Documentation: x86: convert pti.txt to reST

This converts the plain text documentation to reStructuredText format and
add it to Sphinx TOC tree. No essential content change.

Signed-off-by: Changbin Du <changbin.du@gmail.com>
Reviewed-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
This commit is contained in:
Changbin Du 2019-05-08 23:21:29 +08:00 committed by Jonathan Corbet
parent 0c7180f2e4
commit ea0765e835
2 changed files with 14 additions and 4 deletions

View File

@ -21,3 +21,4 @@ x86-specific Documentation
protection-keys protection-keys
intel_mpx intel_mpx
amd-memory-encryption amd-memory-encryption
pti

View File

@ -1,9 +1,15 @@
.. SPDX-License-Identifier: GPL-2.0
==========================
Page Table Isolation (PTI)
==========================
Overview Overview
======== ========
Page Table Isolation (pti, previously known as KAISER[1]) is a Page Table Isolation (pti, previously known as KAISER [1]_) is a
countermeasure against attacks on the shared user/kernel address countermeasure against attacks on the shared user/kernel address
space such as the "Meltdown" approach[2]. space such as the "Meltdown" approach [2]_.
To mitigate this class of attacks, we create an independent set of To mitigate this class of attacks, we create an independent set of
page tables for use only when running userspace applications. When page tables for use only when running userspace applications. When
@ -60,6 +66,7 @@ Protection against side-channel attacks is important. But,
this protection comes at a cost: this protection comes at a cost:
1. Increased Memory Use 1. Increased Memory Use
a. Each process now needs an order-1 PGD instead of order-0. a. Each process now needs an order-1 PGD instead of order-0.
(Consumes an additional 4k per process). (Consumes an additional 4k per process).
b. The 'cpu_entry_area' structure must be 2MB in size and 2MB b. The 'cpu_entry_area' structure must be 2MB in size and 2MB
@ -68,6 +75,7 @@ this protection comes at a cost:
is decompressed, but no space in the kernel image itself. is decompressed, but no space in the kernel image itself.
2. Runtime Cost 2. Runtime Cost
a. CR3 manipulation to switch between the page table copies a. CR3 manipulation to switch between the page table copies
must be done at interrupt, syscall, and exception entry must be done at interrupt, syscall, and exception entry
and exit (it can be skipped when the kernel is interrupted, and exit (it can be skipped when the kernel is interrupted,
@ -142,6 +150,7 @@ ideally doing all of these in parallel:
interrupted, including nested NMIs. Using "-c" boosts the rate of interrupted, including nested NMIs. Using "-c" boosts the rate of
NMIs, and using two -c with separate counters encourages nested NMIs NMIs, and using two -c with separate counters encourages nested NMIs
and less deterministic behavior. and less deterministic behavior.
::
while true; do perf record -c 10000 -e instructions,cycles -a sleep 10; done while true; do perf record -c 10000 -e instructions,cycles -a sleep 10; done
@ -182,5 +191,5 @@ that are worth noting here.
tended to be TLB invalidation issues. Usually invalidating tended to be TLB invalidation issues. Usually invalidating
the wrong PCID, or otherwise missing an invalidation. the wrong PCID, or otherwise missing an invalidation.
1. https://gruss.cc/files/kaiser.pdf .. [1] https://gruss.cc/files/kaiser.pdf
2. https://meltdownattack.com/meltdown.pdf .. [2] https://meltdownattack.com/meltdown.pdf