKC9kFUkbonC3sHKEs0jMEoC8eQgxWX//q
         fnKQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d7-v6si8879655pll.162.2018.10.05.09.19.37;
        Fri, 05 Oct 2018 09:19:52 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730073AbeJEXSL (ORCPT <rfc822;hubert.jasudowicz@gmail.com>
        + 99 others); Fri, 5 Oct 2018 19:18:11 -0400
Received: from mga02.intel.com ([134.134.136.20]:40260 "EHLO mga02.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728967AbeJEXSK (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 5 Oct 2018 19:18:10 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Oct 2018 09:18:46 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.54,345,1534834800"; 
   d="scan'208";a="86033243"
Received: from 2b52.sc.intel.com ([143.183.136.147])
  by FMSMGA003.fm.intel.com with ESMTP; 05 Oct 2018 09:18:23 -0700
Message-ID: <fc2f98ab46240c0498bdf4d7458b4373c1f02bf8.camel@intel.com>
Subject: Re: [RFC PATCH v4 3/9] x86/cet/ibt: Add IBT legacy code bitmap
 allocation function
From:   Yu-cheng Yu <yu-cheng.yu@intel.com>
To:     Eugene Syromiatnikov <esyr@redhat.com>
Cc:     x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, linux-kernel@vger.kernel.org,
        linux-doc@vger.kernel.org, linux-mm@kvack.org,
        linux-arch@vger.kernel.org, linux-api@vger.kernel.org,
        Arnd Bergmann <arnd@arndb.de>,
        Andy Lutomirski <luto@amacapital.net>,
        Balbir Singh <bsingharora@gmail.com>,
        Cyrill Gorcunov <gorcunov@gmail.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Florian Weimer <fweimer@redhat.com>,
        "H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Mike Kravetz <mike.kravetz@oracle.com>,
        Nadav Amit <nadav.amit@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
        Peter Zijlstra <peterz@infradead.org>,
        Randy Dunlap <rdunlap@infradead.org>,
        "Ravi V. Shankar" <ravi.v.shankar@intel.com>,
        Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>
Date:   Fri, 05 Oct 2018 09:13:40 -0700
In-Reply-To: <20181003195702.GF32759@asgard.redhat.com>
References: <20180921150553.21016-1-yu-cheng.yu@intel.com>
         <20180921150553.21016-4-yu-cheng.yu@intel.com>
         <20181003195702.GF32759@asgard.redhat.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.28.1-2 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2018-10-03 at 21:57 +0200, Eugene Syromiatnikov wrote:
> On Fri, Sep 21, 2018 at 08:05:47AM -0700, Yu-cheng Yu wrote:
> > Indirect branch tracking provides an optional legacy code bitmap
> > that indicates locations of non-IBT compatible code.  When set,
> > each bit in the bitmap represents a page in the linear address is
> > legacy code.
> > 
> > We allocate the bitmap only when the application requests it.
> > Most applications do not need the bitmap.
> > 
> > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
> > ---
> >  arch/x86/kernel/cet.c | 45 +++++++++++++++++++++++++++++++++++++++++++
> >  1 file changed, 45 insertions(+)
> > 
> > diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c
> > index 6adfe795d692..a65d9745af08 100644
> > --- a/arch/x86/kernel/cet.c
> > +++ b/arch/x86/kernel/cet.c
> > @@ -314,3 +314,48 @@ void cet_disable_ibt(void)
> >  	wrmsrl(MSR_IA32_U_CET, r);
> >  	current->thread.cet.ibt_enabled = 0;
> >  }
> > +
> > +int cet_setup_ibt_bitmap(void)
> > +{
> > +	u64 r;
> > +	unsigned long bitmap;
> > +	unsigned long size;
> > +
> > +	if (!cpu_feature_enabled(X86_FEATURE_IBT))
> > +		return -EOPNOTSUPP;
> > +
> > +	if (!current->thread.cet.ibt_bitmap_addr) {
> > +		/*
> > +		 * Calculate size and put in thread header.
> > +		 * may_expand_vm() needs this information.
> > +		 */
> > +		size = TASK_SIZE / PAGE_SIZE / BITS_PER_BYTE;
> 
> TASK_SIZE_MAX is likely needed here, as an application can easily switch
> between long an 32-bit protected mode.  And then the case of a CPU that
> doesn't support 5LPT.

If we had calculated bitmap size from TASK_SIZE_MAX, all 32-bit apps would have
failed the allocation for bitmap size > TASK_SIZE.  Please see values below,
which is printed from the current code.

Yu-cheng


x64:
TASK_SIZE_MAX	= 0000 7fff ffff f000
TASK_SIZE	= 0000 7fff ffff f000
bitmap size	= 0000 0000 ffff ffff

x32:
TASK_SIZE_MAX	= 0000 7fff ffff f000
TASK_SIZE	= 0000 0000 ffff e000
bitmap size	= 0000 0000 0001 ffff