• D
    x86/pti: Leave kernel text global for !PCID · 8c06c774
    Dave Hansen 提交于
    Global pages are bad for hardening because they potentially let an
    exploit read the kernel image via a Meltdown-style attack which
    makes it easier to find gadgets.
    
    But, global pages are good for performance because they reduce TLB
    misses when making user/kernel transitions, especially when PCIDs
    are not available, such as on older hardware, or where a hypervisor
    has disabled them for some reason.
    
    This patch implements a basic, sane policy: If you have PCIDs, you
    only map a minimal amount of kernel text global.  If you do not have
    PCIDs, you map all kernel text global.
    
    This policy effectively makes PCIDs something that not only adds
    performance but a little bit of hardening as well.
    
    I ran a simple "lseek" microbenchmark[1] to test the benefit on
    a modern Atom microserver.  Most of the benefit comes from applying
    the series before this patch ("entry only"), but there is still a
    signifiant benefit from this patch.
    
      No Global Lines (baseline  ): 6077741 lseeks/sec
      88 Global Lines (entry only): 7528609 lseeks/sec (+23.9%)
      94 Global Lines (this patch): 8433111 lseeks/sec (+38.8%)
    
    [1.] https://github.com/antonblanchard/will-it-scale/blob/master/tests/lseek1.cSigned-off-by: NDave Hansen <dave.hansen@linux.intel.com>
    Cc: Andrea Arcangeli <aarcange@redhat.com>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Arjan van de Ven <arjan@linux.intel.com>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Dan Williams <dan.j.williams@intel.com>
    Cc: David Woodhouse <dwmw2@infradead.org>
    Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Cc: Hugh Dickins <hughd@google.com>
    Cc: Josh Poimboeuf <jpoimboe@redhat.com>
    Cc: Juergen Gross <jgross@suse.com>
    Cc: Kees Cook <keescook@google.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Nadav Amit <namit@vmware.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: linux-mm@kvack.org
    Link: http://lkml.kernel.org/r/20180406205518.E3D989EB@viggo.jf.intel.comSigned-off-by: NIngo Molnar <mingo@kernel.org>
    8c06c774
pti.c 12.6 KB