Commit 1fb3b526 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'docs-5.2a' of git://git.lwn.net/linux

Pull more documentation updates from Jonathan Corbet:
 "Some late arriving documentation changes. In particular, this contains
  the conversion of the x86 docs to RST, which has been in the works for
  some time but needed a couple of final tweaks"

* tag 'docs-5.2a' of git://git.lwn.net/linux: (29 commits)
  Documentation: x86: convert x86_64/machinecheck to reST
  Documentation: x86: convert x86_64/cpu-hotplug-spec to reST
  Documentation: x86: convert x86_64/fake-numa-for-cpusets to reST
  Documentation: x86: convert x86_64/5level-paging.txt to reST
  Documentation: x86: convert x86_64/mm.txt to reST
  Documentation: x86: convert x86_64/uefi.txt to reST
  Documentation: x86: convert x86_64/boot-options.txt to reST
  Documentation: x86: convert i386/IO-APIC.txt to reST
  Documentation: x86: convert usb-legacy-support.txt to reST
  Documentation: x86: convert orc-unwinder.txt to reST
  Documentation: x86: convert resctrl_ui.txt to reST
  Documentation: x86: convert microcode.txt to reST
  Documentation: x86: convert pti.txt to reST
  Documentation: x86: convert amd-memory-encryption.txt to reST
  Documentation: x86: convert intel_mpx.txt to reST
  Documentation: x86: convert protection-keys.txt to reST
  Documentation: x86: convert pat.txt to reST
  Documentation: x86: convert mtrr.txt to reST
  Documentation: x86: convert tlb.txt to reST
  Documentation: x86: convert zero-page.txt to reST
  ...
parents e290e6af afbd4d42
...@@ -112,6 +112,7 @@ implementation. ...@@ -112,6 +112,7 @@ implementation.
.. toctree:: .. toctree::
:maxdepth: 2 :maxdepth: 2
x86/index
sh/index sh/index
Filesystem Documentation Filesystem Documentation
......
...@@ -1915,7 +1915,10 @@ The following commonly-used handler.action pairs are available: ...@@ -1915,7 +1915,10 @@ The following commonly-used handler.action pairs are available:
The 'matching.event' specification is simply the fully qualified The 'matching.event' specification is simply the fully qualified
event name of the event that matches the target event for the event name of the event that matches the target event for the
onmatch() functionality, in the form 'system.event_name'. onmatch() functionality, in the form 'system.event_name'. Histogram
keys of both events are compared to find if events match. In case
multiple histogram keys are used, they all must match in the specified
order.
Finally, the number and type of variables/fields in the 'param Finally, the number and type of variables/fields in the 'param
list' must match the number and types of the fields in the list' must match the number and types of the fields in the
...@@ -1978,9 +1981,9 @@ The following commonly-used handler.action pairs are available: ...@@ -1978,9 +1981,9 @@ The following commonly-used handler.action pairs are available:
/sys/kernel/debug/tracing/events/sched/sched_waking/trigger /sys/kernel/debug/tracing/events/sched/sched_waking/trigger
Then, when the corresponding thread is actually scheduled onto the Then, when the corresponding thread is actually scheduled onto the
CPU by a sched_switch event, calculate the latency and use that CPU by a sched_switch event (saved_pid matches next_pid), calculate
along with another variable and an event field to generate a the latency and use that along with another variable and an event field
wakeup_latency synthetic event:: to generate a wakeup_latency synthetic event::
# echo 'hist:keys=next_pid:wakeup_lat=common_timestamp.usecs-$ts0:\ # echo 'hist:keys=next_pid:wakeup_lat=common_timestamp.usecs-$ts0:\
onmatch(sched.sched_waking).wakeup_latency($wakeup_lat,\ onmatch(sched.sched_waking).wakeup_latency($wakeup_lat,\
......
...@@ -249,13 +249,13 @@ essere categorizzate in: ...@@ -249,13 +249,13 @@ essere categorizzate in:
| |
2. Licenze non raccomandate: 2. Licenze deprecate:
Questo tipo di licenze dovrebbero essere usate solo per codice già esistente Questo tipo di licenze dovrebbero essere usate solo per codice già esistente
o quando si prende codice da altri progetti. Le licenze sono disponibili o quando si prende codice da altri progetti. Le licenze sono disponibili
nei sorgenti del kernel nella cartella:: nei sorgenti del kernel nella cartella::
LICENSES/other/ LICENSES/deprecated/
I file in questa cartella contengono il testo completo della licenza e i I file in questa cartella contengono il testo completo della licenza e i
`Metatag`_. Il nome di questi file è lo stesso usato come identificatore `Metatag`_. Il nome di questi file è lo stesso usato come identificatore
...@@ -263,14 +263,14 @@ essere categorizzate in: ...@@ -263,14 +263,14 @@ essere categorizzate in:
Esempi:: Esempi::
LICENSES/other/ISC LICENSES/deprecated/ISC
Contiene il testo della licenza Internet System Consortium e i suoi Contiene il testo della licenza Internet System Consortium e i suoi
metatag:: metatag::
LICENSES/other/ZLib LICENSES/deprecated/GPL-1.0
Contiene il testo della licenza ZLIB e i suoi metatag. Contiene il testo della versione 1 della licenza GPL e i suoi metatag.
Metatag: Metatag:
...@@ -294,7 +294,55 @@ essere categorizzate in: ...@@ -294,7 +294,55 @@ essere categorizzate in:
| |
3. _`Eccezioni`: 3. Solo per doppie licenze
Queste licenze dovrebbero essere usate solamente per codice licenziato in
combinazione con un'altra licenza che solitamente è quella preferita.
Queste licenze sono disponibili nei sorgenti del kernel nella cartella::
LICENSES/dual
I file in questa cartella contengono il testo completo della rispettiva
licenza e i suoi `Metatags`_. I nomi dei file sono identici agli
identificatori di licenza SPDX che dovrebbero essere usati nei file
sorgenti.
Esempi::
LICENSES/dual/MPL-1.1
Questo file contiene il testo della versione 1.1 della licenza *Mozilla
Pulic License* e i metatag necessari::
LICENSES/dual/Apache-2.0
Questo file contiene il testo della versione 2.0 della licenza Apache e i
metatag necessari.
Metatag:
I requisiti per le 'altre' ('*other*') licenze sono identici a quelli per le
`Licenze raccomandate`_.
Esempio del formato del file::
Valid-License-Identifier: MPL-1.1
SPDX-URL: https://spdx.org/licenses/MPL-1.1.html
Usage-Guide:
Do NOT use. The MPL-1.1 is not GPL2 compatible. It may only be used for
dual-licensed files where the other license is GPL2 compatible.
If you end up using this it MUST be used together with a GPL2 compatible
license using "OR".
To use the Mozilla Public License version 1.1 put the following SPDX
tag/value pair into a comment according to the placement guidelines in
the licensing rules documentation:
SPDX-License-Identifier: MPL-1.1
License-Text:
Full license text
|
4. _`Eccezioni`:
Alcune licenze possono essere corrette con delle eccezioni che forniscono Alcune licenze possono essere corrette con delle eccezioni che forniscono
diritti aggiuntivi. Queste eccezioni sono disponibili nei sorgenti del diritti aggiuntivi. Queste eccezioni sono disponibili nei sorgenti del
......
.. SPDX-License-Identifier: GPL-2.0
=====================
AMD Memory Encryption
=====================
Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) are Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) are
features found on AMD processors. features found on AMD processors.
...@@ -34,7 +40,7 @@ is operating in 64-bit or 32-bit PAE mode, in all other modes the SEV hardware ...@@ -34,7 +40,7 @@ is operating in 64-bit or 32-bit PAE mode, in all other modes the SEV hardware
forces the memory encryption bit to 1. forces the memory encryption bit to 1.
Support for SME and SEV can be determined through the CPUID instruction. The Support for SME and SEV can be determined through the CPUID instruction. The
CPUID function 0x8000001f reports information related to SME: CPUID function 0x8000001f reports information related to SME::
0x8000001f[eax]: 0x8000001f[eax]:
Bit[0] indicates support for SME Bit[0] indicates support for SME
...@@ -48,14 +54,14 @@ CPUID function 0x8000001f reports information related to SME: ...@@ -48,14 +54,14 @@ CPUID function 0x8000001f reports information related to SME:
addresses) addresses)
If support for SME is present, MSR 0xc00100010 (MSR_K8_SYSCFG) can be used to If support for SME is present, MSR 0xc00100010 (MSR_K8_SYSCFG) can be used to
determine if SME is enabled and/or to enable memory encryption: determine if SME is enabled and/or to enable memory encryption::
0xc0010010: 0xc0010010:
Bit[23] 0 = memory encryption features are disabled Bit[23] 0 = memory encryption features are disabled
1 = memory encryption features are enabled 1 = memory encryption features are enabled
If SEV is supported, MSR 0xc0010131 (MSR_AMD64_SEV) can be used to determine if If SEV is supported, MSR 0xc0010131 (MSR_AMD64_SEV) can be used to determine if
SEV is active: SEV is active::
0xc0010131: 0xc0010131:
Bit[0] 0 = memory encryption is not active Bit[0] 0 = memory encryption is not active
...@@ -68,6 +74,7 @@ requirements for the system. If this bit is not set upon Linux startup then ...@@ -68,6 +74,7 @@ requirements for the system. If this bit is not set upon Linux startup then
Linux itself will not set it and memory encryption will not be possible. Linux itself will not set it and memory encryption will not be possible.
The state of SME in the Linux kernel can be documented as follows: The state of SME in the Linux kernel can be documented as follows:
- Supported: - Supported:
The CPU supports SME (determined through CPUID instruction). The CPU supports SME (determined through CPUID instruction).
......
.. SPDX-License-Identifier: GPL-2.0
============
Early Printk
============
Mini-HOWTO for using the earlyprintk=dbgp boot option with a Mini-HOWTO for using the earlyprintk=dbgp boot option with a
USB2 Debug port key and a debug cable, on x86 systems. USB2 Debug port key and a debug cable, on x86 systems.
You need two computers, the 'USB debug key' special gadget and You need two computers, the 'USB debug key' special gadget and
and two USB cables, connected like this: and two USB cables, connected like this::
[host/target] <-------> [USB debug key] <-------> [client/console] [host/target] <-------> [USB debug key] <-------> [client/console]
1. There are a number of specific hardware requirements: Hardware requirements
=====================
a.) Host/target system needs to have USB debug port capability.
a) Host/target system needs to have USB debug port capability.
You can check this capability by looking at a 'Debug port' bit in
the lspci -vvv output: You can check this capability by looking at a 'Debug port' bit in
the lspci -vvv output::
# lspci -vvv
... # lspci -vvv
00:1d.7 USB Controller: Intel Corporation 82801H (ICH8 Family) USB2 EHCI Controller #1 (rev 03) (prog-if 20 [EHCI]) ...
Subsystem: Lenovo ThinkPad T61 00:1d.7 USB Controller: Intel Corporation 82801H (ICH8 Family) USB2 EHCI Controller #1 (rev 03) (prog-if 20 [EHCI])
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Subsystem: Lenovo ThinkPad T61
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
Latency: 0 Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin D routed to IRQ 19 Latency: 0
Region 0: Memory at fe227000 (32-bit, non-prefetchable) [size=1K] Interrupt: pin D routed to IRQ 19
Capabilities: [50] Power Management version 2 Region 0: Memory at fe227000 (32-bit, non-prefetchable) [size=1K]
Flags: PMEClk- DSI- D1- D2- AuxCurrent=375mA PME(D0+,D1-,D2-,D3hot+,D3cold+) Capabilities: [50] Power Management version 2
Status: D0 PME-Enable- DSel=0 DScale=0 PME+ Flags: PMEClk- DSI- D1- D2- AuxCurrent=375mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Capabilities: [58] Debug port: BAR=1 offset=00a0 Status: D0 PME-Enable- DSel=0 DScale=0 PME+
Capabilities: [58] Debug port: BAR=1 offset=00a0
^^^^^^^^^^^ <==================== [ HERE ] ^^^^^^^^^^^ <==================== [ HERE ]
Kernel driver in use: ehci_hcd Kernel driver in use: ehci_hcd
Kernel modules: ehci-hcd Kernel modules: ehci-hcd
... ...
( If your system does not list a debug port capability then you probably .. note::
won't be able to use the USB debug key. ) If your system does not list a debug port capability then you probably
won't be able to use the USB debug key.
b.) You also need a NetChip USB debug cable/key: b) You also need a NetChip USB debug cable/key:
http://www.plxtech.com/products/NET2000/NET20DC/default.asp http://www.plxtech.com/products/NET2000/NET20DC/default.asp
This is a small blue plastic connector with two USB connections; This is a small blue plastic connector with two USB connections;
it draws power from its USB connections. it draws power from its USB connections.
c.) You need a second client/console system with a high speed USB 2.0 c) You need a second client/console system with a high speed USB 2.0 port.
port.
d.) The NetChip device must be plugged directly into the physical d) The NetChip device must be plugged directly into the physical
debug port on the "host/target" system. You cannot use a USB hub in debug port on the "host/target" system. You cannot use a USB hub in
between the physical debug port and the "host/target" system. between the physical debug port and the "host/target" system.
The EHCI debug controller is bound to a specific physical USB The EHCI debug controller is bound to a specific physical USB
...@@ -65,29 +71,31 @@ and two USB cables, connected like this: ...@@ -65,29 +71,31 @@ and two USB cables, connected like this:
to the hardware vendor, because there is no reason not to wire to the hardware vendor, because there is no reason not to wire
this port into one of the physically accessible ports. this port into one of the physically accessible ports.
e.) It is also important to note, that many versions of the NetChip e) It is also important to note, that many versions of the NetChip
device require the "client/console" system to be plugged into the device require the "client/console" system to be plugged into the
right hand side of the device (with the product logo facing up and right hand side of the device (with the product logo facing up and
readable left to right). The reason being is that the 5 volt readable left to right). The reason being is that the 5 volt
power supply is taken from only one side of the device and it power supply is taken from only one side of the device and it
must be the side that does not get rebooted. must be the side that does not get rebooted.
2. Software requirements: Software requirements
=====================
a.) On the host/target system: a) On the host/target system:
You need to enable the following kernel config option: You need to enable the following kernel config option::
CONFIG_EARLY_PRINTK_DBGP=y CONFIG_EARLY_PRINTK_DBGP=y
And you need to add the boot command line: "earlyprintk=dbgp". And you need to add the boot command line: "earlyprintk=dbgp".
(If you are using Grub, append it to the 'kernel' line in .. note::
/etc/grub.conf. If you are using Grub2 on a BIOS firmware system, If you are using Grub, append it to the 'kernel' line in
append it to the 'linux' line in /boot/grub2/grub.cfg. If you are /etc/grub.conf. If you are using Grub2 on a BIOS firmware system,
using Grub2 on an EFI firmware system, append it to the 'linux' append it to the 'linux' line in /boot/grub2/grub.cfg. If you are
or 'linuxefi' line in /boot/grub2/grub.cfg or using Grub2 on an EFI firmware system, append it to the 'linux'
/boot/efi/EFI/<distro>/grub.cfg.) or 'linuxefi' line in /boot/grub2/grub.cfg or
/boot/efi/EFI/<distro>/grub.cfg.
On systems with more than one EHCI debug controller you must On systems with more than one EHCI debug controller you must
specify the correct EHCI debug controller number. The ordering specify the correct EHCI debug controller number. The ordering
...@@ -96,14 +104,15 @@ and two USB cables, connected like this: ...@@ -96,14 +104,15 @@ and two USB cables, connected like this:
controller. To use the second EHCI debug controller, you would controller. To use the second EHCI debug controller, you would
use the command line: "earlyprintk=dbgp1" use the command line: "earlyprintk=dbgp1"
NOTE: normally earlyprintk console gets turned off once the .. note::
regular console is alive - use "earlyprintk=dbgp,keep" to keep normally earlyprintk console gets turned off once the
this channel open beyond early bootup. This can be useful for regular console is alive - use "earlyprintk=dbgp,keep" to keep
debugging crashes under Xorg, etc. this channel open beyond early bootup. This can be useful for
debugging crashes under Xorg, etc.
b.) On the client/console system: b) On the client/console system:
You should enable the following kernel config option: You should enable the following kernel config option::
CONFIG_USB_SERIAL_DEBUG=y CONFIG_USB_SERIAL_DEBUG=y
...@@ -115,27 +124,28 @@ and two USB cables, connected like this: ...@@ -115,27 +124,28 @@ and two USB cables, connected like this:
it up to use /dev/ttyUSB0 - or use a raw 'cat /dev/ttyUSBx' to it up to use /dev/ttyUSB0 - or use a raw 'cat /dev/ttyUSBx' to
see the raw output. see the raw output.
c.) On Nvidia Southbridge based systems: the kernel will try to probe c) On Nvidia Southbridge based systems: the kernel will try to probe
and find out which port has a debug device connected. and find out which port has a debug device connected.
3. Testing that it works fine: Testing
=======
You can test the output by using earlyprintk=dbgp,keep and provoking You can test the output by using earlyprintk=dbgp,keep and provoking
kernel messages on the host/target system. You can provoke a harmless kernel messages on the host/target system. You can provoke a harmless
kernel message by for example doing: kernel message by for example doing::
echo h > /proc/sysrq-trigger echo h > /proc/sysrq-trigger
On the host/target system you should see this help line in "dmesg" output: On the host/target system you should see this help line in "dmesg" output::
SysRq : HELP : loglevel(0-9) reBoot Crashdump terminate-all-tasks(E) memory-full-oom-kill(F) kill-all-tasks(I) saK show-backtrace-all-active-cpus(L) show-memory-usage(M) nice-all-RT-tasks(N) powerOff show-registers(P) show-all-timers(Q) unRaw Sync show-task-states(T) Unmount show-blocked-tasks(W) dump-ftrace-buffer(Z) SysRq : HELP : loglevel(0-9) reBoot Crashdump terminate-all-tasks(E) memory-full-oom-kill(F) kill-all-tasks(I) saK show-backtrace-all-active-cpus(L) show-memory-usage(M) nice-all-RT-tasks(N) powerOff show-registers(P) show-all-timers(Q) unRaw Sync show-task-states(T) Unmount show-blocked-tasks(W) dump-ftrace-buffer(Z)
On the client/console system do: On the client/console system do::
cat /dev/ttyUSB0 cat /dev/ttyUSB0
And you should see the help line above displayed shortly after you've And you should see the help line above displayed shortly after you've
provoked it on the host system. provoked it on the host system.
If it does not work then please ask about it on the linux-kernel@vger.kernel.org If it does not work then please ask about it on the linux-kernel@vger.kernel.org
mailing list or contact the x86 maintainers. mailing list or contact the x86 maintainers.
