[RFC GIT PULL] Page Table Isolation (PTI), x86 syscall entry code changes

From: Ingo Molnar
Date: Sun Dec 17 2017 - 10:24:46 EST


Linus,

Please pull the latest WIP.x86-pti.entry-for-linus git tree from:

git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git WIP.x86-pti.entry-for-linus

# HEAD: 6cbd2171e89b13377261d15e64384df60ecb530e x86/cpufeatures: Make CPU bugs sticky

The main changes here are Andy Lutomirski's changes to switch the x86-64 entry
code to use the 'per CPU entry trampoline stack'. This, besides helping fix KASLR
leaks (the pending Page Table Isolation (PTI) work), also robustifies the x86
entry code.

Thanks,

Ingo

------------------>
Andy Lutomirski (21):
x86/unwinder/orc: Dont bail on stack overflow
x86/irq: Remove an old outdated comment about context tracking races
x86/irq/64: Print the offending IP in the stack overflow warning
x86/entry/64: Allocate and enable the SYSENTER stack
x86/dumpstack: Add get_stack_info() support for the SYSENTER stack
x86/entry/gdt: Put per-CPU GDT remaps in ascending order
x86/mm/fixmap: Generalize the GDT fixmap mechanism, introduce struct cpu_entry_area
x86/kasan/64: Teach KASAN about the cpu_entry_area
x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
x86/dumpstack: Handle stack overflow on all stacks
x86/entry: Move SYSENTER_stack to the beginning of struct tss_struct
x86/entry: Remap the TSS into the CPU entry area
x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0
x86/espfix/64: Stop assuming that pt_regs is on the entry stack
x86/entry/64: Use a per-CPU trampoline stack for IDT entries
x86/entry/64: Return to userspace from the trampoline stack
x86/entry/64: Create a per-CPU SYSCALL entry trampoline
x86/entry/64: Move the IST stacks into struct cpu_entry_area
x86/entry/64: Remove the SYSENTER stack canary
x86/entry: Clean up the SYSENTER_stack code
x86/entry/64: Make cpu_entry_area.tss read-only

Boris Ostrovsky (1):
x86/entry/64/paravirt: Use paravirt-safe macro to access eflags

Josh Poimboeuf (1):
x86/unwinder: Handle stack overflows more gracefully

Thomas Gleixner (3):
x86/paravirt: Dont patch flush_tlb_single
x86/paravirt: Provide a way to check for hypervisors
x86/cpufeatures: Make CPU bugs sticky

arch/x86/entry/entry_32.S | 6 +-
arch/x86/entry/entry_64.S | 189 +++++++++++++++++++++++++++++++-----
arch/x86/entry/entry_64_compat.S | 7 +-
arch/x86/include/asm/cpufeature.h | 2 +
arch/x86/include/asm/desc.h | 11 +--
arch/x86/include/asm/fixmap.h | 68 ++++++++++++-
arch/x86/include/asm/hypervisor.h | 25 +++--
arch/x86/include/asm/irqflags.h | 3 +
arch/x86/include/asm/kdebug.h | 1 +
arch/x86/include/asm/paravirt.h | 9 ++
arch/x86/include/asm/processor.h | 59 ++++++-----
arch/x86/include/asm/stacktrace.h | 3 +
arch/x86/include/asm/switch_to.h | 8 +-
arch/x86/include/asm/thread_info.h | 2 +-
arch/x86/include/asm/traps.h | 1 -
arch/x86/include/asm/unwind.h | 7 ++
arch/x86/kernel/asm-offsets.c | 6 ++
arch/x86/kernel/asm-offsets_32.c | 9 +-
arch/x86/kernel/asm-offsets_64.c | 4 +
arch/x86/kernel/cpu/common.c | 170 +++++++++++++++++++++++---------
arch/x86/kernel/doublefault.c | 36 ++++---
arch/x86/kernel/dumpstack.c | 74 +++++++++++---
arch/x86/kernel/dumpstack_32.c | 6 ++
arch/x86/kernel/dumpstack_64.c | 6 ++
arch/x86/kernel/ioport.c | 2 +-
arch/x86/kernel/irq.c | 12 ---
arch/x86/kernel/irq_64.c | 4 +-
arch/x86/kernel/paravirt_patch_64.c | 2 -
arch/x86/kernel/process.c | 19 ++--
arch/x86/kernel/process_32.c | 2 +-
arch/x86/kernel/process_64.c | 14 +--
arch/x86/kernel/traps.c | 69 +++++++------
arch/x86/kernel/unwind_orc.c | 88 +++++++----------
arch/x86/kernel/vmlinux.lds.S | 9 ++
arch/x86/kvm/vmx.c | 2 +-
arch/x86/lib/delay.c | 4 +-
arch/x86/mm/kasan_init_64.c | 18 +++-
arch/x86/power/cpu.c | 16 +--
arch/x86/xen/enlighten_pv.c | 2 +-
arch/x86/xen/mmu_pv.c | 2 +-
40 files changed, 691 insertions(+), 286 deletions(-)