| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Nov 2020 12:23:05 +0100
From: Alexandre Chartre <alexandre.chartre@...cle.com>
To: "tglx@...utronix.de"@aserv0121.oracle.com,
"mingo@...hat.com"@aserv0121.oracle.com,
"bp@...en8.de"@aserv0121.oracle.com,
"hpa@...or.com"@aserv0121.oracle.com,
"x86@...nel.org"@aserv0121.oracle.com,
"dave.hansen@...ux.intel.com"@aserv0121.oracle.com,
"luto@...nel.org"@aserv0121.oracle.com,
"peterz@...radead.org"@aserv0121.oracle.com,
"linux-kernel@...r.kernel.org"@aserv0121.oracle.com,
"thomas.lendacky@....com"@aserv0121.oracle.com,
"jroedel@...e.de"@aserv0121.oracle.com
Cc: "konrad.wilk@...cle.com"@aserv0121.oracle.com,
"jan.setjeeilers@...cle.com"@aserv0121.oracle.com,
"junaids@...gle.com"@aserv0121.oracle.com,
"oweisse@...gle.com"@aserv0121.oracle.com,
"rppt@...ux.vnet.ibm.com"@aserv0121.oracle.com,
"graf@...zon.de"@aserv0121.oracle.com,
"mgross@...ux.intel.com"@aserv0121.oracle.com,
"kuzuno@...il.com"@aserv0121.oracle.com,
"alexandre.chartre@...cle.com"@aserv0121.oracle.com
Subject: [RFC][PATCH 10/24] x86/pti: Introduce per-task PTI trampoline stack
Double the size of the kernel stack when using PTI. The entire stack
is mapped into the kernel address space, and the top half of the stack
(the PTI stack) is also mapped into the user address space.
The PTI stack will be used as a per-task trampoline stack instead of
the current per-cpu trampoline stack. This will allow running more
code on the trampoline stack, in particular code that schedules the
task out.
Signed-off-by: Alexandre Chartre <alexandre.chartre@...cle.com>
---
arch/x86/include/asm/page_64_types.h | 36 +++++++++++++++++++++++++++-
arch/x86/include/asm/processor.h | 3 +++
2 files changed, 38 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h
index 3f49dac03617..733accc20fdb 100644
--- a/arch/x86/include/asm/page_64_types.h
+++ b/arch/x86/include/asm/page_64_types.h
@@ -12,7 +12,41 @@
#define KASAN_STACK_ORDER 0
#endif
-#define THREAD_SIZE_ORDER (2 + KASAN_STACK_ORDER)
+#ifdef CONFIG_PAGE_TABLE_ISOLATION
+/*
+ * PTI doubles the size of the stack. The entire stack is mapped into
+ * the kernel address space. However, only the top half of the stack is
+ * mapped into the user address space.
+ *
+ * On syscall or interrupt, user mode enters the kernel with the user
+ * page-table, and the stack pointer is switched to the top of the
+ * stack (which is mapped in the user address space and in the kernel).
+ * The syscall/interrupt handler will then later decide when to switch
+ * to the kernel address space, and to switch to the top of the kernel
+ * stack which is only mapped in the kernel.
+ *
+ * +-------------+
+ * | | ^ ^
+ * | kernel-only | | KERNEL_STACK_SIZE |
+ * | stack | | |
+ * | | V |
+ * +-------------+ <- top of kernel stack | THREAD_SIZE
+ * | | ^ |
+ * | kernel and | | KERNEL_STACK_SIZE |
+ * | PTI stack | | |
+ * | | V v
+ * +-------------+ <- top of stack
+ */
+#define PTI_STACK_ORDER 1
+#else
+#define PTI_STACK_ORDER 0
+#endif
+
+#define KERNEL_STACK_ORDER 2
+#define KERNEL_STACK_SIZE (PAGE_SIZE << KERNEL_STACK_ORDER)
+
+#define THREAD_SIZE_ORDER \
+ (KERNEL_STACK_ORDER + PTI_STACK_ORDER + KASAN_STACK_ORDER)
#define THREAD_SIZE (PAGE_SIZE << THREAD_SIZE_ORDER)
#define EXCEPTION_STACK_ORDER (0 + KASAN_STACK_ORDER)
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 82a08b585818..47b1b806535b 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -769,6 +769,9 @@ static inline void spin_lock_prefetch(const void *x)
#define task_top_of_stack(task) ((unsigned long)(task_pt_regs(task) + 1))
+#define task_top_of_kernel_stack(task) \
+ ((void *)(((unsigned long)task_stack_page(task)) + KERNEL_STACK_SIZE))
+
#define task_pt_regs(task) \
({ \
unsigned long __ptr = (unsigned long)task_stack_page(task); \
--
2.18.4
Powered by blists - more mailing lists