.. SPDX-License-Identifier: GPL-2.0
==============
Kernel Entries
==============
This file documents some of the kernel entries in This file documents some of the kernel entries in
arch/x86/entry/entry_64.S. A lot of this explanation is adapted from arch/x86/entry/entry_64.S. A lot of this explanation is adapted from
an email from Ingo Molnar: an email from Ingo Molnar:
...@@ -59,7 +65,7 @@ Now, there's a secondary complication: there's a cheap way to test ...@@ -59,7 +65,7 @@ Now, there's a secondary complication: there's a cheap way to test
which mode the CPU is in and an expensive way. which mode the CPU is in and an expensive way.
The cheap way is to pick this info off the entry frame on the kernel The cheap way is to pick this info off the entry frame on the kernel
stack, from the CS of the ptregs area of the kernel stack: stack, from the CS of the ptregs area of the kernel stack::
xorl %ebx,%ebx xorl %ebx,%ebx
testl $3,CS+8(%rsp) testl $3,CS+8(%rsp)
...@@ -67,7 +73,7 @@ stack, from the CS of the ptregs area of the kernel stack: ...@@ -67,7 +73,7 @@ stack, from the CS of the ptregs area of the kernel stack:
SWAPGS SWAPGS
The expensive (paranoid) way is to read back the MSR_GS_BASE value The expensive (paranoid) way is to read back the MSR_GS_BASE value
(which is what SWAPGS modifies): (which is what SWAPGS modifies)::
movl $1,%ebx movl $1,%ebx
movl $MSR_GS_BASE,%ecx movl $MSR_GS_BASE,%ecx
...@@ -76,7 +82,7 @@ The expensive (paranoid) way is to read back the MSR_GS_BASE value ...@@ -76,7 +82,7 @@ The expensive (paranoid) way is to read back the MSR_GS_BASE value
js 1f /* negative -> in kernel */ js 1f /* negative -> in kernel */
SWAPGS SWAPGS
xorl %ebx,%ebx xorl %ebx,%ebx
1: ret 1: ret
If we are at an interrupt or user-trap/gate-alike boundary then we can If we are at an interrupt or user-trap/gate-alike boundary then we can
use the faster check: the stack will be a reliable indicator of use the faster check: the stack will be a reliable indicator of
......
.. SPDX-License-Identifier: GPL-2.0
=======
IO-APIC
=======
:Author: Ingo Molnar <mingo@kernel.org>
Most (all) Intel-MP compliant SMP boards have the so-called 'IO-APIC', Most (all) Intel-MP compliant SMP boards have the so-called 'IO-APIC',
which is an enhanced interrupt controller. It enables us to route which is an enhanced interrupt controller. It enables us to route
hardware interrupts to multiple CPUs, or to CPU groups. Without an hardware interrupts to multiple CPUs, or to CPU groups. Without an
...@@ -13,9 +21,8 @@ usually worked around by the kernel. If your MP-compliant SMP board does ...@@ -13,9 +21,8 @@ usually worked around by the kernel. If your MP-compliant SMP board does
not boot Linux, then consult the linux-smp mailing list archives first. not boot Linux, then consult the linux-smp mailing list archives first.
If your box boots fine with enabled IO-APIC IRQs, then your If your box boots fine with enabled IO-APIC IRQs, then your
/proc/interrupts will look like this one: /proc/interrupts will look like this one::
---------------------------->
hell:~> cat /proc/interrupts hell:~> cat /proc/interrupts
CPU0 CPU0
0: 1360293 IO-APIC-edge timer 0: 1360293 IO-APIC-edge timer
...@@ -28,7 +35,6 @@ If your box boots fine with enabled IO-APIC IRQs, then your ...@@ -28,7 +35,6 @@ If your box boots fine with enabled IO-APIC IRQs, then your
NMI: 0 NMI: 0
ERR: 0 ERR: 0
hell:~> hell:~>
<----------------------------
Some interrupts are still listed as 'XT PIC', but this is not a problem; Some interrupts are still listed as 'XT PIC', but this is not a problem;
none of those IRQ sources is performance-critical. none of those IRQ sources is performance-critical.
...@@ -37,14 +43,14 @@ none of those IRQ sources is performance-critical. ...@@ -37,14 +43,14 @@ none of those IRQ sources is performance-critical.
In the unlikely case that your board does not create a working mp-table, In the unlikely case that your board does not create a working mp-table,
you can use the pirq= boot parameter to 'hand-construct' IRQ entries. This you can use the pirq= boot parameter to 'hand-construct' IRQ entries. This
is non-trivial though and cannot be automated. One sample /etc/lilo.conf is non-trivial though and cannot be automated. One sample /etc/lilo.conf
entry: entry::
append="pirq=15,11,10" append="pirq=15,11,10"
The actual numbers depend on your system, on your PCI cards and on their The actual numbers depend on your system, on your PCI cards and on their
PCI slot position. Usually PCI slots are 'daisy chained' before they are PCI slot position. Usually PCI slots are 'daisy chained' before they are
connected to the PCI chipset IRQ routing facility (the incoming PIRQ1-4 connected to the PCI chipset IRQ routing facility (the incoming PIRQ1-4
lines): lines)::
,-. ,-. ,-. ,-. ,-. ,-. ,-. ,-. ,-. ,-.
PIRQ4 ----| |-. ,-| |-. ,-| |-. ,-| |--------| | PIRQ4 ----| |-. ,-| |-. ,-| |-. ,-| |--------| |
...@@ -56,7 +62,7 @@ lines): ...@@ -56,7 +62,7 @@ lines):
PIRQ1 ----| |- `----| |- `----| |- `----| |--------| | PIRQ1 ----| |- `----| |- `----| |- `----| |--------| |
`-' `-' `-' `-' `-' `-' `-' `-' `-' `-'
Every PCI card emits a PCI IRQ, which can be INTA, INTB, INTC or INTD: Every PCI card emits a PCI IRQ, which can be INTA, INTB, INTC or INTD::
,-. ,-.
INTD--| | INTD--| |
...@@ -78,19 +84,19 @@ to have non shared interrupts). Slot5 should be used for videocards, they ...@@ -78,19 +84,19 @@ to have non shared interrupts). Slot5 should be used for videocards, they
do not use interrupts normally, thus they are not daisy chained either. do not use interrupts normally, thus they are not daisy chained either.
so if you have your SCSI card (IRQ11) in Slot1, Tulip card (IRQ9) in so if you have your SCSI card (IRQ11) in Slot1, Tulip card (IRQ9) in
Slot2, then you'll have to specify this pirq= line: Slot2, then you'll have to specify this pirq= line::
append="pirq=11,9" append="pirq=11,9"
the following script tries to figure out such a default pirq= line from the following script tries to figure out such a default pirq= line from
your PCI configuration: your PCI configuration::
echo -n pirq=; echo `scanpci | grep T_L | cut -c56-` | sed 's/ /,/g' echo -n pirq=; echo `scanpci | grep T_L | cut -c56-` | sed 's/ /,/g'
note that this script won't work if you have skipped a few slots or if your note that this script won't work if you have skipped a few slots or if your
board does not do default daisy-chaining. (or the IO-APIC has the PIRQ pins board does not do default daisy-chaining. (or the IO-APIC has the PIRQ pins
connected in some strange way). E.g. if in the above case you have your SCSI connected in some strange way). E.g. if in the above case you have your SCSI
card (IRQ11) in Slot3, and have Slot1 empty: card (IRQ11) in Slot3, and have Slot1 empty::
append="pirq=0,9,11" append="pirq=0,9,11"
...@@ -105,7 +111,7 @@ won't function properly (e.g. if it's inserted as a module). ...@@ -105,7 +111,7 @@ won't function properly (e.g. if it's inserted as a module).
If you have 2 PCI buses, then you can use up to 8 pirq values, although such If you have 2 PCI buses, then you can use up to 8 pirq values, although such
boards tend to have a good configuration. boards tend to have a good configuration.
Be prepared that it might happen that you need some strange pirq line: Be prepared that it might happen that you need some strange pirq line::
append="pirq=0,0,0,0,0,0,9,11" append="pirq=0,0,0,0,0,0,9,11"
...@@ -115,5 +121,3 @@ Good luck and mail to linux-smp@vger.kernel.org or ...@@ -115,5 +121,3 @@ Good luck and mail to linux-smp@vger.kernel.org or
linux-kernel@vger.kernel.org if you have any problems that are not covered linux-kernel@vger.kernel.org if you have any problems that are not covered
by this document. by this document.
-- mingo
.. SPDX-License-Identifier: GPL-2.0
============
i386 Support
============
.. toctree::
:maxdepth: 2
IO-APIC
.. SPDX-License-Identifier: GPL-2.0
==========================
x86-specific Documentation
==========================
.. toctree::
:maxdepth: 2
:numbered:
boot
topology
exception-tables
kernel-stacks
entry_64
earlyprintk
orc-unwinder
zero-page
tlb
mtrr
pat
protection-keys
intel_mpx
amd-memory-encryption
pti
microcode
resctrl_ui
usb-legacy-support
i386/index
x86_64/index
1. Intel(R) MPX Overview .. SPDX-License-Identifier: GPL-2.0
========================
===========================================
Intel(R) Memory Protection Extensions (MPX)
===========================================
Intel(R) MPX Overview
=====================
Intel(R) Memory Protection Extensions (Intel(R) MPX) is a new capability Intel(R) Memory Protection Extensions (Intel(R) MPX) is a new capability
introduced into Intel Architecture. Intel MPX provides hardware features introduced into Intel Architecture. Intel MPX provides hardware features
...@@ -7,7 +13,7 @@ that can be used in conjunction with compiler changes to check memory ...@@ -7,7 +13,7 @@ that can be used in conjunction with compiler changes to check memory
references, for those references whose compile-time normal intentions are references, for those references whose compile-time normal intentions are
usurped at runtime due to buffer overflow or underflow. usurped at runtime due to buffer overflow or underflow.
You can tell if your CPU supports MPX by looking in /proc/cpuinfo: You can tell if your CPU supports MPX by looking in /proc/cpuinfo::
cat /proc/cpuinfo | grep ' mpx ' cat /proc/cpuinfo | grep ' mpx '
...@@ -21,8 +27,8 @@ can be downloaded from ...@@ -21,8 +27,8 @@ can be downloaded from
http://software.intel.com/en-us/articles/intel-software-development-emulator http://software.intel.com/en-us/articles/intel-software-development-emulator
2. How to get the advantage of MPX How to get the advantage of MPX
================================== ===============================
For MPX to work, changes are required in the kernel, binutils and compiler. For MPX to work, changes are required in the kernel, binutils and compiler.
No source changes are required for applications, just a recompile. No source changes are required for applications, just a recompile.
...@@ -84,14 +90,15 @@ Kernel MPX Code: ...@@ -84,14 +90,15 @@ Kernel MPX Code:
is unmapped. is unmapped.
3. How does MPX kernel code work How does MPX kernel code work
================================ =============================
Handling #BR faults caused by MPX Handling #BR faults caused by MPX
--------------------------------- ---------------------------------
When MPX is enabled, there are 2 new situations that can generate When MPX is enabled, there are 2 new situations that can generate
#BR faults. #BR faults.
* new bounds tables (BT) need to be allocated to save bounds. * new bounds tables (BT) need to be allocated to save bounds.
* bounds violation caused by MPX instructions. * bounds violation caused by MPX instructions.
...@@ -124,37 +131,37 @@ the kernel. It can theoretically be done completely from userspace. Here ...@@ -124,37 +131,37 @@ the kernel. It can theoretically be done completely from userspace. Here
are a few ways this could be done. We don't think any of them are practical are a few ways this could be done. We don't think any of them are practical
in the real-world, but here they are. in the real-world, but here they are.
Q: Can virtual space simply be reserved for the bounds tables so that we :Q: Can virtual space simply be reserved for the bounds tables so that we
never have to allocate them? never have to allocate them?
A: MPX-enabled application will possibly create a lot of bounds tables in :A: MPX-enabled application will possibly create a lot of bounds tables in
process address space to save bounds information. These tables can take process address space to save bounds information. These tables can take
up huge swaths of memory (as much as 80% of the memory on the system) up huge swaths of memory (as much as 80% of the memory on the system)
even if we clean them up aggressively. In the worst-case scenario, the even if we clean them up aggressively. In the worst-case scenario, the
tables can be 4x the size of the data structure being tracked. IOW, a tables can be 4x the size of the data structure being tracked. IOW, a
1-page structure can require 4 bounds-table pages. An X-GB virtual 1-page structure can require 4 bounds-table pages. An X-GB virtual
area needs 4*X GB of virtual space, plus 2GB for the bounds directory. area needs 4*X GB of virtual space, plus 2GB for the bounds directory.
If we were to preallocate them for the 128TB of user virtual address If we were to preallocate them for the 128TB of user virtual address
space, we would need to reserve 512TB+2GB, which is larger than the space, we would need to reserve 512TB+2GB, which is larger than the
entire virtual address space today. This means they can not be reserved entire virtual address space today. This means they can not be reserved
ahead of time. Also, a single process's pre-populated bounds directory ahead of time. Also, a single process's pre-populated bounds directory
consumes 2GB of virtual *AND* physical memory. IOW, it's completely consumes 2GB of virtual *AND* physical memory. IOW, it's completely
infeasible to prepopulate bounds directories. infeasible to prepopulate bounds directories.
Q: Can we preallocate bounds table space at the same time memory is :Q: Can we preallocate bounds table space at the same time memory is
allocated which might contain pointers that might eventually need allocated which might contain pointers that might eventually need
bounds tables? bounds tables?
A: This would work if we could hook the site of each and every memory :A: This would work if we could hook the site of each and every memory
allocation syscall. This can be done for small, constrained applications. allocation syscall. This can be done for small, constrained applications.
But, it isn't practical at a larger scale since a given app has no But, it isn't practical at a larger scale since a given app has no
way of controlling how all the parts of the app might allocate memory way of controlling how all the parts of the app might allocate memory
(think libraries). The kernel is really the only place to intercept (think libraries). The kernel is really the only place to intercept
these calls. these calls.
Q: Could a bounds fault be handed to userspace and the tables allocated :Q: Could a bounds fault be handed to userspace and the tables allocated
there in a signal handler instead of in the kernel? there in a signal handler instead of in the kernel?
A: mmap() is not on the list of safe async handler functions and even :A: mmap() is not on the list of safe async handler functions and even
if mmap() would work it still requires locking or nasty tricks to if mmap() would work it still requires locking or nasty tricks to
keep track of the allocation state there. keep track of the allocation state there.
Having ruled out all of the userspace-only approaches for managing Having ruled out all of the userspace-only approaches for managing
bounds tables that we could think of, we create them on demand in bounds tables that we could think of, we create them on demand in
...@@ -167,20 +174,20 @@ If a #BR is generated due to a bounds violation caused by MPX. ...@@ -167,20 +174,20 @@ If a #BR is generated due to a bounds violation caused by MPX.
We need to decode MPX instructions to get violation address and We need to decode MPX instructions to get violation address and
set this address into extended struct siginfo. set this address into extended struct siginfo.
The _sigfault field of struct siginfo is extended as follow: The _sigfault field of struct siginfo is extended as follow::
87 /* SIGILL, SIGFPE, SIGSEGV, SIGBUS */ 87 /* SIGILL, SIGFPE, SIGSEGV, SIGBUS */
88 struct { 88 struct {
89 void __user *_addr; /* faulting insn/memory ref. */ 89 void __user *_addr; /* faulting insn/memory ref. */
90 #ifdef __ARCH_SI_TRAPNO 90 #ifdef __ARCH_SI_TRAPNO
91 int _trapno; /* TRAP # which caused the signal */ 91 int _trapno; /* TRAP # which caused the signal */
92 #endif 92 #endif
93 short _addr_lsb; /* LSB of the reported address */ 93 short _addr_lsb; /* LSB of the reported address */
94 struct { 94 struct {
95 void __user *_lower; 95 void __user *_lower;
96 void __user *_upper; 96 void __user *_upper;
97 } _addr_bnd; 97 } _addr_bnd;
98 } _sigfault; 98 } _sigfault;
The '_addr' field refers to violation address, and new '_addr_and' The '_addr' field refers to violation address, and new '_addr_and'
field refers to the upper/lower bounds when a #BR is caused. field refers to the upper/lower bounds when a #BR is caused.
...@@ -209,9 +216,10 @@ Adding new prctl commands ...@@ -209,9 +216,10 @@ Adding new prctl commands
Two new prctl commands are added to enable and disable MPX bounds tables Two new prctl commands are added to enable and disable MPX bounds tables
management in kernel. management in kernel.
::
155 #define PR_MPX_ENABLE_MANAGEMENT 43 155 #define PR_MPX_ENABLE_MANAGEMENT 43
156 #define PR_MPX_DISABLE_MANAGEMENT 44 156 #define PR_MPX_DISABLE_MANAGEMENT 44
Runtime library in userspace is responsible for allocation of bounds Runtime library in userspace is responsible for allocation of bounds
directory. So kernel have to use XSAVE instruction to get the base directory. So kernel have to use XSAVE instruction to get the base
...@@ -223,8 +231,8 @@ into struct mm_struct to be used in future during PR_MPX_ENABLE_MANAGEMENT ...@@ -223,8 +231,8 @@ into struct mm_struct to be used in future during PR_MPX_ENABLE_MANAGEMENT
command execution. command execution.
4. Special rules Special rules
================ =============
1) If userspace is requesting help from the kernel to do the management 1) If userspace is requesting help from the kernel to do the management
of bounds tables, it may not create or modify entries in the bounds directory. of bounds tables, it may not create or modify entries in the bounds directory.
......
.. SPDX-License-Identifier: GPL-2.0
=============
Kernel Stacks
=============
Kernel stacks on x86-64 bit Kernel stacks on x86-64 bit
--------------------------- ===========================
Most of the text from Keith Owens, hacked by AK Most of the text from Keith Owens, hacked by AK
...@@ -57,7 +63,7 @@ IST events with the same code to be nested. However in most cases, the ...@@ -57,7 +63,7 @@ IST events with the same code to be nested. However in most cases, the
stack size allocated to an IST assumes no nesting for the same code. stack size allocated to an IST assumes no nesting for the same code.
If that assumption is ever broken then the stacks will become corrupt. If that assumption is ever broken then the stacks will become corrupt.
The currently assigned IST stacks are :- The currently assigned IST stacks are:
* ESTACK_DF. EXCEPTION_STKSZ (PAGE_SIZE). * ESTACK_DF. EXCEPTION_STKSZ (PAGE_SIZE).
...@@ -103,7 +109,7 @@ For more details see the Intel IA32 or AMD AMD64 architecture manuals. ...@@ -103,7 +109,7 @@ For more details see the Intel IA32 or AMD AMD64 architecture manuals.
Printing backtraces on x86 Printing backtraces on x86
-------------------------- ==========================
The question about the '?' preceding function names in an x86 stacktrace The question about the '?' preceding function names in an x86 stacktrace
keeps popping up, here's an indepth explanation. It helps if the reader keeps popping up, here's an indepth explanation. It helps if the reader
...@@ -113,7 +119,7 @@ arch/x86/kernel/dumpstack.c. ...@@ -113,7 +119,7 @@ arch/x86/kernel/dumpstack.c.
Adapted from Ingo's mail, Message-ID: <20150521101614.GA10889@gmail.com>: Adapted from Ingo's mail, Message-ID: <20150521101614.GA10889@gmail.com>:
We always scan the full kernel stack for return addresses stored on We always scan the full kernel stack for return addresses stored on
the kernel stack(s) [*], from stack top to stack bottom, and print out the kernel stack(s) [1]_, from stack top to stack bottom, and print out
anything that 'looks like' a kernel text address. anything that 'looks like' a kernel text address.
If it fits into the frame pointer chain, we print it without a question If it fits into the frame pointer chain, we print it without a question
...@@ -141,6 +147,6 @@ that look like kernel text addresses, so if debug information is wrong, ...@@ -141,6 +147,6 @@ that look like kernel text addresses, so if debug information is wrong,
we still print out the real call chain as well - just with more question we still print out the real call chain as well - just with more question
marks than ideal. marks than ideal.
[*] For things like IRQ and IST stacks, we also scan those stacks, in .. [1] For things like IRQ and IST stacks, we also scan those stacks, in
the right order, and try to cross from one stack into another the right order, and try to cross from one stack into another
reconstructing the call chain. This works most of the time. reconstructing the call chain. This works most of the time.
The Linux Microcode Loader .. SPDX-License-Identifier: GPL-2.0
Authors: Fenghua Yu <fenghua.yu@intel.com> ==========================
Borislav Petkov <bp@suse.de> The Linux Microcode Loader
==========================
:Authors: - Fenghua Yu <fenghua.yu@intel.com>
- Borislav Petkov <bp@suse.de>
The kernel has a x86 microcode loading facility which is supposed to The kernel has a x86 microcode loading facility which is supposed to
provide microcode loading methods in the OS. Potential use cases are provide microcode loading methods in the OS. Potential use cases are
...@@ -10,8 +14,8 @@ and updating the microcode on long-running systems without rebooting. ...@@ -10,8 +14,8 @@ and updating the microcode on long-running systems without rebooting.
The loader supports three loading methods: The loader supports three loading methods:
1. Early load microcode Early load microcode
======================= ====================
The kernel can update microcode very early during boot. Loading The kernel can update microcode very early during boot. Loading
microcode early can fix CPU issues before they are observed during microcode early can fix CPU issues before they are observed during
...@@ -26,8 +30,10 @@ loader parses the combined initrd image during boot. ...@@ -26,8 +30,10 @@ loader parses the combined initrd image during boot.
The microcode files in cpio name space are: The microcode files in cpio name space are:
on Intel: kernel/x86/microcode/GenuineIntel.bin on Intel:
on AMD : kernel/x86/microcode/AuthenticAMD.bin kernel/x86/microcode/GenuineIntel.bin
on AMD :
kernel/x86/microcode/AuthenticAMD.bin
During BSP (BootStrapping Processor) boot (pre-SMP), the kernel During BSP (BootStrapping Processor) boot (pre-SMP), the kernel
scans the microcode file in the initrd. If microcode matching the scans the microcode file in the initrd. If microcode matching the
...@@ -42,8 +48,8 @@ Here's a crude example how to prepare an initrd with microcode (this is ...@@ -42,8 +48,8 @@ Here's a crude example how to prepare an initrd with microcode (this is
normally done automatically by the distribution, when recreating the normally done automatically by the distribution, when recreating the
initrd, so you don't really have to do it yourself. It is documented initrd, so you don't really have to do it yourself. It is documented
here for future reference only). here for future reference only).
::
---
#!/bin/bash #!/bin/bash
if [ -z "$1" ]; then if [ -z "$1" ]; then
...@@ -76,15 +82,15 @@ here for future reference only). ...@@ -76,15 +82,15 @@ here for future reference only).
cat ucode.cpio $INITRD.orig > $INITRD cat ucode.cpio $INITRD.orig > $INITRD
rm -rf $TMPDIR rm -rf $TMPDIR
---
The system needs to have the microcode packages installed into The system needs to have the microcode packages installed into
/lib/firmware or you need to fixup the paths above if yours are /lib/firmware or you need to fixup the paths above if yours are
somewhere else and/or you've downloaded them directly from the processor somewhere else and/or you've downloaded them directly from the processor
vendor's site. vendor's site.
2. Late loading Late loading
=============== ============
There are two legacy user space interfaces to load microcode, either through There are two legacy user space interfaces to load microcode, either through
/dev/cpu/microcode or through /sys/devices/system/cpu/microcode/reload file /dev/cpu/microcode or through /sys/devices/system/cpu/microcode/reload file
...@@ -94,9 +100,9 @@ The /dev/cpu/microcode method is deprecated because it needs a special ...@@ -94,9 +100,9 @@ The /dev/cpu/microcode method is deprecated because it needs a special
userspace tool for that. userspace tool for that.
The easier method is simply installing the microcode packages your distro The easier method is simply installing the microcode packages your distro
supplies and running: supplies and running::
# echo 1 > /sys/devices/system/cpu/microcode/reload # echo 1 > /sys/devices/system/cpu/microcode/reload
as root. as root.
...@@ -104,29 +110,29 @@ The loading mechanism looks for microcode blobs in ...@@ -104,29 +110,29 @@ The loading mechanism looks for microcode blobs in
/lib/firmware/{intel-ucode,amd-ucode}. The default distro installation /lib/firmware/{intel-ucode,amd-ucode}. The default distro installation
packages already put them there. packages already put them there.
3. Builtin microcode Builtin microcode
==================== =================
The loader supports also loading of a builtin microcode supplied through The loader supports also loading of a builtin microcode supplied through
the regular builtin firmware method CONFIG_EXTRA_FIRMWARE. Only 64-bit is the regular builtin firmware method CONFIG_EXTRA_FIRMWARE. Only 64-bit is
currently supported. currently supported.
Here's an example: Here's an example::
CONFIG_EXTRA_FIRMWARE="intel-ucode/06-3a-09 amd-ucode/microcode_amd_fam15h.bin" CONFIG_EXTRA_FIRMWARE="intel-ucode/06-3a-09 amd-ucode/microcode_amd_fam15h.bin"
CONFIG_EXTRA_FIRMWARE_DIR="/lib/firmware" CONFIG_EXTRA_FIRMWARE_DIR="/lib/firmware"
This basically means, you have the following tree structure locally: This basically means, you have the following tree structure locally::
/lib/firmware/ /lib/firmware/
|-- amd-ucode |-- amd-ucode
... ...
| |-- microcode_amd_fam15h.bin | |-- microcode_amd_fam15h.bin
... ...
|-- intel-ucode |-- intel-ucode
... ...
| |-- 06-3a-09 | |-- 06-3a-09
... ...
so that the build system can find those files and integrate them into so that the build system can find those files and integrate them into
the final kernel image. The early loader finds them and applies them. the final kernel image. The early loader finds them and applies them.
......
.. SPDX-License-Identifier: GPL-2.0
============
ORC unwinder ORC unwinder
============ ============
Overview Overview
-------- ========
The kernel CONFIG_UNWINDER_ORC option enables the ORC unwinder, which is The kernel CONFIG_UNWINDER_ORC option enables the ORC unwinder, which is
similar in concept to a DWARF unwinder. The difference is that the similar in concept to a DWARF unwinder. The difference is that the
...@@ -23,12 +26,12 @@ correlate instruction addresses with their stack states at run time. ...@@ -23,12 +26,12 @@ correlate instruction addresses with their stack states at run time.
ORC vs frame pointers ORC vs frame pointers
--------------------- =====================
With frame pointers enabled, GCC adds instrumentation code to every With frame pointers enabled, GCC adds instrumentation code to every
function in the kernel. The kernel's .text size increases by about function in the kernel. The kernel's .text size increases by about
3.2%, resulting in a broad kernel-wide slowdown. Measurements by Mel 3.2%, resulting in a broad kernel-wide slowdown. Measurements by Mel
Gorman [1] have shown a slowdown of 5-10% for some workloads. Gorman [1]_ have shown a slowdown of 5-10% for some workloads.
In contrast, the ORC unwinder has no effect on text size or runtime In contrast, the ORC unwinder has no effect on text size or runtime
performance, because the debuginfo is out of band. So if you disable performance, because the debuginfo is out of band. So if you disable
...@@ -55,7 +58,7 @@ depending on the kernel config. ...@@ -55,7 +58,7 @@ depending on the kernel config.
ORC vs DWARF ORC vs DWARF
------------ ============
ORC debuginfo's advantage over DWARF itself is that it's much simpler. ORC debuginfo's advantage over DWARF itself is that it's much simpler.
It gets rid of the complex DWARF CFI state machine and also gets rid of It gets rid of the complex DWARF CFI state machine and also gets rid of
...@@ -65,7 +68,7 @@ mission critical oops code. ...@@ -65,7 +68,7 @@ mission critical oops code.
The simpler debuginfo format also enables the unwinder to be much faster The simpler debuginfo format also enables the unwinder to be much faster
than DWARF, which is important for perf and lockdep. In a basic than DWARF, which is important for perf and lockdep. In a basic
performance test by Jiri Slaby [2], the ORC unwinder was about 20x performance test by Jiri Slaby [2]_, the ORC unwinder was about 20x
faster than an out-of-tree DWARF unwinder. (Note: That measurement was faster than an out-of-tree DWARF unwinder. (Note: That measurement was
taken before some performance tweaks were added, which doubled taken before some performance tweaks were added, which doubled
performance, so the speedup over DWARF may be closer to 40x.) performance, so the speedup over DWARF may be closer to 40x.)
...@@ -85,7 +88,7 @@ still be able to control the format, e.g. no complex state machines. ...@@ -85,7 +88,7 @@ still be able to control the format, e.g. no complex state machines.
ORC unwind table generation ORC unwind table generation
--------------------------- ===========================
The ORC data is generated by objtool. With the existing compile-time The ORC data is generated by objtool. With the existing compile-time
stack metadata validation feature, objtool already follows all code stack metadata validation feature, objtool already follows all code
...@@ -133,7 +136,7 @@ objtool follows GCC code quite well. ...@@ -133,7 +136,7 @@ objtool follows GCC code quite well.
Unwinder implementation details Unwinder implementation details
------------------------------- ===============================
Objtool generates the ORC data by integrating with the compile-time Objtool generates the ORC data by integrating with the compile-time
stack metadata validation feature, which is described in detail in stack metadata validation feature, which is described in detail in
...@@ -154,7 +157,7 @@ subset of the table needs to be searched. ...@@ -154,7 +157,7 @@ subset of the table needs to be searched.
Etymology Etymology
--------- =========
Orcs, fearsome creatures of medieval folklore, are the Dwarves' natural Orcs, fearsome creatures of medieval folklore, are the Dwarves' natural
enemies. Similarly, the ORC unwinder was created in opposition to the enemies. Similarly, the ORC unwinder was created in opposition to the
...@@ -162,7 +165,7 @@ complexity and slowness of DWARF. ...@@ -162,7 +165,7 @@ complexity and slowness of DWARF.
"Although Orcs rarely consider multiple solutions to a problem, they do "Although Orcs rarely consider multiple solutions to a problem, they do
excel at getting things done because they are creatures of action, not excel at getting things done because they are creatures of action, not
thought." [3] Similarly, unlike the esoteric DWARF unwinder, the thought." [3]_ Similarly, unlike the esoteric DWARF unwinder, the
veracious ORC unwinder wastes no time or siloconic effort decoding veracious ORC unwinder wastes no time or siloconic effort decoding
variable-length zero-extended unsigned-integer byte-coded variable-length zero-extended unsigned-integer byte-coded
state-machine-based debug information entries. state-machine-based debug information entries.
...@@ -174,6 +177,6 @@ brutal, unyielding efficiency. ...@@ -174,6 +177,6 @@ brutal, unyielding efficiency.
ORC stands for Oops Rewind Capability. ORC stands for Oops Rewind Capability.
[1] https://lkml.kernel.org/r/20170602104048.jkkzssljsompjdwy@suse.de .. [1] https://lkml.kernel.org/r/20170602104048.jkkzssljsompjdwy@suse.de
[2] https://lkml.kernel.org/r/d2ca5435-6386-29b8-db87-7f227c2b713a@suse.cz .. [2] https://lkml.kernel.org/r/d2ca5435-6386-29b8-db87-7f227c2b713a@suse.cz
[3] http://dustin.wikidot.com/half-orcs-and-orcs .. [3] http://dustin.wikidot.com/half-orcs-and-orcs
.. SPDX-License-Identifier: GPL-2.0
======================
Memory Protection Keys
======================
Memory Protection Keys for Userspace (PKU aka PKEYs) is a feature Memory Protection Keys for Userspace (PKU aka PKEYs) is a feature
which is found on Intel's Skylake "Scalable Processor" Server CPUs. which is found on Intel's Skylake "Scalable Processor" Server CPUs.
It will be avalable in future non-server parts. It will be avalable in future non-server parts.
...@@ -23,9 +29,10 @@ even though there is theoretically space in the PAE PTEs. These ...@@ -23,9 +29,10 @@ even though there is theoretically space in the PAE PTEs. These
permissions are enforced on data access only and have no effect on permissions are enforced on data access only and have no effect on
instruction fetches. instruction fetches.
=========================== Syscalls =========================== Syscalls
========
There are 3 system calls which directly interact with pkeys: There are 3 system calls which directly interact with pkeys::
int pkey_alloc(unsigned long flags, unsigned long init_access_rights) int pkey_alloc(unsigned long flags, unsigned long init_access_rights)
int pkey_free(int pkey); int pkey_free(int pkey);
...@@ -37,6 +44,7 @@ pkey_alloc(). An application calls the WRPKRU instruction ...@@ -37,6 +44,7 @@ pkey_alloc(). An application calls the WRPKRU instruction
directly in order to change access permissions to memory covered directly in order to change access permissions to memory covered
with a key. In this example WRPKRU is wrapped by a C function with a key. In this example WRPKRU is wrapped by a C function
called pkey_set(). called pkey_set().
::
int real_prot = PROT_READ|PROT_WRITE; int real_prot = PROT_READ|PROT_WRITE;
pkey = pkey_alloc(0, PKEY_DISABLE_WRITE); pkey = pkey_alloc(0, PKEY_DISABLE_WRITE);
...@@ -45,43 +53,44 @@ called pkey_set(). ...@@ -45,43 +53,44 @@ called pkey_set().
... application runs here ... application runs here
Now, if the application needs to update the data at 'ptr', it can Now, if the application needs to update the data at 'ptr', it can
gain access, do the update, then remove its write access: gain access, do the update, then remove its write access::
pkey_set(pkey, 0); // clear PKEY_DISABLE_WRITE pkey_set(pkey, 0); // clear PKEY_DISABLE_WRITE
*ptr = foo; // assign something *ptr = foo; // assign something
pkey_set(pkey, PKEY_DISABLE_WRITE); // set PKEY_DISABLE_WRITE again pkey_set(pkey, PKEY_DISABLE_WRITE); // set PKEY_DISABLE_WRITE again
Now when it frees the memory, it will also free the pkey since it Now when it frees the memory, it will also free the pkey since it
is no longer in use: is no longer in use::
munmap(ptr, PAGE_SIZE); munmap(ptr, PAGE_SIZE);
pkey_free(pkey); pkey_free(pkey);
(Note: pkey_set() is a wrapper for the RDPKRU and WRPKRU instructions. .. note:: pkey_set() is a wrapper for the RDPKRU and WRPKRU instructions.
An example implementation can be found in An example implementation can be found in
tools/testing/selftests/x86/protection_keys.c) tools/testing/selftests/x86/protection_keys.c.
=========================== Behavior =========================== Behavior
========
The kernel attempts to make protection keys consistent with the The kernel attempts to make protection keys consistent with the
behavior of a plain mprotect(). For instance if you do this: behavior of a plain mprotect(). For instance if you do this::
mprotect(ptr, size, PROT_NONE); mprotect(ptr, size, PROT_NONE);
something(ptr); something(ptr);
you can expect the same effects with protection keys when doing this: you can expect the same effects with protection keys when doing this::
pkey = pkey_alloc(0, PKEY_DISABLE_WRITE | PKEY_DISABLE_READ); pkey = pkey_alloc(0, PKEY_DISABLE_WRITE | PKEY_DISABLE_READ);
pkey_mprotect(ptr, size, PROT_READ|PROT_WRITE, pkey); pkey_mprotect(ptr, size, PROT_READ|PROT_WRITE, pkey);
something(ptr); something(ptr);
That should be true whether something() is a direct access to 'ptr' That should be true whether something() is a direct access to 'ptr'
like: like::
*ptr = foo; *ptr = foo;
or when the kernel does the access on the application's behalf like or when the kernel does the access on the application's behalf like
with a read(): with a read()::
read(fd, ptr, 1); read(fd, ptr, 1);
......
.. SPDX-License-Identifier: GPL-2.0
==========================
Page Table Isolation (PTI)
==========================
Overview Overview
======== ========
Page Table Isolation (pti, previously known as KAISER[1]) is a Page Table Isolation (pti, previously known as KAISER [1]_) is a
countermeasure against attacks on the shared user/kernel address countermeasure against attacks on the shared user/kernel address
space such as the "Meltdown" approach[2]. space such as the "Meltdown" approach [2]_.
To mitigate this class of attacks, we create an independent set of To mitigate this class of attacks, we create an independent set of
page tables for use only when running userspace applications. When page tables for use only when running userspace applications. When
...@@ -60,6 +66,7 @@ Protection against side-channel attacks is important. But, ...@@ -60,6 +66,7 @@ Protection against side-channel attacks is important. But,
this protection comes at a cost: this protection comes at a cost:
1. Increased Memory Use 1. Increased Memory Use
a. Each process now needs an order-1 PGD instead of order-0. a. Each process now needs an order-1 PGD instead of order-0.
(Consumes an additional 4k per process). (Consumes an additional 4k per process).
b. The 'cpu_entry_area' structure must be 2MB in size and 2MB b. The 'cpu_entry_area' structure must be 2MB in size and 2MB
...@@ -68,6 +75,7 @@ this protection comes at a cost: ...@@ -68,6 +75,7 @@ this protection comes at a cost:
is decompressed, but no space in the kernel image itself. is decompressed, but no space in the kernel image itself.
2. Runtime Cost 2. Runtime Cost
a. CR3 manipulation to switch between the page table copies a. CR3 manipulation to switch between the page table copies
must be done at interrupt, syscall, and exception entry must be done at interrupt, syscall, and exception entry
and exit (it can be skipped when the kernel is interrupted, and exit (it can be skipped when the kernel is interrupted,
...@@ -142,6 +150,7 @@ ideally doing all of these in parallel: ...@@ -142,6 +150,7 @@ ideally doing all of these in parallel:
interrupted, including nested NMIs. Using "-c" boosts the rate of interrupted, including nested NMIs. Using "-c" boosts the rate of
NMIs, and using two -c with separate counters encourages nested NMIs NMIs, and using two -c with separate counters encourages nested NMIs
and less deterministic behavior. and less deterministic behavior.
