From nobody Sun Feb 8 00:49:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7210C7EE23 for ; Tue, 30 May 2023 11:44:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231879AbjE3Ln4 (ORCPT ); Tue, 30 May 2023 07:43:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46530 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231549AbjE3LnW (ORCPT ); Tue, 30 May 2023 07:43:22 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53B3C18F for ; Tue, 30 May 2023 04:43:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685446980; x=1716982980; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=lxQeiW6JYz/pE6TkWEBlLtlDS7c64gZ+78ayHEGM6PI=; b=c1rSG/rk7gHyDpi1kScvnhxzQucKjXzQb1HTqgvfXriNcoS16gN7oQ/5 WbIG0LrEeBIBEHyDDECzR92vcthOxHCO1aFr09JeoU+4VCxkM2af7YSt0 kepIKCxeyqYsXua6mmVsG1Rpm6mtfv2rAa6jdkHmp8xCOrpa1bP+im52A sBpXcU2ucyM/dHZ/94IFrkUBZ/5JW7QVU3rzHKbdUQKDNVGizhNEs3bZ8 /CuH6032R0x21wwAP0O2uJCDUz7ArGpF0rMZm1kJO1nkuuEtIjq3c0BFg +q4iuCL67Q4nY3gw/LI3t2mYIpNDt7bBHc5Ni8MvY1DxkOqlEiYK2aI2b Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383145337" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="383145337" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 04:42:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="700588607" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="700588607" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 30 May 2023 04:42:57 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta , Paul Lai Cc: Yian Chen Subject: [PATCH v2 01/12] x86/cpu: Enumerate the LASS feature bits Date: Tue, 30 May 2023 14:42:36 +0300 Message-Id: <20230530114247.21821-2-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> References: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta Linear Address Space Separation (LASS) is a security feature that intends to prevent malicious virtual address space accesses across user/kernel mode. Such mode based access protection already exists today with paging and features such as SMEP and SMAP. However, to enforce these protections, the processor must traverse the paging structures in memory. Malicious software can use timing information resulting from this traversal to determine details about the paging structures, and these details may also be used to determine the layout of the kernel memory. The LASS mechanism provides the same mode-based protections as paging but without traversing the paging structures. Because the protections enforced by LASS are applied before paging, software will not be able to derive paging-based timing information from the various caching structures such as the TLBs, mid-level caches, page walker, data caches, etc. LASS enforcement relies on the typical kernel implementation to divide the 64-bit virtual address space into two halves: Addr[63]=3D0 -> User address space Addr[63]=3D1 -> Kernel address space Any data access or code execution across address spaces typically results in a #GP fault. The LASS enforcement for kernel data access is dependent on CR4.SMAP being set. The enforcement can be disabled by toggling the RFLAGS.AC bit similar to SMAP. Define the CPU feature bits to enumerate this feature and include feature dependencies to reflect the same. Co-developed-by: Yian Chen Signed-off-by: Yian Chen Signed-off-by: Sohil Mehta --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/disabled-features.h | 4 +++- arch/x86/include/asm/smap.h | 4 ++++ arch/x86/include/uapi/asm/processor-flags.h | 2 ++ arch/x86/kernel/cpu/cpuid-deps.c | 1 + tools/arch/x86/include/asm/cpufeatures.h | 1 + 6 files changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index cb8ca46213be..47e775144a34 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -312,6 +312,7 @@ /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */ #define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* AVX512 BFLOAT16 instruction= s */ +#define X86_FEATURE_LASS (12*32+ 6) /* Linear Address Space Separation */ #define X86_FEATURE_CMPCCXADD (12*32+ 7) /* "" CMPccXADD instruc= tions */ #define X86_FEATURE_ARCH_PERFMON_EXT (12*32+ 8) /* "" Intel Architectural = PerfMon Extension */ #define X86_FEATURE_FZRM (12*32+10) /* "" Fast zero-length REP MOVSB */ diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/as= m/disabled-features.h index fafe9be7a6f4..6535e5192082 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -22,12 +22,14 @@ # define DISABLE_CYRIX_ARR (1<<(X86_FEATURE_CYRIX_ARR & 31)) # define DISABLE_CENTAUR_MCR (1<<(X86_FEATURE_CENTAUR_MCR & 31)) # define DISABLE_PCID 0 +# define DISABLE_LASS 0 #else # define DISABLE_VME 0 # define DISABLE_K6_MTRR 0 # define DISABLE_CYRIX_ARR 0 # define DISABLE_CENTAUR_MCR 0 # define DISABLE_PCID (1<<(X86_FEATURE_PCID & 31)) +# define DISABLE_LASS (1<<(X86_FEATURE_LASS & 31)) #endif /* CONFIG_X86_64 */ =20 #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS @@ -122,7 +124,7 @@ #define DISABLED_MASK11 (DISABLE_RETPOLINE|DISABLE_RETHUNK|DISABLE_UNRET| \ DISABLE_CALL_DEPTH_TRACKING) #define DISABLED_MASK12 (DISABLE_LAM) -#define DISABLED_MASK13 0 +#define DISABLED_MASK13 (DISABLE_LASS) #define DISABLED_MASK14 0 #define DISABLED_MASK15 0 #define DISABLED_MASK16 (DISABLE_PKU|DISABLE_OSPKE|DISABLE_LA57|DISABLE_UM= IP| \ diff --git a/arch/x86/include/asm/smap.h b/arch/x86/include/asm/smap.h index bab490379c65..776dce849a58 100644 --- a/arch/x86/include/asm/smap.h +++ b/arch/x86/include/asm/smap.h @@ -27,6 +27,10 @@ =20 #else /* __ASSEMBLY__ */ =20 +/* + * The CLAC/STAC instructions toggle enforcement of X86_FEATURE_SMAP as we= ll as + * X86_FEATURE_LASS. + */ static __always_inline void clac(void) { /* Note: a barrier is implicit in alternative() */ diff --git a/arch/x86/include/uapi/asm/processor-flags.h b/arch/x86/include= /uapi/asm/processor-flags.h index d898432947ff..1d2405869c7a 100644 --- a/arch/x86/include/uapi/asm/processor-flags.h +++ b/arch/x86/include/uapi/asm/processor-flags.h @@ -136,6 +136,8 @@ #define X86_CR4_PKE _BITUL(X86_CR4_PKE_BIT) #define X86_CR4_CET_BIT 23 /* enable Control-flow Enforcement Technology = */ #define X86_CR4_CET _BITUL(X86_CR4_CET_BIT) +#define X86_CR4_LASS_BIT 27 /* enable Linear Address Space Separation supp= ort */ +#define X86_CR4_LASS _BITUL(X86_CR4_LASS_BIT) #define X86_CR4_LAM_SUP_BIT 28 /* LAM for supervisor pointers */ #define X86_CR4_LAM_SUP _BITUL(X86_CR4_LAM_SUP_BIT) =20 diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-d= eps.c index f6748c8bd647..722020b2e837 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -81,6 +81,7 @@ static const struct cpuid_dep cpuid_deps[] =3D { { X86_FEATURE_XFD, X86_FEATURE_XSAVES }, { X86_FEATURE_XFD, X86_FEATURE_XGETBV1 }, { X86_FEATURE_AMX_TILE, X86_FEATURE_XFD }, + { X86_FEATURE_LASS, X86_FEATURE_SMAP }, {} }; =20 diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/incl= ude/asm/cpufeatures.h index b89005819cd5..59d2880be0e0 100644 --- a/tools/arch/x86/include/asm/cpufeatures.h +++ b/tools/arch/x86/include/asm/cpufeatures.h @@ -311,6 +311,7 @@ /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */ #define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* AVX512 BFLOAT16 instruction= s */ +#define X86_FEATURE_LASS (12*32+ 6) /* Linear Address Space Separation */ #define X86_FEATURE_CMPCCXADD (12*32+ 7) /* "" CMPccXADD instruc= tions */ #define X86_FEATURE_LKGS (12*32+18) /* "" Load "kernel" (userspace) GS */ #define X86_FEATURE_AMX_FP16 (12*32+21) /* "" AMX fp16 Support */ --=20 2.39.2 From nobody Sun Feb 8 00:49:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11255C7EE31 for ; Tue, 30 May 2023 11:44:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231984AbjE3Ln7 (ORCPT ); Tue, 30 May 2023 07:43:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46584 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231691AbjE3LnX (ORCPT ); Tue, 30 May 2023 07:43:23 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E451E1AE for ; Tue, 30 May 2023 04:43:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685446982; x=1716982982; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=T+5BgzerfUplRpvMQvIlOZ5Zgc42+1QfY36GKGxTzgo=; b=cj6T/+B2T1KFZaQKsANNWi6oizgcyCRr9KVABPoafSwXCvvq9rz2xm6+ w8nXfi3ooFW6vXKWVXCYKK/Xffx3vuCgge2g/FI7ED9o9LF7WRzISH2b2 tdQGZumgQmq9qhU7u4hlkTsSouAHMn5V3mFcgX6q1RGoCEWVhF1v5zFwU tyly4NpnYDNOV6xW+yPFVp6Jmh//GqcAWePMuE1UrqtPVbuNcsWU2aFVw 7M0YyzKHy8pk1mGk5BPK9bUxJtzXjdbHoXzra4M2eJ41E+M0G5EjOTlpu FIrQhMRKIus7dvSblWd6txyqHk+7ODQ4hAy/eNaTPBHav7LNR9LYzHnKq w==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383145342" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="383145342" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 04:43:02 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="700588657" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="700588657" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 30 May 2023 04:42:59 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta , Paul Lai Cc: Peter Zijlstra Subject: [PATCH v2 02/12] x86/asm: Introduce inline memcpy and memset Date: Tue, 30 May 2023 14:42:37 +0300 Message-Id: <20230530114247.21821-3-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> References: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Peter Zijlstra Provide inline memcpy and memset functions that can be used instead of the GCC builtins whenever necessary. Code posted by Peter Zijlstra . Link: https://lore.kernel.org/lkml/Y759AJ%2F0N9fqwDED@hirez.programming.kic= ks-ass.net/ [Missing Signed-off-by from PeterZ] Signed-off-by: Sohil Mehta --- arch/x86/include/asm/string_32.h | 21 +++++++++++++++++++++ arch/x86/include/asm/string_64.h | 21 +++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/arch/x86/include/asm/string_32.h b/arch/x86/include/asm/string= _32.h index 32c0d981a82a..8896270e5eda 100644 --- a/arch/x86/include/asm/string_32.h +++ b/arch/x86/include/asm/string_32.h @@ -151,6 +151,16 @@ extern void *memcpy(void *, const void *, size_t); =20 #endif /* !CONFIG_FORTIFY_SOURCE */ =20 +static __always_inline void *__inline_memcpy(void *to, const void *from, s= ize_t len) +{ + void *ret =3D to; + + asm volatile("rep movsb" + : "+D" (to), "+S" (from), "+c" (len) + : : "memory"); + return ret; +} + #define __HAVE_ARCH_MEMMOVE void *memmove(void *dest, const void *src, size_t n); =20 @@ -195,6 +205,17 @@ extern void *memset(void *, int, size_t); #define memset(s, c, count) __builtin_memset(s, c, count) #endif /* !CONFIG_FORTIFY_SOURCE */ =20 +static __always_inline void *__inline_memset(void *s, int v, size_t n) +{ + void *ret =3D s; + + asm volatile("rep stosb" + : "+D" (s), "+c" (n) + : "a" ((uint8_t)v) + : "memory"); + return ret; +} + #define __HAVE_ARCH_MEMSET16 static inline void *memset16(uint16_t *s, uint16_t v, size_t n) { diff --git a/arch/x86/include/asm/string_64.h b/arch/x86/include/asm/string= _64.h index 857d364b9888..ea51e2d73265 100644 --- a/arch/x86/include/asm/string_64.h +++ b/arch/x86/include/asm/string_64.h @@ -18,10 +18,31 @@ extern void *memcpy(void *to, const void *from, size_t len); extern void *__memcpy(void *to, const void *from, size_t len); =20 +static __always_inline void *__inline_memcpy(void *to, const void *from, s= ize_t len) +{ + void *ret =3D to; + + asm volatile("rep movsb" + : "+D" (to), "+S" (from), "+c" (len) + : : "memory"); + return ret; +} + #define __HAVE_ARCH_MEMSET void *memset(void *s, int c, size_t n); void *__memset(void *s, int c, size_t n); =20 +static __always_inline void *__inline_memset(void *s, int v, size_t n) +{ + void *ret =3D s; + + asm volatile("rep stosb" + : "+D" (s), "+c" (n) + : "a" ((uint8_t)v) + : "memory"); + return ret; +} + /* * KMSAN needs to instrument as much code as possible. Use C versions of * memsetXX() from lib/string.c under KMSAN. --=20 2.39.2 From nobody Sun Feb 8 00:49:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 230F9C7EE32 for ; Tue, 30 May 2023 11:44:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232010AbjE3LoC (ORCPT ); Tue, 30 May 2023 07:44:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232014AbjE3Lng (ORCPT ); Tue, 30 May 2023 07:43:36 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0F79C133 for ; Tue, 30 May 2023 04:43:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685446999; x=1716982999; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=xQZb8SAxwU6SoQGhaHHq0FWbUrqK8Nv6ppaW+XnUfoU=; b=RoKyKhEhFjmbIvKvb7wraknEbKwCLyQbbXQyMBMXoXsCWDZFTeQFr7Dv w8NXlZYpXX9lgAr2eRZtIdDwT+QfsVjI3g3+bEp/l/UVVqgq439SgKlNG ejJC/aGp8EU2Gt8yHiNAZNqHthD1tvmQrZyQL6V5TVCv8iezb89NL3FsJ pr9lPhfq+2NqicO3sPjrJRxZSdx4mZt3hHvj9RNDEn6TYTVREbFARj5G1 UnBV9VH/RCijorXwGAroWpSgud/DTWW5n/rFuYt8KTqG/VrAG2qnNC1qR RjoTSK8O9uAErxw2e5ug+u3q6qfjwTZCSbQNnnLMztks5zLnFbBMSyrlV A==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383145349" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="383145349" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 04:43:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="700588692" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="700588692" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 30 May 2023 04:43:02 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta , Paul Lai Subject: [PATCH v2 03/12] x86/alternatives: Disable LASS when patching kernel alternatives Date: Tue, 30 May 2023 14:42:38 +0300 Message-Id: <20230530114247.21821-4-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> References: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta For patching, the kernel initializes a temporary mm area in the lower half of the address range. See commit 4fc19708b165 ("x86/alternatives: Initialize temporary mm for patching"). Disable LASS enforcement during patching using the stac()/clac() instructions to avoid triggering a #GP fault. The objtool warns due to a call to a non-allowed function that exists outside of the stac/clac guard, or references to any function with a dynamic function pointer inside the guard. See the Objtool warnings section #9 in the document tools/objtool/Documentation/objtool.txt. Considering that patching is usually small, replace the memcpy and memset functions in the text poking functions with their inline versions respectively. Signed-off-by: Sohil Mehta --- arch/x86/kernel/alternative.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index f615e0cb6d93..eac6a5406d39 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -1526,16 +1526,24 @@ static inline void unuse_temporary_mm(temp_mm_state= _t prev_state) __ro_after_init struct mm_struct *poking_mm; __ro_after_init unsigned long poking_addr; =20 +/* + * poking_init() initializes the text poking address from the lower half o= f the + * address space. Relax LASS enforcement when accessing the poking address. + */ static void text_poke_memcpy(void *dst, const void *src, size_t len) { - memcpy(dst, src, len); + stac(); + __inline_memcpy(dst, src, len); + clac(); } =20 static void text_poke_memset(void *dst, const void *src, size_t len) { int c =3D *(const int *)src; =20 - memset(dst, c, len); + stac(); + __inline_memset(dst, c, len); + clac(); } =20 typedef void text_poke_f(void *dst, const void *src, size_t len); --=20 2.39.2 From nobody Sun Feb 8 00:49:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37721C7EE2C for ; Tue, 30 May 2023 11:44:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232034AbjE3LoE (ORCPT ); Tue, 30 May 2023 07:44:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46828 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232031AbjE3Lnj (ORCPT ); Tue, 30 May 2023 07:43:39 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 109F7184 for ; Tue, 30 May 2023 04:43:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685447002; x=1716983002; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=YeT6YYfsU+EDG4nhTRFaSzhnjKPDKCvTrH+jCnce9So=; b=UXf9oN4T/HFIde4YRlzQ82sM9+UVRn1yuXoeennLgaassDgVPfMF8kuw wbU/bkmEZ7/CtFQfMz65nqrQplfpr5GvedD+JGJVTCuHWKGPD3F5Oy+Yz aYzbCDfSpXcUclm5FlQclysXK3TxqRhQKoOpmpmk73g35zLaduqDBeQIU wE8dUDU8ueY/tl828F2thNS3WcnV2l+pqWqZDHd1MS5OvjgfA5SxdMxl0 SpYchDMHvVcwYxa32LmdjFP9BnnosAXqv6GNQKo6OVdOsOKsneXply+nb L6dns5ZZJOi020WL+0EvMYh3wG7osbczDJsISL/ImD3jSDBPLc+PhOjmM A==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383145355" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="383145355" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 04:43:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="700588706" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="700588706" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 30 May 2023 04:43:05 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta , Paul Lai Subject: [PATCH v2 04/12] x86/cpu: Enable LASS during CPU initialization Date: Tue, 30 May 2023 14:42:39 +0300 Message-Id: <20230530114247.21821-5-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> References: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta Being a security feature, enable LASS by default if the platform supports it. Signed-off-by: Sohil Mehta --- arch/x86/kernel/cpu/common.