Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)

From: Laura Abbott
Date: Mon Nov 20 2017 - 17:51:09 EST

Next message: Logan Gunthorpe: "Re: [GIT PULL] NTB bug fixes for v4.15"
Previous message: Milian Wolff: "Re: [RFC] perf script: modify field selection option"
In reply to: Will Deacon: "Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)"
Next in thread: Will Deacon: "Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/17/2017 10:21 AM, Will Deacon wrote:

Hi all,

This patch series implements something along the lines of KAISER for arm64:

https://gruss.cc/files/kaiser.pdf

although I wrote this from scratch because the paper has some funny
assumptions about how the architecture works. There is a patch series
in review for x86, which follows a similar approach:

http://lkml.kernel.org/r/<20171110193058.BECA7D88@xxxxxxxxxxxxxxxxxx>

and the topic was recently covered by LWN (currently subscriber-only):

https://lwn.net/Articles/738975/

The basic idea is that transitions to and from userspace are proxied
through a trampoline page which is mapped into a separate page table and
can switch the full kernel mapping in and out on exception entry and
exit respectively. This is a valuable defence against various KASLR and
timing attacks, particularly as the trampoline page is at a fixed virtual
address and therefore the kernel text can be randomized independently.

The major consequences of the trampoline are:

* We can no longer make use of global mappings for kernel space, so
each task is assigned two ASIDs: one for user mappings and one for
kernel mappings

* Our ASID moves into TTBR1 so that we can quickly switch between the
trampoline and kernel page tables

* Switching TTBR0 always requires use of the zero page, so we can
dispense with some of our errata workaround code.

* entry.S gets more complicated to read

The performance hit from this series isn't as bad as I feared: things
like cyclictest and kernbench seem to be largely unaffected, although
syscall micro-benchmarks appear to show that syscall overhead is roughly
doubled, and this has an impact on things like hackbench which exhibits
a ~10% hit due to its heavy context-switching.

Patches based on 4.14 and also pushed here:

git://git.kernel.org/pub/scm/linux/kernel/git/will/linux.git kaiser

Feedback welcome,

Will

Passed some basic tests on Hikey Android and my Mustang box. I'll
leave the Mustang building kernels for a few days. You're welcome
to add Tested-by or I can re-test on v2.

Thanks,
Laura

Next message: Logan Gunthorpe: "Re: [GIT PULL] NTB bug fixes for v4.15"
Previous message: Milian Wolff: "Re: [RFC] perf script: modify field selection option"
In reply to: Will Deacon: "Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)"
Next in thread: Will Deacon: "Re: [PATCH 00/18] arm64: Unmap the kernel whilst running in userspace (KAISER)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]