[RFC PATCH v3 1/8] x86/thread_info: add TIF_DISABLE_PTI_{NOW,NEXT} to disable PTI per task
From: Willy Tarreau
Date: Wed Jan 10 2018 - 14:33:26 EST
The first flag indicates that the current task will not use page table
isolation. The second indicates that page table isolation must be turned
off only after the next execve().
Signed-off-by: Willy Tarreau <w@xxxxxx>
Cc: Andy Lutomirski <luto@xxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Brian Gerst <brgerst@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
v3:
- switched back to task flags
- used two flags to avoid undesired propagation over execve()
- more explicitly renamed the flags
---
arch/x86/include/asm/thread_info.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 0022333..4f248b6 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -127,6 +127,19 @@ struct thread_info {
#define _TIF_FSCHECK (1 << TIF_FSCHECK)
/*
+ * The following flags only exist on x86-64. Their equivalent mask will not be
+ * usable from assembly code due to the presence of '1UL' which doesn't parse
+ * there.
+ */
+#ifdef CONFIG_X86_64
+# define TIF_DISABLE_PTI_NOW 32 /* disable PTI for this task */
+# define TIF_DISABLE_PTI_NEXT 33 /* disable PTI after next execve() */
+
+# define _TIF_DISABLE_PTI_NOW (1UL << TIF_DISABLE_PTI_NOW)
+# define _TIF_DISABLE_PTI_NEXT (1UL << TIF_DISABLE_PTI_NEXT)
+#endif
+
+/*
* work to do in syscall_trace_enter(). Also includes TIF_NOHZ for
* enter_from_user_mode()
*/
--
1.7.12.1