diff options
author | Andy Lutomirski <luto@amacapital.net> | 2014-11-11 12:49:41 -0800 |
---|---|---|
committer | Andy Lutomirski <luto@amacapital.net> | 2015-01-02 10:22:45 -0800 |
commit | 48e08d0fb265b007ebbb29a72297ff7e40938969 (patch) | |
tree | 424a8207cc53c2b0dfbd9fb12bee15952ce822ae /Documentation/x86/x86_64 | |
parent | 734d16801349fbe951d2f780191d32c5b8a892d1 (diff) | |
download | op-kernel-dev-48e08d0fb265b007ebbb29a72297ff7e40938969.zip op-kernel-dev-48e08d0fb265b007ebbb29a72297ff7e40938969.tar.gz |
x86, entry: Switch stacks on a paranoid entry from userspace
This causes all non-NMI, non-double-fault kernel entries from
userspace to run on the normal kernel stack. Double-fault is
exempt to minimize confusion if we double-fault directly from
userspace due to a bad kernel stack.
This is, suprisingly, simpler and shorter than the current code. It
removes the IMO rather frightening paranoid_userspace path, and it
make sync_regs much simpler.
There is no risk of stack overflow due to this change -- the kernel
stack that we switch to is empty.
This will also enable us to create non-atomic sections within
machine checks from userspace, which will simplify memory failure
handling. It will also allow the upcoming fsgsbase code to be
simplified, because it doesn't need to worry about usergs when
scheduling in paranoid_exit, as that code no longer exists.
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Tony Luck <tony.luck@intel.com>
Acked-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Diffstat (limited to 'Documentation/x86/x86_64')
-rw-r--r-- | Documentation/x86/x86_64/kernel-stacks | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/Documentation/x86/x86_64/kernel-stacks b/Documentation/x86/x86_64/kernel-stacks index a01eec5..e3c8a49 100644 --- a/Documentation/x86/x86_64/kernel-stacks +++ b/Documentation/x86/x86_64/kernel-stacks @@ -40,9 +40,11 @@ An IST is selected by a non-zero value in the IST field of an interrupt-gate descriptor. When an interrupt occurs and the hardware loads such a descriptor, the hardware automatically sets the new stack pointer based on the IST value, then invokes the interrupt handler. If -software wants to allow nested IST interrupts then the handler must -adjust the IST values on entry to and exit from the interrupt handler. -(This is occasionally done, e.g. for debug exceptions.) +the interrupt came from user mode, then the interrupt handler prologue +will switch back to the per-thread stack. If software wants to allow +nested IST interrupts then the handler must adjust the IST values on +entry to and exit from the interrupt handler. (This is occasionally +done, e.g. for debug exceptions.) Events with different IST codes (i.e. with different stacks) can be nested. For example, a debug interrupt can safely be interrupted by an |