Re: [RFC 5/7] x86/asm: Rearrange struct cpu_tss to enlarge SYSENTER_stack and fix alignment

[Andy Lutomirski]

On Fri, Nov 10, 2017 at 8:05 PM, Andy Lutomirski <luto@xxxxxxxxxx> wrote:
> The Intel SDM says (Volume 3, 7.2.1):
>
>    Avoid placing a page boundary in the part of the TSS that the
>    processor reads during a task switch (the first 104 bytes). The
>    processor may not correctly perform address translations if a
>    boundary occurs in this area. During a task switch, the processor
>    reads and writes into the first 104 bytes of each TSS (using
>    contiguous physical addresses beginning with the physical address
>    of the first byte of the TSS). So, after TSS access begins, if
>    part of the 104 bytes is not physically contiguous, the processor
>    will access incorrect information without generating a page-fault
>    exception.

Hmm.  I should add that I suspect we rarely if ever hit this problem
in practice because (a) we only ever task switch on 32-bit
doublefaults, (b) if the old register state gets corrupted by this
issue during a doublefault, we might not notice, and (c) there is
probably rarely a page boundary in the wrong place.  I suspect that
regular kernel entries have the same issue but that esp0 and ss0 were
always in the same page due to cacheline alignment.

FWIW, we really do virtually map the percpu section AFAICT.  The code
does not appear to guarantee that percpu variables are physically
contiguous.

I'd love to make this mapping RO, but the SDM advises against that.  I
don't know whether there's a real concern (on 64-bit) or whether it's
just being overly cautious.