Re: [PATCH] [v3] x86/doc: add PTI description
From: Randy Dunlap
Date: Fri Jan 05 2018 - 01:57:51 EST
On 01/04/18 21:38, Dave Hansen wrote:
> +Page Table Management
> +=====================
> +
> +When PTI is enabled, the kernel manages two sets of page tables.
> +The first set is very similar to the single set which is present in
> +kernels without PTI. This includes a complete mapping of userspace
> +that the kernel can use for things like copy_to_user().
> +
> +Although _complete_, the user portion of the kernel page tables is
> +crippled by setting the NX bit in the top level. This ensures
> +that any missed kernel->user CR3 switch will immediately crash
> +userspace upon executing its first instruction.
> +
> +The userspace page tables map only the kernel data needed to enter
> +and exit the kernel. This data is entirely contained in the 'struct
> +cpu_entry_area' structure which is placed in the fixmap which gives
> +each CPU's copy of the area has a compile-time-fixed virtual
> +address.
drop /has/ above.
> +
> +For new userspace mappings, the kernel makes the entries in its
> +page tables like normal. The only difference is when the kernel
> +makes entries in the top (PGD) level. In addition to setting the
> +entry in the main kernel PGD, a copy of the entry is made in the
> +userspace page tables' PGD.
--
~Randy