x86: implement kernel page table isolation
Implement a set of per-cpu trampoline stacks which all interrupts and exceptions will initially land on, and also as an intermediate stack for privilege changes as we need some stack space to swap page tables. Set up the special trampoline page which contains all the trampoline stacks, TSS, and GDT. This page needs to be present in the user page tables or interrupts don't work. CPU exceptions, with KPTI turned on, are treated as interrupts and not traps so that we have IRQs locked on exception entry. Add some additional macros for defining IDT entries. Add special handling of locore text/rodata sections when creating user mode page tables on x86-64. Restore qemu_x86_64 to use KPTI, and remove restrictions on enabling user mode on x86-64. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit is contained in:
Andrew Boie
Anas Nashif
parent
cc45266fdc
commit
e34f1cee06
12 changed files with 493 additions and 139 deletions
|
|
@ -26,8 +26,18 @@ extern u8_t _exception_stack1[];
|
|||
extern u8_t _exception_stack2[];
|
||||
extern u8_t _exception_stack3[];
|
||||
|
||||
#ifdef CONFIG_X86_KPTI
|
||||
extern u8_t z_x86_trampoline_stack[];
|
||||
extern u8_t z_x86_trampoline_stack1[];
|
||||
extern u8_t z_x86_trampoline_stack2[];
|
||||
extern u8_t z_x86_trampoline_stack3[];
|
||||
#endif /* CONFIG_X86_KPTI */
|
||||
|
||||
Z_GENERIC_SECTION(.tss)
|
||||
struct x86_tss64 tss0 = {
|
||||
#ifdef CONFIG_X86_KPTI
|
||||
.ist2 = (u64_t) z_x86_trampoline_stack + Z_X86_TRAMPOLINE_STACK_SIZE,
|
||||
#endif
|
||||
.ist7 = (u64_t) _exception_stack + CONFIG_EXCEPTION_STACK_SIZE,
|
||||
.iomapb = 0xFFFF,
|
||||
.cpu = &(_kernel.cpus[0])
|
||||
|
|
@ -36,6 +46,9 @@ struct x86_tss64 tss0 = {
|
|||
#if CONFIG_MP_NUM_CPUS > 1
|
||||
Z_GENERIC_SECTION(.tss)
|
||||
struct x86_tss64 tss1 = {
|
||||
#ifdef CONFIG_X86_KPTI
|
||||
.ist2 = (u64_t) z_x86_trampoline_stack1 + Z_X86_TRAMPOLINE_STACK_SIZE,
|
||||
#endif
|
||||
.ist7 = (u64_t) _exception_stack1 + CONFIG_EXCEPTION_STACK_SIZE,
|
||||
.iomapb = 0xFFFF,
|
||||
.cpu = &(_kernel.cpus[1])
|
||||
|
|
@ -45,6 +58,9 @@ struct x86_tss64 tss1 = {
|
|||
#if CONFIG_MP_NUM_CPUS > 2
|
||||
Z_GENERIC_SECTION(.tss)
|
||||
struct x86_tss64 tss2 = {
|
||||
#ifdef CONFIG_X86_KPTI
|
||||
.ist2 = (u64_t) z_x86_trampoline_stack2 + Z_X86_TRAMPOLINE_STACK_SIZE,
|
||||
#endif
|
||||
.ist7 = (u64_t) _exception_stack2 + CONFIG_EXCEPTION_STACK_SIZE,
|
||||
.iomapb = 0xFFFF,
|
||||
.cpu = &(_kernel.cpus[2])
|
||||
|
|
@ -54,6 +70,9 @@ struct x86_tss64 tss2 = {
|
|||
#if CONFIG_MP_NUM_CPUS > 3
|
||||
Z_GENERIC_SECTION(.tss)
|
||||
struct x86_tss64 tss3 = {
|
||||
#ifdef CONFIG_X86_KPTI
|
||||
.ist2 = (u64_t) z_x86_trampoline_stack3 + Z_X86_TRAMPOLINE_STACK_SIZE,
|
||||
#endif
|
||||
.ist7 = (u64_t) _exception_stack3 + CONFIG_EXCEPTION_STACK_SIZE,
|
||||
.iomapb = 0xFFFF,
|
||||
.cpu = &(_kernel.cpus[3])
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue