WSL2-Linux-Kernel/arch/x86/kernel
Andy Lutomirski f55f0501cb x86/pti: Put the LDT in its own PGD if PTI is on
With PTI enabled, the LDT must be mapped in the usermode tables somewhere.
The LDT is per process, i.e. per mm.

An earlier approach mapped the LDT on context switch into a fixmap area,
but that's a big overhead and exhausted the fixmap space when NR_CPUS got
big.

Take advantage of the fact that there is an address space hole which
provides a completely unused pgd. Use this pgd to manage per-mm LDT
mappings.

This has a down side: the LDT isn't (currently) randomized, and an attack
that can write the LDT is instant root due to call gates (thanks, AMD, for
leaving call gates in AMD64 but designing them wrong so they're only useful
for exploits).  This can be mitigated by making the LDT read-only or
randomizing the mapping, either of which is strightforward on top of this
patch.

This will significantly slow down LDT users, but that shouldn't matter for
important workloads -- the LDT is only used by DOSEMU(2), Wine, and very
old libc implementations.

[ tglx: Cleaned it up. ]

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Kirill A. Shutemov <kirill@shutemov.name>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-12-23 21:13:00 +01:00
..
acpi License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
apic x86/virt, x86/platform: Merge 'struct x86_hyper' into 'struct x86_platform' and 'struct x86_init' 2017-11-10 10:03:12 +01:00
cpu x86/mm/pti: Force entry through trampoline when PTI active 2017-12-23 21:13:00 +01:00
fpu Merge commit 'upstream-x86-entry' into WIP.x86/mm 2017-12-17 12:58:53 +01:00
kprobes License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
.gitignore
Makefile Merge commit 'upstream-x86-entry' into WIP.x86/mm 2017-12-17 12:58:53 +01:00
alternative.c x86: Clarify/fix no-op barriers for text_poke_bp() 2017-08-10 17:35:19 +02:00
amd_gart_64.c x86: remove arch specific dma_supported implementation 2017-06-28 06:54:46 -07:00
amd_nb.c x86/cpu/AMD: Apply the Erratum 688 fix when the BIOS doesn't 2017-10-22 13:06:02 +02:00
apb_timer.c Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-25 14:30:04 -08:00
aperture_64.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
apm_32.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
asm-offsets.c x86/entry: Rename SYSENTER_stack to CPU_ENTRY_AREA_entry_stack 2017-12-22 20:13:02 +01:00
asm-offsets_32.c x86/entry: Rename SYSENTER_stack to CPU_ENTRY_AREA_entry_stack 2017-12-22 20:13:02 +01:00
asm-offsets_64.c x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0 2017-12-17 13:59:56 +01:00
audit_64.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bootflag.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
check.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cpuid.c Merge branch 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-12 19:25:04 -08:00
crash.c kexec: move vmcoreinfo out of the kernel's .bss section 2017-07-12 16:25:59 -07:00
crash_dump_32.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
crash_dump_64.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
devicetree.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
doublefault.c x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss 2017-12-17 13:59:55 +01:00
dumpstack.c x86/cpu_entry_area: Move it out of the fixmap 2017-12-22 20:13:05 +01:00
dumpstack_32.c x86/entry: Rename SYSENTER_stack to CPU_ENTRY_AREA_entry_stack 2017-12-22 20:13:02 +01:00
dumpstack_64.c x86/entry: Rename SYSENTER_stack to CPU_ENTRY_AREA_entry_stack 2017-12-22 20:13:02 +01:00
e820.c x86/boot/e820: Add support to determine the E820 type of an address 2017-07-18 11:38:01 +02:00
early-quirks.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
early_printk.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ebda.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
eisa.c x86/eisa: Add missing include 2017-08-31 21:34:48 +02:00
espfix_64.c x86/mm: Provide general kernel support for memory encryption 2017-07-18 11:38:00 +02:00
ftrace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ftrace_32.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ftrace_64.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
head32.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
head64.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
head_32.S Merge commit 'upstream-x86-entry' into WIP.x86/mm 2017-12-17 12:58:53 +01:00
head_64.S x86/mm/pti: Allocate a separate user PGD 2017-12-23 21:13:00 +01:00
hpet.c x86/hpet: Cure interface abuse in the resume path 2017-08-01 13:02:37 +02:00
hw_breakpoint.c x86/kernel: Audit and remove any unnecessary uses of module.h 2016-07-14 15:06:41 +02:00
i8237.c
i8253.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
i8259.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
idt.c x86/idt: Remove X86_TRAP_BP initialization in idt_setup_traps() 2017-11-08 21:05:23 +01:00
io_delay.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ioport.c x86/entry/64: Make cpu_entry_area.tss read-only 2017-12-17 14:27:52 +01:00
irq.c x86/irq: Remove an old outdated comment about context tracking races 2017-12-17 13:59:53 +01:00
irq_32.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
irq_64.c x86/irq/64: Print the offending IP in the stack overflow warning 2017-12-17 13:59:53 +01:00
irq_work.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
irqinit.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
itmt.c sched/x86: Remove unnecessary TBM3 check to update topology 2017-01-19 08:42:37 +01:00
jump_label.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
kdebugfs.c x86, mpparse, x86/acpi, x86/PCI, x86/dmi, SFI: Use memremap() for RAM mappings 2017-07-18 11:37:58 +02:00
kexec-bzimage64.c x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec 2017-07-05 10:09:02 +02:00
kgdb.c sched/x86: Add 'struct inactive_task_frame' to better document the sleeping task stack frame 2016-08-24 12:27:41 +02:00
ksysfs.c x86/sysfs: Fix off-by-one error in loop termination 2017-09-25 09:36:16 +02:00
kvm.c x86/virt: Add enum for hypervisors to replace x86_hyper 2017-11-10 10:03:12 +01:00
kvmclock.c kvm: Return -ENODEV from update_persistent_clock 2017-11-02 18:23:18 +01:00
ldt.c x86/pti: Put the LDT in its own PGD if PTI is on 2017-12-23 21:13:00 +01:00
livepatch.c livepatch/x86: apply alternatives and paravirt patches after relocations 2016-08-18 23:41:55 +02:00
machine_kexec_32.c x86/idt: Consolidate IDT invalidation 2017-08-29 12:07:26 +02:00
machine_kexec_64.c x86/mm, kexec: Fix memory corruption with SME on successive kexecs 2017-07-30 12:09:12 +02:00
mmconf-fam10h_64.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
module.c x86/module: Detect and skip invalid relocations 2017-11-05 09:52:16 +01:00
mpparse.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
msr.c x86/msr: Remove bogus cleanup from the error path 2016-12-25 10:47:41 +01:00
nmi.c x86/nmi: Use raw lock 2017-08-16 20:40:09 +02:00
nmi_selftest.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
paravirt-spinlocks.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
paravirt.c x86/paravirt: Remove no longer used paravirt functions 2017-09-13 10:55:15 +02:00
paravirt_patch_32.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
paravirt_patch_64.c x86/paravirt: Dont patch flush_tlb_single 2017-12-17 14:27:52 +01:00
pci-calgary_64.c x86: remove arch specific dma_supported implementation 2017-06-28 06:54:46 -07:00
pci-dma.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pci-iommu_table.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pci-nommu.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pci-swiotlb.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcspeaker.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
perf_regs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
platform-quirks.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pmem.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
probe_roms.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
process.c x86/entry/64: Make cpu_entry_area.tss read-only 2017-12-17 14:27:52 +01:00
process_32.c x86/entry/64: Make cpu_entry_area.tss read-only 2017-12-17 14:27:52 +01:00
process_64.c x86/entry/64: Make cpu_entry_area.tss read-only 2017-12-17 14:27:52 +01:00
ptrace.c x86/arch_prctl/64: Rename do_arch_prctl() to do_arch_prctl_64() 2017-03-20 16:10:32 +01:00
pvclock.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/nmi.h> 2017-03-02 08:42:30 +01:00
quirks.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
reboot.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
reboot_fixups_32.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
relocate_kernel_32.S
relocate_kernel_64.S x86/mm, kexec: Fix memory corruption with SME on successive kexecs 2017-07-30 12:09:12 +02:00
resource.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rtc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
setup.c x86/mm/64: Initialize CR4.PCIDE early 2017-09-13 09:54:43 +02:00
setup_percpu.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
signal.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
signal_compat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smp.c x86/tracing: Disentangle pagefault and resched IPI tracing key 2017-08-29 11:42:29 +02:00
smpboot.c init: Invoke init_espfix_bsp() from mm_init() 2017-12-22 20:13:05 +01:00
stacktrace.c stacktrace/x86: add function for detecting reliable stack traces 2017-03-08 09:18:02 +01:00
step.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sys_x86_64.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sysfb.c
sysfb_efi.c Merge branch 'linus' into efi/core, to pick up fixes 2016-05-07 07:00:07 +02:00
sysfb_simplefb.c x86/sysfb: Fix lfb_size calculation 2016-11-16 09:38:23 +01:00
tboot.c iommu/vt-d: Correctly disable Intel IOMMU force on 2017-06-15 16:41:10 +02:00
tce_64.c x86/cpufeature: Remove cpu_has_clflush 2016-03-31 13:35:09 +02:00
time.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tls.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tls.h
topology.c
trace_clock.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tracepoint.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
traps.c x86/cpu_entry_area: Move it out of the fixmap 2017-12-22 20:13:05 +01:00
tsc.c x86/smpboot: Make optimization of delay calibration work correctly 2017-11-07 16:04:54 +01:00
tsc_msr.c x86/tsc: Set TSC_KNOWN_FREQ and TSC_RELIABLE flags on Intel Atom SoCs 2016-11-18 10:58:31 +01:00
tsc_sync.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
unwind_frame.c x86/unwind: Disable unwinder warnings on 32-bit 2017-10-10 12:49:49 +02:00
unwind_guess.c x86/unwind: Add the ORC unwinder 2017-07-26 13:18:20 +02:00
unwind_orc.c x86/unwinder: Handle stack overflows more gracefully 2017-12-17 13:59:52 +01:00
uprobes.c uprobes/x86: Fix RIP-relative handling of EVEX-encoded instructions 2016-08-12 08:29:24 +02:00
verify_cpu.S x86/boot: Annotate verify_cpu() as a callable function 2017-09-28 09:39:03 +02:00
vm86_32.c Merge commit 'upstream-x86-entry' into WIP.x86/mm 2017-12-17 12:58:53 +01:00
vmlinux.lds.S x86/entry: Align entry text section to PMD boundary 2017-12-23 21:13:00 +01:00
vsmp_64.c
x86_init.c x86/virt, x86/platform: Merge 'struct x86_hyper' into 'struct x86_platform' and 'struct x86_init' 2017-11-10 10:03:12 +01:00