::
while true; do perf record -c 10000 -e instructions,cycles -a sleep 10; done while true; do perf record -c 10000 -e instructions,cycles -a sleep 10; done
...@@ -182,5 +191,5 @@ that are worth noting here. ...@@ -182,5 +191,5 @@ that are worth noting here.
tended to be TLB invalidation issues. Usually invalidating tended to be TLB invalidation issues. Usually invalidating
the wrong PCID, or otherwise missing an invalidation. the wrong PCID, or otherwise missing an invalidation.
1. https://gruss.cc/files/kaiser.pdf .. [1] https://gruss.cc/files/kaiser.pdf
2. https://meltdownattack.com/meltdown.pdf .. [2] https://meltdownattack.com/meltdown.pdf
.. SPDX-License-Identifier: GPL-2.0
=======
The TLB
=======
When the kernel unmaps or modified the attributes of a range of When the kernel unmaps or modified the attributes of a range of
memory, it has two choices: memory, it has two choices:
1. Flush the entire TLB with a two-instruction sequence. This is 1. Flush the entire TLB with a two-instruction sequence. This is
a quick operation, but it causes collateral damage: TLB entries a quick operation, but it causes collateral damage: TLB entries
from areas other than the one we are trying to flush will be from areas other than the one we are trying to flush will be
...@@ -10,6 +17,7 @@ memory, it has two choices: ...@@ -10,6 +17,7 @@ memory, it has two choices:
damage to other TLB entries. damage to other TLB entries.
Which method to do depends on a few things: Which method to do depends on a few things:
1. The size of the flush being performed. A flush of the entire 1. The size of the flush being performed. A flush of the entire
address space is obviously better performed by flushing the address space is obviously better performed by flushing the
entire TLB than doing 2^48/PAGE_SIZE individual flushes. entire TLB than doing 2^48/PAGE_SIZE individual flushes.
...@@ -33,7 +41,7 @@ well. There is essentially no "right" point to choose. ...@@ -33,7 +41,7 @@ well. There is essentially no "right" point to choose.
You may be doing too many individual invalidations if you see the You may be doing too many individual invalidations if you see the
invlpg instruction (or instructions _near_ it) show up high in invlpg instruction (or instructions _near_ it) show up high in
profiles. If you believe that individual invalidations being profiles. If you believe that individual invalidations being
called too often, you can lower the tunable: called too often, you can lower the tunable::
/sys/kernel/debug/x86/tlb_single_page_flush_ceiling /sys/kernel/debug/x86/tlb_single_page_flush_ceiling
...@@ -43,7 +51,7 @@ Setting it to 1 is a very conservative setting and it should ...@@ -43,7 +51,7 @@ Setting it to 1 is a very conservative setting and it should
never need to be 0 under normal circumstances. never need to be 0 under normal circumstances.
Despite the fact that a single individual flush on x86 is Despite the fact that a single individual flush on x86 is
guaranteed to flush a full 2MB [1], hugetlbfs always uses the full guaranteed to flush a full 2MB [1]_, hugetlbfs always uses the full
flushes. THP is treated exactly the same as normal memory. flushes. THP is treated exactly the same as normal memory.
You might see invlpg inside of flush_tlb_mm_range() show up in You might see invlpg inside of flush_tlb_mm_range() show up in
...@@ -54,15 +62,15 @@ Essentially, you are balancing the cycles you spend doing invlpg ...@@ -54,15 +62,15 @@ Essentially, you are balancing the cycles you spend doing invlpg
with the cycles that you spend refilling the TLB later. with the cycles that you spend refilling the TLB later.
You can measure how expensive TLB refills are by using You can measure how expensive TLB refills are by using
performance counters and 'perf stat', like this: performance counters and 'perf stat', like this::
perf stat -e perf stat -e
cpu/event=0x8,umask=0x84,name=dtlb_load_misses_walk_duration/, cpu/event=0x8,umask=0x84,name=dtlb_load_misses_walk_duration/,
cpu/event=0x8,umask=0x82,name=dtlb_load_misses_walk_completed/, cpu/event=0x8,umask=0x82,name=dtlb_load_misses_walk_completed/,
cpu/event=0x49,umask=0x4,name=dtlb_store_misses_walk_duration/, cpu/event=0x49,umask=0x4,name=dtlb_store_misses_walk_duration/,
cpu/event=0x49,umask=0x2,name=dtlb_store_misses_walk_completed/, cpu/event=0x49,umask=0x2,name=dtlb_store_misses_walk_completed/,
cpu/event=0x85,umask=0x4,name=itlb_misses_walk_duration/, cpu/event=0x85,umask=0x4,name=itlb_misses_walk_duration/,
cpu/event=0x85,umask=0x2,name=itlb_misses_walk_completed/ cpu/event=0x85,umask=0x2,name=itlb_misses_walk_completed/
That works on an IvyBridge-era CPU (i5-3320M). Different CPUs That works on an IvyBridge-era CPU (i5-3320M). Different CPUs
may have differently-named counters, but they should at least may have differently-named counters, but they should at least
...@@ -70,6 +78,6 @@ be there in some form. You can use pmu-tools 'ocperf list' ...@@ -70,6 +78,6 @@ be there in some form. You can use pmu-tools 'ocperf list'
(https://github.com/andikleen/pmu-tools) to find the right (https://github.com/andikleen/pmu-tools) to find the right
counters for a given CPU. counters for a given CPU.
1. A footnote in Intel's SDM "4.10.4.2 Recommended Invalidation" .. [1] A footnote in Intel's SDM "4.10.4.2 Recommended Invalidation"
says: "One execution of INVLPG is sufficient even for a page says: "One execution of INVLPG is sufficient even for a page
with size greater than 4 KBytes." with size greater than 4 KBytes."
.. SPDX-License-Identifier: GPL-2.0
============
x86 Topology x86 Topology
============ ============
...@@ -33,14 +36,14 @@ The topology of a system is described in the units of: ...@@ -33,14 +36,14 @@ The topology of a system is described in the units of:
- cores - cores
- threads - threads
* Package: Package
=======
Packages contain a number of cores plus shared resources, e.g. DRAM Packages contain a number of cores plus shared resources, e.g. DRAM
controller, shared caches etc. controller, shared caches etc.
AMD nomenclature for package is 'Node'. AMD nomenclature for package is 'Node'.
Package-related topology information in the kernel: Package-related topology information in the kernel:
- cpuinfo_x86.x86_max_cores: - cpuinfo_x86.x86_max_cores:
...@@ -66,40 +69,41 @@ The topology of a system is described in the units of: ...@@ -66,40 +69,41 @@ The topology of a system is described in the units of:
- cpu_llc_id: - cpu_llc_id:
A per-CPU variable containing: A per-CPU variable containing:
- On Intel, the first APIC ID of the list of CPUs sharing the Last Level
Cache
- On AMD, the Node ID or Core Complex ID containing the Last Level - On Intel, the first APIC ID of the list of CPUs sharing the Last Level
Cache. In general, it is a number identifying an LLC uniquely on the Cache
system.
* Cores: - On AMD, the Node ID or Core Complex ID containing the Last Level
Cache. In general, it is a number identifying an LLC uniquely on the
system.
A core consists of 1 or more threads. It does not matter whether the threads Cores
are SMT- or CMT-type threads. =====
A core consists of 1 or more threads. It does not matter whether the threads
are SMT- or CMT-type threads.
AMDs nomenclature for a CMT core is "Compute Unit". The kernel always uses AMDs nomenclature for a CMT core is "Compute Unit". The kernel always uses
"core". "core".
Core-related topology information in the kernel: Core-related topology information in the kernel:
- smp_num_siblings: - smp_num_siblings:
The number of threads in a core. The number of threads in a package can be The number of threads in a core. The number of threads in a package can be
calculated by: calculated by::
threads_per_package = cpuinfo_x86.x86_max_cores * smp_num_siblings threads_per_package = cpuinfo_x86.x86_max_cores * smp_num_siblings
* Threads: Threads
=======
A thread is a single scheduling unit. It's the equivalent to a logical Linux
CPU.
A thread is a single scheduling unit. It's the equivalent to a logical Linux AMDs nomenclature for CMT threads is "Compute Unit Core". The kernel always
CPU. uses "thread".
AMDs nomenclature for CMT threads is "Compute Unit Core". The kernel always Thread-related topology information in the kernel:
uses "thread".
Thread-related topology information in the kernel:
- topology_core_cpumask(): - topology_core_cpumask():
...@@ -113,15 +117,15 @@ The topology of a system is described in the units of: ...@@ -113,15 +117,15 @@ The topology of a system is described in the units of:
The cpumask contains all online threads in the core to which a thread The cpumask contains all online threads in the core to which a thread
belongs. belongs.
- topology_logical_package_id(): - topology_logical_package_id():
The logical package ID to which a thread belongs. The logical package ID to which a thread belongs.
- topology_physical_package_id(): - topology_physical_package_id():
The physical package ID to which a thread belongs. The physical package ID to which a thread belongs.
- topology_core_id(); - topology_core_id();
The ID of the core to which a thread belongs. It is also printed in /proc/cpuinfo The ID of the core to which a thread belongs. It is also printed in /proc/cpuinfo
"core_id." "core_id."
