illumos gate

Andy F spotted an issue with the #12608 wad: It adjusts the layout of the TSS and LDT on cpu0 back to its previously (before KPTI) broken state.

Old (fixed by KPTI):

-#define        DEBUG_INFO_VA   (KERNEL_TEXT - MMU_PAGESIZE)
-#define        GDT_VA          (DEBUG_INFO_VA - MMU_PAGESIZE)
-#define        IDT_VA          (GDT_VA - MMU_PAGESIZE)
-#define        LDT_VA          (IDT_VA - (16 * MMU_PAGESIZE))
-#define        KTSS_VA         (LDT_VA - MMU_PAGESIZE)
-#define        DFTSS_VA        (KTSS_VA - MMU_PAGESIZE)
-#define        MISC_VA_BASE    (DFTSS_VA)
-#define        MISC_VA_SIZE    (KERNEL_TEXT - MISC_VA_BASE)

New (broken by #12608, and previously busted before KPTI testing):

+#define        DEBUG_INFO_VA   (KERNEL_TEXT - MMU_PAGESIZE)
+#define        GDT_VA          (DEBUG_INFO_VA - MMU_PAGESIZE)
+#define        IDT_VA          (GDT_VA - MMU_PAGESIZE)
+#define        LDT_VA          (IDT_VA - (16 * MMU_PAGESIZE))
+#define        KTSS_VA         (IDT_VA - MMU_PAGESIZE)
+#define        DFTSS_VA        (KTSS_VA - MMU_PAGESIZE)
+#define        MISC_VA_BASE    (DFTSS_VA)
+#define        MISC_VA_SIZE    (KERNEL_TEXT - MISC_VA_BASE)

Critically:

-#define        KTSS_VA         (LDT_VA - MMU_PAGESIZE)

+#define        KTSS_VA         (IDT_VA - MMU_PAGESIZE)

Given how long this problem had existed prior to the KPTI-related testing which uncovered it, it's clear that normal workloads do not run afoul of it. Only workloads which manipulate the LDT all the way out to that final 16th page, where it now erroneously overlaps with the KTSS, will have problems. Using the i386/ldt from os-tests is an easy way of exercising the problem. On a kernel with the bug, the machine reboots immediately upon executing it. (Presumably due to a triple-fault in the KTSS)

The fix is simple: Restore proper positioning of KTSS_VA so it does not overlap with the end of the LDT. Re-running i386/ldt on a BE with the fix results in no such reboot.