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 80710a68ef7d..315cc67ba93a 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -413,6 +413,12 @@ static __always_inline void setup_umip(struct cpuinfo_= x86 *c) cr4_clear_bits(X86_CR4_UMIP); } =20 +static __always_inline void setup_lass(struct cpuinfo_x86 *c) +{ + if (cpu_feature_enabled(X86_FEATURE_LASS)) + cr4_set_bits(X86_CR4_LASS); +} + /* These bits should not change their value after CPU init is finished. */ static const unsigned long cr4_pinned_mask =3D X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP | @@ -1859,6 +1865,7 @@ static void identify_cpu(struct cpuinfo_x86 *c) setup_smep(c); setup_smap(c); setup_umip(c); + setup_lass(c); =20 /* Enable FSGSBASE instructions if available. */ if (cpu_has(c, X86_FEATURE_FSGSBASE)) { --=20 2.39.2 From nobody Sun Feb 8 00:49:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47E1EC7EE37 for ; Tue, 30 May 2023 11:44:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232053AbjE3LoG (ORCPT ); Tue, 30 May 2023 07:44:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46876 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232041AbjE3Lnk (ORCPT ); Tue, 30 May 2023 07:43:40 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A60418F for ; Tue, 30 May 2023 04:43:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685447003; x=1716983003; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=nk/Kz7oSHoHb7l9itbC3B12OJHLZle3JtSbm/pMCIe0=; b=iyKNe+cHozUifRAw5trQBLRuqS/XAPfZMlGWvlN/zdIG85Wxh+5z4SQC 7Z5JAc5nMURbcZ3OHW3+GdBS/Pgnu6tNHqTAQ3H0y/hc1KZzhdYO0YdBp /TX9Yxg9ya/rCy/iurxW+IUjy8saFSGzm3QT//FFnRRP1BT+4q1u8FBzo mdqURI+5p/Al+1sdElX0+Gkyze3TEixYEN9G6a13B2x7nj6EqQc4SzIEo KcU4lChFfhwgsxLlgE3SgIQh3vDr+PioY/bR46x4FQKO+snDOoSHv9blm 8r/iYCM7A7rfQS7LKYDm6/oQqOpQoT1thoPBZAgdZcoXRMUzzu02rJWfJ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383145363" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="383145363" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 04:43:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="700588713" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="700588713" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 30 May 2023 04:43:07 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta , Paul Lai Subject: [PATCH v2 05/12] x86/cpu: Remove redundant comment during feature setup Date: Tue, 30 May 2023 14:42:40 +0300 Message-Id: <20230530114247.21821-6-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> References: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta The code below the comment is self explanatory. Instead of updating the comment with the newly added LASS feature, it is better to just remove it. Signed-off-by: Sohil Mehta --- arch/x86/kernel/cpu/common.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 315cc67ba93a..f26c56fe9963 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1861,7 +1861,6 @@ static void identify_cpu(struct cpuinfo_x86 *c) /* Disable the PN if appropriate */ squash_the_stupid_serial_number(c); =20 - /* Set up SMEP/SMAP/UMIP */ setup_smep(c); setup_smap(c); setup_umip(c); --=20 2.39.2 From nobody Sun Feb 8 00:49:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CF09C7EE33 for ; Tue, 30 May 2023 11:44:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232071AbjE3LoI (ORCPT ); Tue, 30 May 2023 07:44:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232059AbjE3Lnp (ORCPT ); Tue, 30 May 2023 07:43:45 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5419A114 for ; Tue, 30 May 2023 04:43:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685447016; x=1716983016; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=sshNR5ZFYTaYbsJoxoozahRmzMiWyXTZmDglNvBU3PU=; b=NqHZk1Ymz87jDfNL4TO92+C7cuNHFBkzauSvmvQgW4fopasI7Bx6WNux xnZWnLnKzzqRcICibGziL9qDs5qWbfI1OrQbicknTrbWdzYTdrPMMuJt9 qgCS2Fep/QFo0wzdjltsplpcusou2kUcpLV/9iy6XOgnlB+Kn4nO3gYbW jm3rpWgY04XeJL6lKeiYhUd0Brji/ytssfvhL+zLpJm0ffJyIIpApjw4D F7C/gdMVMn67yoeXtZA903EIe0ZSqTm1lCMDPNPMiQY2Cl6Ml47oR8v10 p97K2JKr/xvR2MCc41WP3Mht24G46iFXCZEgd2mlwmMw7DStVDvSqbSz0 A==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383145372" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="383145372" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 04:43:12 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="700588721" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="700588721" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 30 May 2023 04:43:10 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta , Paul Lai Subject: [PATCH v2 06/12] x86/vsyscall: Reorganize the #PF emulation code Date: Tue, 30 May 2023 14:42:41 +0300 Message-Id: <20230530114247.21821-7-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> References: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta Separate out the actual vsyscall emulation from the page fault specific handling in preparation for the upcoming #GP fault emulation. Export is_vsyscall_vaddr() so that it can be reused later. No functional change intended. Signed-off-by: Sohil Mehta --- arch/x86/entry/vsyscall/vsyscall_64.c | 51 +++++++++++++++++---------- arch/x86/include/asm/vsyscall.h | 10 +++--- arch/x86/mm/fault.c | 13 ++----- 3 files changed, 41 insertions(+), 33 deletions(-) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscal= l/vsyscall_64.c index e0ca8120aea8..dd112e538992 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -82,6 +82,15 @@ static void warn_bad_vsyscall(const char *level, struct = pt_regs *regs, regs->sp, regs->ax, regs->si, regs->di); } =20 +/* + * The (legacy) vsyscall page is the long page in the kernel portion + * of the address space that has user-accessible permissions. + */ +bool is_vsyscall_vaddr(unsigned long vaddr) +{ + return unlikely((vaddr & PAGE_MASK) =3D=3D VSYSCALL_ADDR); +} + static int addr_to_vsyscall_nr(unsigned long addr) { int nr; @@ -117,8 +126,7 @@ static bool write_ok_or_segv(unsigned long ptr, size_t = size) } } =20 -bool emulate_vsyscall(unsigned long error_code, - struct pt_regs *regs, unsigned long address) +static bool __emulate_vsyscall(struct pt_regs *regs, unsigned long address) { struct task_struct *tsk; unsigned long caller; @@ -127,22 +135,6 @@ bool emulate_vsyscall(unsigned long error_code, long ret; unsigned long orig_dx; =20 - /* Write faults or kernel-privilege faults never get fixed up. */ - if ((error_code & (X86_PF_WRITE | X86_PF_USER)) !=3D X86_PF_USER) - return false; - - if (!(error_code & X86_PF_INSTR)) { - /* Failed vsyscall read */ - if (vsyscall_mode =3D=3D EMULATE) - return false; - - /* - * User code tried and failed to read the vsyscall page. - */ - warn_bad_vsyscall(KERN_INFO, regs, "vsyscall read attempt denied -- look= up the vsyscall kernel parameter if you need a workaround"); - return false; - } - /* * No point in checking CS -- the only way to get here is a user mode * trap to a high address, which means that we're in 64-bit user code. @@ -294,6 +286,29 @@ bool emulate_vsyscall(unsigned long error_code, return true; } =20 +bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs, + unsigned long address) +{ + /* Write faults or kernel-privilege faults never get fixed up. */ + if ((error_code & (X86_PF_WRITE | X86_PF_USER)) !=3D X86_PF_USER) + return false; + + if (!(error_code & X86_PF_INSTR)) { + /* Failed vsyscall read */ + if (vsyscall_mode =3D=3D EMULATE) + return false; + + /* + * User code tried and failed to read the vsyscall page. + */ + warn_bad_vsyscall(KERN_INFO, regs, + "vsyscall read attempt denied -- look up the vsyscall kernel paramet= er if you need a workaround"); + return false; + } + + return __emulate_vsyscall(regs, address); +} + /* * A pseudo VMA to allow ptrace access for the vsyscall page. This only * covers the 64bit vsyscall page now. 32bit has a real VMA now and does diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscal= l.h index ab60a71a8dcb..667b280afc1a 100644 --- a/arch/x86/include/asm/vsyscall.h +++ b/arch/x86/include/asm/vsyscall.h @@ -5,6 +5,8 @@ #include #include =20 +extern bool is_vsyscall_vaddr(unsigned long vaddr); + #ifdef CONFIG_X86_VSYSCALL_EMULATION extern void map_vsyscall(void); extern void set_vsyscall_pgtable_user_bits(pgd_t *root); @@ -13,12 +15,12 @@ extern void set_vsyscall_pgtable_user_bits(pgd_t *root); * Called on instruction fetch fault in vsyscall page. * Returns true if handled. */ -extern bool emulate_vsyscall(unsigned long error_code, - struct pt_regs *regs, unsigned long address); +extern bool emulate_vsyscall_pf(unsigned long error_code, + struct pt_regs *regs, unsigned long address); #else static inline void map_vsyscall(void) {} -static inline bool emulate_vsyscall(unsigned long error_code, - struct pt_regs *regs, unsigned long address) +static inline bool emulate_vsyscall_pf(unsigned long error_code, + struct pt_regs *regs, unsigned long address) { return false; } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index e4399983c50c..645eb3323f34 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -730,7 +730,7 @@ kernelmode_fixup_or_oops(struct pt_regs *regs, unsigned= long error_code, * Per the above we're !in_interrupt(), aka. task context. * * In this case we need to make sure we're not recursively - * faulting through the emulate_vsyscall() logic. + * faulting through the emulate_vsyscall_pf() logic. */ if (current->thread.sig_on_uaccess_err && signal) { sanitize_error_code(address, &error_code); @@ -798,15 +798,6 @@ show_signal_msg(struct pt_regs *regs, unsigned long er= ror_code, show_opcodes(regs, loglvl); } =20 -/* - * The (legacy) vsyscall page is the long page in the kernel portion - * of the address space that has user-accessible permissions. - */ -static bool is_vsyscall_vaddr(unsigned long vaddr) -{ - return unlikely((vaddr & PAGE_MASK) =3D=3D VSYSCALL_ADDR); -} - static void __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, unsigned long address, u32 pkey, int si_code) @@ -1329,7 +1320,7 @@ void do_user_addr_fault(struct pt_regs *regs, * to consider the PF_PK bit. */ if (is_vsyscall_vaddr(address)) { - if (emulate_vsyscall(error_code, regs, address)) + if (emulate_vsyscall_pf(error_code, regs, address)) return; } #endif --=20 2.39.2 From nobody Sun Feb 8 00:49:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF0FCC7EE39 for ; Tue, 30 May 2023 11:44:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229722AbjE3LoW (ORCPT ); Tue, 30 May 2023 07:44:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46982 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232063AbjE3Lnr (ORCPT ); Tue, 30 May 2023 07:43:47 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24F06115 for ; Tue, 30 May 2023 04:43:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685447019; x=1716983019; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=+DWQTSeLMQPtYgTuldlbeqGxSIW76k7nOP+l3EGtfX0=; b=DVeDvuJZheCLG7C/f2NGrij/YGcyR/zF7zYzjyd+7M59zbj92t0DYM63 AWigIdKrS7/3mA3ZKkVNA0K2gikfQ8pCrvAJHq3NeC9pnVW1FQ7voqNTV oSHuLy6e0pnRR+n002brnJA1hPizN29SV72/EPev69PSjYAOgYpF6YPK4 MS01+xDobkDyLbHZbEdtLzvV44Lrdvswn9xLd+B3Bdbn3mUo0QHzBVQ0S XT0ATCjoBijNmYgiv+g+QFc6Iu6vIISrxm+Zi8bPjvRwsEhzFeRpDyWYI V1s2QXfpC3Lo3obbYIDWmDdzRsYXNdtaC80v7lx0MpFF948/BK+XdJkVe w==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383145377" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="383145377" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 04:43:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="700588731" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="700588731" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 30 May 2023 04:43:12 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta , Paul Lai Cc: Dave Hansen Subject: [PATCH v2 07/12] x86/traps: Consolidate user fixups in exc_general_protection() Date: Tue, 30 May 2023 14:42:42 +0300 Message-Id: <20230530114247.21821-8-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> References: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta Move the UMIP exception fixup along with the other user mode fixups. No functional change intended. Suggested-by: Dave Hansen Signed-off-by: Sohil Mehta --- arch/x86/kernel/traps.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index 58b1f208eff5..f3e619ce9fbd 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -736,11 +736,6 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) =20 cond_local_irq_enable(regs); =20 - if (static_cpu_has(X86_FEATURE_UMIP)) { - if (user_mode(regs) && fixup_umip_exception(regs)) - goto exit; - } - if (v8086_mode(regs)) { local_irq_enable(); handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code); @@ -755,6 +750,9 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) if (fixup_vdso_exception(regs, X86_TRAP_GP, error_code, 0)) goto exit; =20 + if (cpu_feature_enabled(X86_FEATURE_UMIP) && fixup_umip_exception(regs)) + goto exit; + gp_user_force_sig_segv(regs, X86_TRAP_GP, error_code, desc); goto exit; } --=20 2.39.2 From nobody Sun Feb 8 00:49:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32BB4C7EE23 for ; Tue, 30 May 2023 11:44:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230471AbjE3Lo2 (ORCPT ); Tue, 30 May 2023 07:44:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47004 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230232AbjE3Lns (ORCPT ); Tue, 30 May 2023 07:43:48 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E5C6311B for ; Tue, 30 May 2023 04:43:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685447020; x=1716983020; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=gJdayHg+koRv5FcILR4JuhFJIV7z9Em6QaF1NhwHxqk=; b=H2bphBMGWXq11X9J5aJP9+m6RxJhlZKA11XvATuLGuntT7myq03yy2lD 9KBdZsFs9dFkDsfvV2mCTw92d98ALksJth1mPmIF6nViKrsRwfJlMdTkH vtmgTf3P0qKbSiTu/WA99nNk7ZvwNMbmGjlVavKGOtMQTVGHMAkXKfjB8 yikVtdZlTyK1OC7frSWYm8c4h61Kc69uU6NBVkw+EVLxo7NrGtibINx1u Ykrdnn1Nzf+HltXTadHND1lraDvMcukTgYYlkyQCJVHdpOCxnVDm/0w48 nEqldB1TK5KsI5eALcL1s//LS2VgKzO3nUVuz5Gb7D6Id9wKpJ4vHP+5a A==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383145382" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="383145382" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 04:43:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="700588742" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="700588742" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 30 May 2023 04:43:15 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta , Paul Lai Subject: [PATCH v2 08/12] x86/vsyscall: Add vsyscall emulation for #GP Date: Tue, 30 May 2023 14:42:43 +0300 Message-Id: <20230530114247.21821-9-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> References: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta The legacy vsyscall page is mapped at a fixed address in the kernel address range 0xffffffffff600000-0xffffffffff601000. Prior to LASS being introduced, a legacy vsyscall page access from userspace would always generate a page fault. The kernel emulates the execute (XONLY) accesses in the page fault handler and returns back to userspace with the appropriate register values. Since LASS intercepts these accesses before the paging structures are traversed it generates a general protection fault instead of a page fault. The #GP fault doesn't provide much information in terms of the error code. So, use the faulting RIP which is preserved in the user registers to emulate the vsyscall access without going through complex instruction decoding. Signed-off-by: Sohil Mehta --- arch/x86/entry/vsyscall/vsyscall_64.c | 11 ++++++++++- arch/x86/include/asm/vsyscall.h | 6 ++++++ arch/x86/kernel/traps.c | 4 ++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscal= l/vsyscall_64.c index dd112e538992..76e1344997d2 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -23,7 +23,7 @@ * soon be no new userspace code that will ever use a vsyscall. * * The code in this file emulates vsyscalls when notified of a page - * fault to a vsyscall address. + * fault or a general protection fault to a vsyscall address. */ =20 #include @@ -309,6 +309,15 @@ bool emulate_vsyscall_pf(unsigned long error_code, str= uct pt_regs *regs, return __emulate_vsyscall(regs, address); } =20 +bool emulate_vsyscall_gp(struct pt_regs *regs) +{ + /* Emulate only if the RIP points to the vsyscall address */ + if (!is_vsyscall_vaddr(regs->ip)) + return false; + + return __emulate_vsyscall(regs, regs->ip); +} + /* * A pseudo VMA to allow ptrace access for the vsyscall page. This only * covers the 64bit vsyscall page now. 32bit has a real VMA now and does diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscal= l.h index 667b280afc1a..7180a849143f 100644 --- a/arch/x86/include/asm/vsyscall.h +++ b/arch/x86/include/asm/vsyscall.h @@ -17,6 +17,7 @@ extern void set_vsyscall_pgtable_user_bits(pgd_t *root); */ extern bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs, unsigned long address); +extern bool emulate_vsyscall_gp(struct pt_regs *regs); #else static inline void map_vsyscall(void) {} static inline bool emulate_vsyscall_pf(unsigned long error_code, @@ -24,6 +25,11 @@ static inline bool emulate_vsyscall_pf(unsigned long err= or_code, { return false; } + +static inline bool emulate_vsyscall_gp(struct pt_regs *regs) +{ + return false; +} #endif =20 #endif /* _ASM_X86_VSYSCALL_H */ diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index f3e619ce9fbd..42d13e17e068 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -65,6 +65,7 @@ #include #include #include +#include =20 #ifdef CONFIG_X86_64 #include @@ -753,6 +754,9 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) if (cpu_feature_enabled(X86_FEATURE_UMIP) && fixup_umip_exception(regs)) goto exit; =20 + if (cpu_feature_enabled(X86_FEATURE_LASS) && emulate_vsyscall_gp(regs)) + goto exit; + gp_user_force_sig_segv(regs, X86_TRAP_GP, error_code, desc); goto exit; } --=20 2.39.2 From nobody Sun Feb 8 00:49:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8125BC77B73 for ; Tue, 30 May 2023 11:44:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231404AbjE3Loe (ORCPT ); Tue, 30 