...@@ -129,41 +133,41 @@ The topology of a system is described in the units of: ...@@ -129,41 +133,41 @@ The topology of a system is described in the units of:
System topology examples System topology examples
========================
Note: .. note::
The alternative Linux CPU enumeration depends on how the BIOS enumerates the
The alternative Linux CPU enumeration depends on how the BIOS enumerates the threads. Many BIOSes enumerate all threads 0 first and then all threads 1.
threads. Many BIOSes enumerate all threads 0 first and then all threads 1. That has the "advantage" that the logical Linux CPU numbers of threads 0 stay
That has the "advantage" that the logical Linux CPU numbers of threads 0 stay the same whether threads are enabled or not. That's merely an implementation
the same whether threads are enabled or not. That's merely an implementation detail and has no practical impact.
detail and has no practical impact.
1) Single Package, Single Core 1) Single Package, Single Core::
[package 0] -> [core 0] -> [thread 0] -> Linux CPU 0 [package 0] -> [core 0] -> [thread 0] -> Linux CPU 0
2) Single Package, Dual Core 2) Single Package, Dual Core
a) One thread per core a) One thread per core::
[package 0] -> [core 0] -> [thread 0] -> Linux CPU 0 [package 0] -> [core 0] -> [thread 0] -> Linux CPU 0
-> [core 1] -> [thread 0] -> Linux CPU 1 -> [core 1] -> [thread 0] -> Linux CPU 1
b) Two threads per core b) Two threads per core::
[package 0] -> [core 0] -> [thread 0] -> Linux CPU 0 [package 0] -> [core 0] -> [thread 0] -> Linux CPU 0
-> [thread 1] -> Linux CPU 1 -> [thread 1] -> Linux CPU 1
-> [core 1] -> [thread 0] -> Linux CPU 2 -> [core 1] -> [thread 0] -> Linux CPU 2
-> [thread 1] -> Linux CPU 3 -> [thread 1] -> Linux CPU 3
Alternative enumeration: Alternative enumeration::
[package 0] -> [core 0] -> [thread 0] -> Linux CPU 0 [package 0] -> [core 0] -> [thread 0] -> Linux CPU 0
-> [thread 1] -> Linux CPU 2 -> [thread 1] -> Linux CPU 2
-> [core 1] -> [thread 0] -> Linux CPU 1 -> [core 1] -> [thread 0] -> Linux CPU 1
-> [thread 1] -> Linux CPU 3 -> [thread 1] -> Linux CPU 3
AMD nomenclature for CMT systems: AMD nomenclature for CMT systems::
[node 0] -> [Compute Unit 0] -> [Compute Unit Core 0] -> Linux CPU 0 [node 0] -> [Compute Unit 0] -> [Compute Unit Core 0] -> Linux CPU 0
-> [Compute Unit Core 1] -> Linux CPU 1 -> [Compute Unit Core 1] -> Linux CPU 1
...@@ -172,7 +176,7 @@ detail and has no practical impact. ...@@ -172,7 +176,7 @@ detail and has no practical impact.
4) Dual Package, Dual Core 4) Dual Package, Dual Core
a) One thread per core a) One thread per core::
[package 0] -> [core 0] -> [thread 0] -> Linux CPU 0 [package 0] -> [core 0] -> [thread 0] -> Linux CPU 0
-> [core 1] -> [thread 0] -> Linux CPU 1 -> [core 1] -> [thread 0] -> Linux CPU 1
...@@ -180,7 +184,7 @@ detail and has no practical impact. ...@@ -180,7 +184,7 @@ detail and has no practical impact.
[package 1] -> [core 0] -> [thread 0] -> Linux CPU 2 [package 1] -> [core 0] -> [thread 0] -> Linux CPU 2
-> [core 1] -> [thread 0] -> Linux CPU 3 -> [core 1] -> [thread 0] -> Linux CPU 3
b) Two threads per core b) Two threads per core::
[package 0] -> [core 0] -> [thread 0] -> Linux CPU 0 [package 0] -> [core 0] -> [thread 0] -> Linux CPU 0
-> [thread 1] -> Linux CPU 1 -> [thread 1] -> Linux CPU 1
...@@ -192,7 +196,7 @@ detail and has no practical impact. ...@@ -192,7 +196,7 @@ detail and has no practical impact.
-> [core 1] -> [thread 0] -> Linux CPU 6 -> [core 1] -> [thread 0] -> Linux CPU 6
-> [thread 1] -> Linux CPU 7 -> [thread 1] -> Linux CPU 7
Alternative enumeration: Alternative enumeration::
[package 0] -> [core 0] -> [thread 0] -> Linux CPU 0 [package 0] -> [core 0] -> [thread 0] -> Linux CPU 0
-> [thread 1] -> Linux CPU 4 -> [thread 1] -> Linux CPU 4
...@@ -204,7 +208,7 @@ detail and has no practical impact. ...@@ -204,7 +208,7 @@ detail and has no practical impact.
-> [core 1] -> [thread 0] -> Linux CPU 3 -> [core 1] -> [thread 0] -> Linux CPU 3
-> [thread 1] -> Linux CPU 7 -> [thread 1] -> Linux CPU 7
AMD nomenclature for CMT systems: AMD nomenclature for CMT systems::
[node 0] -> [Compute Unit 0] -> [Compute Unit Core 0] -> Linux CPU 0 [node 0] -> [Compute Unit 0] -> [Compute Unit Core 0] -> Linux CPU 0
-> [Compute Unit Core 1] -> Linux CPU 1 -> [Compute Unit Core 1] -> Linux CPU 1
......
.. SPDX-License-Identifier: GPL-2.0
==================
USB Legacy support USB Legacy support
~~~~~~~~~~~~~~~~~~ ==================
Vojtech Pavlik <vojtech@suse.cz>, January 2004 :Author: Vojtech Pavlik <vojtech@suse.cz>, January 2004
Also known as "USB Keyboard" or "USB Mouse support" in the BIOS Setup is a Also known as "USB Keyboard" or "USB Mouse support" in the BIOS Setup is a
...@@ -27,18 +31,20 @@ It has several drawbacks, though: ...@@ -27,18 +31,20 @@ It has several drawbacks, though:
Solutions: Solutions:
Problem 1) can be solved by loading the USB drivers prior to loading the Problem 1)
PS/2 mouse driver. Since the PS/2 mouse driver is in 2.6 compiled into can be solved by loading the USB drivers prior to loading the
the kernel unconditionally, this means the USB drivers need to be PS/2 mouse driver. Since the PS/2 mouse driver is in 2.6 compiled into
compiled-in, too. the kernel unconditionally, this means the USB drivers need to be
compiled-in, too.
Problem 2) can currently only be solved by either disabling HIGHMEM64G
in the kernel config or USB Legacy support in the BIOS. A BIOS update Problem 2)
could help, but so far no such update exists. can currently only be solved by either disabling HIGHMEM64G
in the kernel config or USB Legacy support in the BIOS. A BIOS update
Problem 3) is usually fixed by a BIOS update. Check the board could help, but so far no such update exists.
manufacturers web site. If an update is not available, disable USB
Legacy support in the BIOS. If this alone doesn't help, try also adding Problem 3)
idle=poll on the kernel command line. The BIOS may be entering the SMM is usually fixed by a BIOS update. Check the board
on the HLT instruction as well. manufacturers web site. If an update is not available, disable USB
Legacy support in the BIOS. If this alone doesn't help, try also adding
idle=poll on the kernel command line. The BIOS may be entering the SMM
on the HLT instruction as well.
== Overview == .. SPDX-License-Identifier: GPL-2.0
==============
5-level paging
==============
Overview
========
Original x86-64 was limited by 4-level paing to 256 TiB of virtual address Original x86-64 was limited by 4-level paing to 256 TiB of virtual address
space and 64 TiB of physical address space. We are already bumping into space and 64 TiB of physical address space. We are already bumping into
this limit: some vendors offers servers with 64 TiB of memory today. this limit: some vendors offers servers with 64 TiB of memory today.
...@@ -16,16 +22,17 @@ QEMU 2.9 and later support 5-level paging. ...@@ -16,16 +22,17 @@ QEMU 2.9 and later support 5-level paging.
Virtual memory layout for 5-level paging is described in Virtual memory layout for 5-level paging is described in
Documentation/x86/x86_64/mm.txt Documentation/x86/x86_64/mm.txt
== Enabling 5-level paging ==
Enabling 5-level paging
=======================
CONFIG_X86_5LEVEL=y enables the feature. CONFIG_X86_5LEVEL=y enables the feature.
Kernel with CONFIG_X86_5LEVEL=y still able to boot on 4-level hardware. Kernel with CONFIG_X86_5LEVEL=y still able to boot on 4-level hardware.
In this case additional page table level -- p4d -- will be folded at In this case additional page table level -- p4d -- will be folded at
runtime. runtime.
== User-space and large virtual address space == User-space and large virtual address space
==========================================
On x86, 5-level paging enables 56-bit userspace virtual address space. On x86, 5-level paging enables 56-bit userspace virtual address space.
Not all user space is ready to handle wide addresses. It's known that Not all user space is ready to handle wide addresses. It's known that
at least some JIT compilers use higher bits in pointers to encode their at least some JIT compilers use higher bits in pointers to encode their
...@@ -58,4 +65,3 @@ One important case we need to handle here is interaction with MPX. ...@@ -58,4 +65,3 @@ One important case we need to handle here is interaction with MPX.
MPX (without MAWA extension) cannot handle addresses above 47-bit, so we MPX (without MAWA extension) cannot handle addresses above 47-bit, so we
need to make sure that MPX cannot be enabled we already have VMA above need to make sure that MPX cannot be enabled we already have VMA above
the boundary and forbid creating such VMAs once MPX is enabled. the boundary and forbid creating such VMAs once MPX is enabled.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment