[RFC PATCH v3 8/8] x86/entry/pti: don't switch PGD when TIF_DISABLE_PTI_NOW is set

From: Willy Tarreau
Date: Wed Jan 10 2018 - 14:29:35 EST

Next message: Willy Tarreau: "[RFC PATCH v3 6/8] x86/pti: don't mark the user PGD with _PAGE_NX."
Previous message: Willy Tarreau: "[RFC PATCH v3 0/8] Per process PTI activation"
In reply to: Willy Tarreau: "[RFC PATCH v3 7/8] x86/entry/pti: avoid setting CR3 when it's already correct"
Next in thread: Willy Tarreau: "[RFC PATCH v3 6/8] x86/pti: don't mark the user PGD with _PAGE_NX."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When a syscall returns to userspace with TIF_DISABLE_PTI_NOW set on
the task, it means it is configured to disable page table isolation
(PTI). In this case, returns from kernel to user will not switch the
CR3, leaving it to the kernel one which already maps both user and
kernel pages. This avoids a TLB flush, and saves another one on next
entry.

Thanks to these changes, haproxy running under KVM went back from
12700 conn/s (without PCID) or 19700 (with PCID) to 23100 once loaded
after calling prctl(), indicating that PTI has no measurable impact on
this workload.

Signed-off-by: Willy Tarreau <w@xxxxxx>
Cc: Andy Lutomirski <luto@xxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Brian Gerst <brgerst@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>

v3:
- switched back to using a task flag

v2:
- use pti_disable instead of task flag
---
arch/x86/entry/calling.h | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h
index 19c6790..563478d 100644
--- a/arch/x86/entry/calling.h
+++ b/arch/x86/entry/calling.h
@@ -1,5 +1,6 @@
/* SPDX-License-Identifier: GPL-2.0 */
#include <linux/jump_label.h>
+#include <asm/thread_info.h>
#include <asm/unwind_hints.h>
#include <asm/cpufeatures.h>
#include <asm/page_types.h>
@@ -229,6 +230,12 @@

.macro SWITCH_TO_USER_CR3_NOSTACK scratch_reg:req scratch_reg2:req
ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_PTI
+
+ /* This task may be exempt from PTI */
+ movq PER_CPU_VAR(current_task), \scratch_reg
+ btq $TIF_DISABLE_PTI_NOW, TASK_TI_flags(\scratch_reg)
+ jc .Lend_\@
+
mov %cr3, \scratch_reg

ALTERNATIVE "jmp .Lwrcr3_\@", "", X86_FEATURE_PCID
--
1.7.12.1

Next message: Willy Tarreau: "[RFC PATCH v3 6/8] x86/pti: don't mark the user PGD with _PAGE_NX."
Previous message: Willy Tarreau: "[RFC PATCH v3 0/8] Per process PTI activation"
In reply to: Willy Tarreau: "[RFC PATCH v3 7/8] x86/entry/pti: avoid setting CR3 when it's already correct"
Next in thread: Willy Tarreau: "[RFC PATCH v3 6/8] x86/pti: don't mark the user PGD with _PAGE_NX."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]