Print this page
8956 Implement KPTI
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>

*** 1,10 **** /* * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. */ /* ! * Copyright 2016 Joyent, Inc. */ #ifndef _SYS_SEGMENTS_H #define _SYS_SEGMENTS_H --- 1,10 ---- /* * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. */ /* ! * Copyright 2018 Joyent, Inc. */ #ifndef _SYS_SEGMENTS_H #define _SYS_SEGMENTS_H
*** 96,128 **** * with a DPL below user (ring 3) the int $n will generate a #gp fault * which the hypervisor catches and forwards to the guest. */ #if defined(__xpv) - #if defined(__amd64) - #define SEL_XPL 0 /* hypervisor privilege level */ #define SEL_KPL 3 /* both kernel and user in ring 3 */ #define TRP_KPL 1 /* system gate priv (user blocked) */ - - #elif defined(__i386) - - #define SEL_XPL 0 /* hypervisor privilege level */ - #define SEL_KPL 1 /* kernel privilege level */ - #define TRP_KPL SEL_KPL /* system gate priv (user blocked) */ - - #endif /* __i386 */ - #define TRP_XPL 0 /* system gate priv (hypervisor) */ #else /* __xpv */ #define SEL_KPL 0 /* kernel privilege level on metal */ #define TRP_KPL SEL_KPL /* system gate priv (user blocked) */ #endif /* __xpv */ #define SEL_UPL 3 /* user priority level */ #define TRP_UPL 3 /* system gate priv (user allowed) */ #define SEL_TI_LDT 4 /* local descriptor table */ #define SEL_LDT(s) (IDXTOSEL(s) | SEL_TI_LDT | SEL_UPL) /* local sel */ #define CPL_MASK 3 /* RPL mask for selector */ --- 96,129 ---- * with a DPL below user (ring 3) the int $n will generate a #gp fault * which the hypervisor catches and forwards to the guest. */ #if defined(__xpv) #define SEL_XPL 0 /* hypervisor privilege level */ #define SEL_KPL 3 /* both kernel and user in ring 3 */ #define TRP_KPL 1 /* system gate priv (user blocked) */ #define TRP_XPL 0 /* system gate priv (hypervisor) */ + #define IST_DBG 0 + #else /* __xpv */ #define SEL_KPL 0 /* kernel privilege level on metal */ #define TRP_KPL SEL_KPL /* system gate priv (user blocked) */ + + #define IST_DF 1 + #define IST_NMI 2 + #define IST_MCE 3 + #define IST_DBG 4 + #define IST_NESTABLE 5 + #define IST_DEFAULT 6 + #endif /* __xpv */ + #define IST_NONE 0 + #define SEL_UPL 3 /* user priority level */ #define TRP_UPL 3 /* system gate priv (user allowed) */ #define SEL_TI_LDT 4 /* local descriptor table */ #define SEL_LDT(s) (IDXTOSEL(s) | SEL_TI_LDT | SEL_UPL) /* local sel */ #define CPL_MASK 3 /* RPL mask for selector */
*** 399,408 **** --- 400,411 ---- extern void set_usegd(user_desc_t *, void *, size_t, uint_t, uint_t, uint_t, uint_t); #endif /* __i386 */ + extern uint_t idt_vector_to_ist(uint_t); + extern void set_gatesegd(gate_desc_t *, void (*)(void), selector_t, uint_t, uint_t, uint_t); extern void set_syssegd(system_desc_t *, void *, size_t, uint_t, uint_t);
*** 644,653 **** --- 647,660 ---- #define LDT_ALTSIGCALL 5 /* EOL me, alternate call gate for sigreturn */ #define LDT_UDBASE 6 /* user descriptor base index */ #define MINNLDT 512 /* Current min solaris ldt size (1 4K page) */ #define MAXNLDT 8192 /* max solaris ldt size (16 4K pages) */ + #ifdef _KERNEL + #define LDT_CPU_SIZE (16 * 4096) /* Size of kernel per-CPU allocation */ + #endif + #ifndef _ASM extern gate_desc_t *idt0; extern desctbr_t idt0_default_reg; extern user_desc_t *gdt0;
*** 684,697 **** --- 691,721 ---- extern void achktrap(), mcetrap(); extern void xmtrap(); extern void fasttrap(); extern void dtrace_ret(); + /* KPTI trampolines */ + extern void tr_invaltrap(); + extern void tr_div0trap(), tr_dbgtrap(), tr_nmiint(), tr_brktrap(); + extern void tr_ovflotrap(), tr_boundstrap(), tr_invoptrap(), tr_ndptrap(); + #if !defined(__xpv) + extern void tr_syserrtrap(); + #endif + extern void tr_invaltrap(), tr_invtsstrap(), tr_segnptrap(), tr_stktrap(); + extern void tr_gptrap(), tr_pftrap(), tr_ndperr(); + extern void tr_overrun(), tr_resvtrap(); + extern void tr_achktrap(), tr_mcetrap(); + extern void tr_xmtrap(); + extern void tr_fasttrap(); + extern void tr_dtrace_ret(); + #if !defined(__amd64) extern void pentium_pftrap(); #endif + extern uint64_t kpti_enable; + #endif /* _ASM */ #ifdef __cplusplus } #endif