Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3447551pxb; Mon, 16 Nov 2020 15:13:48 -0800 (PST) X-Google-Smtp-Source: ABdhPJyANff4glN7deTxkmkrtANsIOyfyE0RcH9h51DpsfnG3Whm5g3it5xZsVLXrEhd/9l94Mq2 X-Received: by 2002:a17:906:16d6:: with SMTP id t22mr18273591ejd.376.1605568428246; Mon, 16 Nov 2020 15:13:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605568428; cv=none; d=google.com; s=arc-20160816; b=E/DLedJtV2Il4YdfMRdJVjRPX8s6rKx9qYxzF92CZFUKJcxSsopINoVGym5Y+bfsv7 LJ8ETgPBMEdeKUxSj8WDVawGCWBHO3l0zpuju6cRuncBwUjo1MLtPdeXcfTgdqJqRRdK 8pl+kYt+LXOoDJeT4yOiFtmQzkMOVdAIxaEJOJhGxmWFAxEuvgq0xJGqQIKMbZ//QuR9 NiPBx6RPlRTGUqhXjuyI1P9QjPXarZuHZbafNc9kbm+fbORtIvWKBUXA0wBkkZHWzyNZ dkXnh36sd1rgCWE5TEqIbZ36UbY04uNtjJ4/mP65/Md7kxBPNDftvOfhx/Nej1TPL2In vhOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=yEk6WurgiwP/juGlVo96PE9gsPHuEsS95m8euj/26Bg=; b=d2+pxEKrOl3+UJ6/J55r1jJAh02TXjpCWgDYltJgXFvMjF/y02nmJ5oV8JXUiAH95U DqyQ+lYx+5FcECYAk9fAQ6xYJd+X12Q9exuJHFxhp3cNuJr/UCmj9cIdy1RMRJwmDALK aNUn9TygZrwCuEXxkNBzyjhkwnTPNzaEuaPnBy3GeH43B/Jz2nBYuwDloJR7sl0DyKAW Q9seYxjo7nT564AyOY91gYfHfDTJzI30L7tRjxipMJuc6CiwfgXx3azviW2rIOw6hTfS DbNwOwclaXf7xE+ko7OR8oGUAuhiolKvsR/gCCoHKv9OPDbQoNXvyR+sBysaMIGSJNvV p4Bg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2IOvZZPe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bd28si12269318edb.329.2020.11.16.15.13.25; Mon, 16 Nov 2020 15:13:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2IOvZZPe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728069AbgKPXGZ (ORCPT + 99 others); Mon, 16 Nov 2020 18:06:25 -0500 Received: from mail.kernel.org ([198.145.29.99]:33152 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725379AbgKPXGY (ORCPT ); Mon, 16 Nov 2020 18:06:24 -0500 Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8FEA3241A5 for ; Mon, 16 Nov 2020 23:06:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1605567983; bh=0Pqi7azRIWSbLIpOeitvpzKPLJGnjQeCpndMdUmdrAo=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=2IOvZZPeGDj+Zct6OlvIZod58PJIp3hy9ZWtyPjPTimvJbBJqiku0bu3pKfw2/M1/ EP2a/7aeAMxXeabBImwfXcm6v+SehUvXkjoVo8wSzxP3eDq3XVahSNr6ha2CyZGNy5 B7Y2QONNejEe08f7hqYXRPS5CrQNPV7hKsfoCuWw= Received: by mail-wm1-f44.google.com with SMTP id p19so837711wmg.0 for ; Mon, 16 Nov 2020 15:06:23 -0800 (PST) X-Gm-Message-State: AOAM531jUcHB9Bzo3kOup5Zca2l9J1sHGRa0FuUAjqsqyWdDByIL1BqL h3n2JJo9/lbaG+kwHNBHa3WvCTuqa7c3Xz/598nc4w== X-Received: by 2002:a1c:7e87:: with SMTP id z129mr1136898wmc.176.1605567982035; Mon, 16 Nov 2020 15:06:22 -0800 (PST) MIME-Version: 1.0 References: <20201116144757.1920077-1-alexandre.chartre@oracle.com> <20201116144757.1920077-12-alexandre.chartre@oracle.com> <820278dc-5f8e-6224-71b4-7c61819f68d1@oracle.com> In-Reply-To: <820278dc-5f8e-6224-71b4-7c61819f68d1@oracle.com> From: Andy Lutomirski Date: Mon, 16 Nov 2020 15:06:08 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC][PATCH v2 11/21] x86/pti: Extend PTI user mappings To: Alexandre Chartre Cc: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , X86 ML , Dave Hansen , Peter Zijlstra , LKML , Tom Lendacky , Joerg Roedel , Konrad Rzeszutek Wilk , jan.setjeeilers@oracle.com, Junaid Shahid , oweisse@google.com, Mike Rapoport , Alexander Graf , mgross@linux.intel.com, kuzuno@gmail.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 16, 2020 at 12:18 PM Alexandre Chartre wrote: > > > On 11/16/20 8:48 PM, Andy Lutomirski wrote: > > On Mon, Nov 16, 2020 at 6:49 AM Alexandre Chartre > > wrote: > >> > >> Extend PTI user mappings so that more kernel entry code can be executed > >> with the user page-table. To do so, we need to map syscall and interrupt > >> entry code, per cpu offsets (__per_cpu_offset, which is used some in > >> entry code), the stack canary, and the PTI stack (which is defined per > >> task). > > > > Does anything unmap the PTI stack? Mapping is easy, and unmapping > > could be a pretty big mess. > > > > No, there's no unmap. The mapping exists as long as the task page-table > does (i.e. as long as the task mm exits). I assume that the task stack > and mm are freed at the same time but that's not something I have checked. > Nope. A multi-threaded mm will free task stacks when the task exits, but the mm may outlive the individual tasks. Additionally, if you allocate page tables as part of mapping PTI stacks, you need to make sure the pagetables are freed. Finally, you need to make sure that the PTI stacks have appropriate guard pages -- just doubling the allocation is not safe enough. My intuition is that this is going to be far more complexity than is justified.