OS-6547: Implement KPTI

Details

Issue Type:Bug
Priority:3 - Elevated
Status:Resolved
Created at:2018-01-04T14:18:14.235Z
Updated at:2018-06-09T14:18:59.166Z

People

Created by:Former user
Reported by:Former user
Assigned to:Former user

Resolution

Fixed: A fix for this issue is checked into the tree and tested.
(Resolution Date: 2018-03-28T19:55:23.400Z)

Fix Versions

2018-03-15 Nibelheim (Release Date: 2018-03-15)

Related Issues

Comments

Comment by Former user
Created at 2018-03-08T15:06:30.714Z

The fundamental approach behind the fix is to:


Comment by Former user
Created at 2018-03-08T15:09:52.961Z

I can't speak for @accountid:62561a9f9770e60071696c8f and @accountid:62431b8f258562006fa2866a who aren't around right now, but this has been running (with the follow on PCID fixes) on staging-1 and staging-2 for quite a while now.

In terms of explicit testing, a lot of stepping through traps and syscalls, testing with kpti=0, hitting the unusual trap paths (such as explicit ints from userspace), etc., LDT usage, was done. The changes were loaded in various ways - as well as staging, a bunch of KVM load (starts/stops/stress-ng, etc.) as well as Illumos builds.

Aside from the staging machines this was also tested in various ways under VMWare, and a few differently sized machines.


Comment by Former user
Created at 2018-03-08T15:11:13.978Z

Additionally this was ported across to the bhyve branch just to check we're not going to clash there.


Comment by Jira Bot
Created at 2018-03-12T18:35:58.856Z

illumos-joyent commit d85fbfe15cf9925f83722b6d62da49d549af615c (branch master, by Alex Wilson)

OS-6547 Implement KPTI
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Approved by: Jerry Jelinek <jerry.jelinek@joyent.com>