May 2023 07:44:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47062 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231558AbjE3Lnx (ORCPT ); Tue, 30 May 2023 07:43:53 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44206D9 for ; Tue, 30 May 2023 04:43:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685447025; x=1716983025; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=gvJTTiJQPueT57YJhcau7miaCzoaYCvVoo9At4Pni/s=; b=BSphozwyPcGocoBFxHvJo5aOWSmGBQ6ZzVQ1uMeUEKp1cRd2X19aJkfl Wf4YAhXsx8TBRNDzMccqvO7/cRNtexYmlynV5qNWt6PkCcXHbacsPXuSk 6FnPccwVKpI3UAr51P/ROkiUKFbWZ2i0cm3GrGasd4/sz8AXzDVqnxJcb cQySVcqvFKr9qxgqMGUAXq2nANL27SiCCtLQekZhAHcz2I84XujggiBjk I9yYLMLoIq6QymzjSjo5X+8sDNUpMRqPKD3e4UGqyOpp8a8vpSR+tQ4cf FxwaK9oQ20KYxvgct2b3WGz6S8LKsZnFSix3LfNrT1iALOlddSKxBBaaE Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383145391" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="383145391" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 04:43:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="700588756" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="700588756" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 30 May 2023 04:43:17 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta , Paul Lai Subject: [PATCH v2 09/12] x86/vsyscall: Disable LASS if vsyscall mode is set to EMULATE Date: Tue, 30 May 2023 14:42:44 +0300 Message-Id: <20230530114247.21821-10-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> References: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta The EMULATE mode of vsyscall maps the vsyscall page into user address space which can be read directly by the user application. This mode has been deprecated recently and can only be enabled from a special command line parameter vsyscall=3Demulate. See commit bf00745e7791 ("x86/vsyscall: Remove CONFIG_LEGACY_VSYSCALL_EMULATE") Fixing the LASS violations during the EMULATE mode would need complex instruction decoding since the resulting #GP fault does not include any useful error information and the vsyscall address is not readily available in the RIP. At this point, no one is expected to be using the insecure and deprecated EMULATE mode. The rare usages that need support probably don't care much about security anyway. Disable LASS when EMULATE mode is requested during command line parsing to avoid breaking user software. LASS will be supported if vsyscall mode is set to XONLY or NONE. Signed-off-by: Sohil Mehta --- arch/x86/entry/vsyscall/vsyscall_64.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscal= l/vsyscall_64.c index 76e1344997d2..edd58eda8f50 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include =20 @@ -63,6 +64,13 @@ static int __init vsyscall_setup(char *str) else return -EINVAL; =20 + if (cpu_feature_enabled(X86_FEATURE_LASS) && + vsyscall_mode =3D=3D EMULATE) { + cr4_clear_bits(X86_CR4_LASS); + setup_clear_cpu_cap(X86_FEATURE_LASS); + pr_info_once("x86/cpu: Disabling LASS support due to vsyscall=3Demulate= \n"); + } + return 0; } =20 --=20 2.39.2 From nobody Sun Feb 8 00:49:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E12ACC77B73 for ; Tue, 30 May 2023 11:44:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229919AbjE3Lol (ORCPT ); Tue, 30 May 2023 07:44:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47108 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231612AbjE3Lnx (ORCPT ); Tue, 30 May 2023 07:43:53 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3400C10A for ; Tue, 30 May 2023 04:43:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685447027; x=1716983027; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=G6sE0O+Ymn27nVkvLirQB/p1cOObowjit5BY1oI6ToA=; b=f5R9XvEhb/2REO+NeYiPiiMcBopys3UhLtgj9Orier8PgHxKr5HeMkdB 6f0kKiHSR0TtHkNgAgiGzcTK8NsGa51uRRkNp/U8MHKuqIGAdMT3Tqx8W xTisDAJbFErEQ8AmB1cc2/9hF0jrinvz4p7Vg6dvHu0yjKqRDIJ+zl9LE e+OlPiYaRcrl0nbBAHvuzUoXnphneM06SPaBW0Bevy/G9wh01uXy3oWjT C2FH7RswwAK5KUrkLDgTRwux3sVjlZzgoMddjhkvxcPqO2YRM59ulCuic hw2N12nlwkLpvhcfEKDEzZGufHJxdHILzJ4o7HPTQitDSrnE9uopMw1vo A==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383145399" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="383145399" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 04:43:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="700588765" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="700588765" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 30 May 2023 04:43:20 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta , Paul Lai Cc: Alexander Shishkin , Dave Hansen Subject: [PATCH v2 10/12] x86/vsyscall: Document the fact that vsyscall=emulate disables LASS Date: Tue, 30 May 2023 14:42:45 +0300 Message-Id: <20230530114247.21821-11-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> References: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Since EMULATE mode of vsyscall disables LASS, because fixing the LASS violations during the EMULATE mode would need complex instruction decoding, document this fact in kernel-parameters.txt. Cc: Andy Lutomirski Suggested-by: Dave Hansen Signed-off-by: Alexander Shishkin --- Documentation/admin-guide/kernel-parameters.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentatio= n/admin-guide/kernel-parameters.txt index 9e5bab29685f..efed9193107e 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -6850,7 +6850,9 @@ =20 emulate Vsyscalls turn into traps and are emulated reasonably safely. The vsyscall page is - readable. + readable. This also disables the LASS + feature to allow userspace to poke around + the vsyscall page. =20 xonly [default] Vsyscalls turn into traps and are emulated reasonably safely. The vsyscall --=20 2.39.2 From nobody Sun Feb 8 00:49:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5E53C77B73 for ; Tue, 30 May 2023 11:44:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231597AbjE3Loj (ORCPT ); Tue, 30 May 2023 07:44:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47136 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231724AbjE3Lny (ORCPT ); Tue, 30 May 2023 07:43:54 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ABAD1114 for ; Tue, 30 May 2023 04:43:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685447028; x=1716983028; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=fuR9qvQ94ZrjBMln22ybuTxen7mUs7UOMBAmFKJPRd4=; b=CzYZiatXillWh7c2WpvGmGX9s1Y2pWPVGRjdNhO3VRunwljkt5YrBdRE Juk27X+ebc8VDFDG6ZKGm1Hv825vDCmjNzCKThanXgDR4+eGD/pMGSBHq RXfeJUQY5rIrA+DlNrsWSZT5Jya38dFMccf3E9Ik0MaiyE6nwX8bi1DHe 0rAXIwUUDraq1rscvxkQRdn8cpmxPOd3+DKhVf1BFzLBNLuvWCtztTk9N U+IZXO5WgsWJmIgG+BWrX2+MnrPTkjv9CNEmx5Zf96q782UgtEL38FxqG oHa03y7Z8s2zUjEYCcbAQp8upmkKFtz/wvigh+WbwOUXVOwJzUYNadHWh A==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383145407" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="383145407" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 04:43:26 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="700588776" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="700588776" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 30 May 2023 04:43:23 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta , Paul Lai Cc: Yian Chen Subject: [PATCH v2 11/12] x86/cpu: Set LASS CR4 bit as pinning sensitive Date: Tue, 30 May 2023 14:42:46 +0300 Message-Id: <20230530114247.21821-12-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> References: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Yian Chen Security features such as LASS are not expected to be disabled once initialized. Add LASS to the CR4 pinned mask. Signed-off-by: Yian Chen Reviewed-by: Tony Luck --- arch/x86/kernel/cpu/common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index f26c56fe9963..9ddc19c8832d 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -422,7 +422,7 @@ static __always_inline void setup_lass(struct cpuinfo_x= 86 *c) /* These bits should not change their value after CPU init is finished. */ static const unsigned long cr4_pinned_mask =3D X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP | - X86_CR4_FSGSBASE | X86_CR4_CET; + X86_CR4_FSGSBASE | X86_CR4_CET | X86_CR4_LASS; static DEFINE_STATIC_KEY_FALSE_RO(cr_pinning); static unsigned long cr4_pinned_bits __ro_after_init; =20 --=20 2.39.2 From nobody Sun Feb 8 00:49:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD167C77B73 for ; Tue, 30 May 2023 11:44:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231714AbjE3Lop (ORCPT ); Tue, 30 May 2023 07:44:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47076 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231963AbjE3Ln6 (ORCPT ); Tue, 30 May 2023 07:43:58 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C2B93E8 for ; Tue, 30 May 2023 04:43:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685447032; x=1716983032; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=6JK6GfSo8ZIvaNztCv9bRQqNHJQKx6PWj0vQ3SQJIHw=; b=RyLtvvYp+eAq9kGtvvJufNZd6L/2e7n0xCIGakFRVUipWaI5tbRkmSvo 8inveQCu2r4ktBRnpTHs2LjRPmgIgJZdqx0Wem4HWUMlLjCmTRCM76RcL EBldCIi3a1ArS7fHicPS1+gX6HPGAT20Bvi1ZxleDi1Fn/uZKAyA2oNu+ 9rRSIvB8EfcOc2PpCVjCAd6PAN48Swu+42Ni0FaEcC0w6aGuf2r1yijvs +xDgXE7mLICaYh2x6wtwvzYoGiofoSOjk/0/qMbRBuoetZJYyk9aYaJ8i 2n8WREzNhOBQhyblrfxJTa7zmtYdPRxcHomEXsQcUd7lwErsaN9CjreE1 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383145414" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="383145414" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2023 04:43:29 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="700588786" X-IronPort-AV: E=Sophos;i="6.00,204,1681196400"; d="scan'208";a="700588786" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 30 May 2023 04:43:26 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta , Paul Lai Subject: [RFC v2 12/12] x86/efi: Disable LASS enforcement when switching to EFI MM Date: Tue, 30 May 2023 14:42:47 +0300 Message-Id: <20230530114247.21821-13-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> References: <20230530114247.21821-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta [Code is experimental and not yet ready to be merged upstream] PeterZ suggested that EFI memory can be mapped in user virtual address space which would trigger LASS violation upon access. It isn't exactly clear how and when these user address mapping happen. It may be possible this is related to EFI mixed mode. Link:https://lore.kernel.org/lkml/Y73S56t%2FwDIGEPlK@hirez.programming.kick= s-ass.net/ stac()/clac() calls in the EFI MM enter and exit functions trigger objtool warnings due to switch_mm() not being classified as func_uaccess_safe. Refer Objtool warnings section #9 in the document tools/objtool/Documentation/objtool.txt. This would need to be resolved before even considering merging. Signed-off-by: Sohil Mehta --- arch/x86/platform/efi/efi_64.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c index 232acf418cfb..20966efcd87a 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -473,9 +473,14 @@ void __init efi_dump_pagetable(void) * while the EFI-mm is borrowed. mmgrab()/mmdrop() is not used because the= mm * can not change under us. * It should be ensured that there are no concurrent calls to this functio= n. + * + * Disable LASS enforcement temporarily when switching to EFI MM since it = could + * be mapped into the low 64-bit virtual address space with address bit 63= set + * to 0. */ void efi_enter_mm(void) { + stac(); efi_prev_mm =3D current->active_mm; current->active_mm =3D &efi_mm; switch_mm(efi_prev_mm, &efi_mm, NULL); @@ -485,6 +490,7 @@ void efi_leave_mm(void) { current->active_mm =3D efi_prev_mm; switch_mm(&efi_mm, efi_prev_mm, NULL); + clac(); } =20 static DEFINE_SPINLOCK(efi_runtime_lock); --=20 2.39.2