summaryrefslogtreecommitdiffstats
path: root/Documentation/x86/x86_64
diff options
context:
space:
mode:
authorAndy Lutomirski <luto@amacapital.net>2014-11-11 12:49:41 -0800
committerAndy Lutomirski <luto@amacapital.net>2015-01-02 10:22:45 -0800
commit48e08d0fb265b007ebbb29a72297ff7e40938969 (patch)
tree424a8207cc53c2b0dfbd9fb12bee15952ce822ae /Documentation/x86/x86_64
parent734d16801349fbe951d2f780191d32c5b8a892d1 (diff)
downloadop-kernel-dev-48e08d0fb265b007ebbb29a72297ff7e40938969.zip
op-kernel-dev-48e08d0fb265b007ebbb29a72297ff7e40938969.tar.gz
x86, entry: Switch stacks on a paranoid entry from userspace
This causes all non-NMI, non-double-fault kernel entries from userspace to run on the normal kernel stack. Double-fault is exempt to minimize confusion if we double-fault directly from userspace due to a bad kernel stack. This is, suprisingly, simpler and shorter than the current code. It removes the IMO rather frightening paranoid_userspace path, and it make sync_regs much simpler. There is no risk of stack overflow due to this change -- the kernel stack that we switch to is empty. This will also enable us to create non-atomic sections within machine checks from userspace, which will simplify memory failure handling. It will also allow the upcoming fsgsbase code to be simplified, because it doesn't need to worry about usergs when scheduling in paranoid_exit, as that code no longer exists. Cc: Oleg Nesterov <oleg@redhat.com> Cc: Andi Kleen <andi@firstfloor.org> Cc: Tony Luck <tony.luck@intel.com> Acked-by: Borislav Petkov <bp@alien8.de> Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Diffstat (limited to 'Documentation/x86/x86_64')
-rw-r--r--Documentation/x86/x86_64/kernel-stacks8
1 files changed, 5 insertions, 3 deletions
diff --git a/Documentation/x86/x86_64/kernel-stacks b/Documentation/x86/x86_64/kernel-stacks
index a01eec5..e3c8a49 100644
--- a/Documentation/x86/x86_64/kernel-stacks
+++ b/Documentation/x86/x86_64/kernel-stacks
@@ -40,9 +40,11 @@ An IST is selected by a non-zero value in the IST field of an
interrupt-gate descriptor. When an interrupt occurs and the hardware
loads such a descriptor, the hardware automatically sets the new stack
pointer based on the IST value, then invokes the interrupt handler. If
-software wants to allow nested IST interrupts then the handler must
-adjust the IST values on entry to and exit from the interrupt handler.
-(This is occasionally done, e.g. for debug exceptions.)
+the interrupt came from user mode, then the interrupt handler prologue
+will switch back to the per-thread stack. If software wants to allow
+nested IST interrupts then the handler must adjust the IST values on
+entry to and exit from the interrupt handler. (This is occasionally
+done, e.g. for debug exceptions.)
Events with different IST codes (i.e. with different stacks) can be
nested. For example, a debug interrupt can safely be interrupted by an
OpenPOWER on IntegriCloud