From nobody Sat Feb 7 22:21:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34201C7EE25 for ; Fri, 9 Jun 2023 18:37:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231390AbjFIShA (ORCPT ); Fri, 9 Jun 2023 14:37:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49614 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230422AbjFISg5 (ORCPT ); Fri, 9 Jun 2023 14:36:57 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7D8B135B3 for ; Fri, 9 Jun 2023 11:36:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686335816; x=1717871816; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=IIfx/R55sSRdSK/NBNQBdkhOv/11g+kVA3mLH3m3SZc=; b=LBhhDWEqme9bPtFtEux2wHU5FtYNGYPMSfwMZ2w7ed88KAlnT61K8n3r M4PPoKTxqIw+mxaGbDLjKJ0Gezk78t8+JBok5ZbESFspMOrVLRWBjT9IE fgBRVV92HUN5S+W8z3Aep+sW3MAshusJn24r5nmFtaNC80sVK3gxyoS/A 0cXCt3ZOOnzoux3LbrsAdFEjXgU/VktRQ0N8Pb0CNpwqWB+Md5Ar3A96A 49gQtqRUxb+BXNq5QrRKYo3+YNpSE8WzPWTfGJtE+sUYMPqnkOCi5sDjs gV7YO4B/z7GSdNBwHjpXH0ERL3FvA/E8WzZHZwKA1E1EqCltdhwKM806t w==; X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022062" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="338022062" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2023 11:36:56 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710443938" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="710443938" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:36:52 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta Cc: Yian Chen , Alexander Shishkin Subject: [PATCH v3 01/12] x86/cpu: Enumerate the LASS feature bits Date: Fri, 9 Jun 2023 21:36:21 +0300 Message-Id: <20230609183632.48706-2-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta Linear Address Space Separation (LASS) is a security feature that intends to prevent malicious virtual address space accesses across user/kernel mode. Such mode based access protection already exists today with paging and features such as SMEP and SMAP. However, to enforce these protections, the processor must traverse the paging structures in memory. Malicious software can use timing information resulting from this traversal to determine details about the paging structures, and these details may also be used to determine the layout of the kernel memory. The LASS mechanism provides the same mode-based protections as paging but without traversing the paging structures. Because the protections enforced by LASS are applied before paging, software will not be able to derive paging-based timing information from the various caching structures such as the TLBs, mid-level caches, page walker, data caches, etc. LASS enforcement relies on the typical kernel implementation to divide the 64-bit virtual address space into two halves: Addr[63]=3D0 -> User address space Addr[63]=3D1 -> Kernel address space Any data access or code execution across address spaces typically results in a #GP fault. The LASS enforcement for kernel data access is dependent on CR4.SMAP being set. The enforcement can be disabled by toggling the RFLAGS.AC bit similar to SMAP. Define the CPU feature bits to enumerate this feature and include feature dependencies to reflect the same. Co-developed-by: Yian Chen Signed-off-by: Yian Chen Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/disabled-features.h | 4 +++- arch/x86/include/asm/smap.h | 4 ++++ arch/x86/include/uapi/asm/processor-flags.h | 2 ++ arch/x86/kernel/cpu/cpuid-deps.c | 1 + tools/arch/x86/include/asm/cpufeatures.h | 1 + 6 files changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index cb8ca46213be..47e775144a34 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -312,6 +312,7 @@ /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */ #define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* AVX512 BFLOAT16 instruction= s */ +#define X86_FEATURE_LASS (12*32+ 6) /* Linear Address Space Separation */ #define X86_FEATURE_CMPCCXADD (12*32+ 7) /* "" CMPccXADD instruc= tions */ #define X86_FEATURE_ARCH_PERFMON_EXT (12*32+ 8) /* "" Intel Architectural = PerfMon Extension */ #define X86_FEATURE_FZRM (12*32+10) /* "" Fast zero-length REP MOVSB */ diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/as= m/disabled-features.h index fafe9be7a6f4..6535e5192082 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -22,12 +22,14 @@ # define DISABLE_CYRIX_ARR (1<<(X86_FEATURE_CYRIX_ARR & 31)) # define DISABLE_CENTAUR_MCR (1<<(X86_FEATURE_CENTAUR_MCR & 31)) # define DISABLE_PCID 0 +# define DISABLE_LASS 0 #else # define DISABLE_VME 0 # define DISABLE_K6_MTRR 0 # define DISABLE_CYRIX_ARR 0 # define DISABLE_CENTAUR_MCR 0 # define DISABLE_PCID (1<<(X86_FEATURE_PCID & 31)) +# define DISABLE_LASS (1<<(X86_FEATURE_LASS & 31)) #endif /* CONFIG_X86_64 */ =20 #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS @@ -122,7 +124,7 @@ #define DISABLED_MASK11 (DISABLE_RETPOLINE|DISABLE_RETHUNK|DISABLE_UNRET| \ DISABLE_CALL_DEPTH_TRACKING) #define DISABLED_MASK12 (DISABLE_LAM) -#define DISABLED_MASK13 0 +#define DISABLED_MASK13 (DISABLE_LASS) #define DISABLED_MASK14 0 #define DISABLED_MASK15 0 #define DISABLED_MASK16 (DISABLE_PKU|DISABLE_OSPKE|DISABLE_LA57|DISABLE_UM= IP| \ diff --git a/arch/x86/include/asm/smap.h b/arch/x86/include/asm/smap.h index bab490379c65..776dce849a58 100644 --- a/arch/x86/include/asm/smap.h +++ b/arch/x86/include/asm/smap.h @@ -27,6 +27,10 @@ =20 #else /* __ASSEMBLY__ */ =20 +/* + * The CLAC/STAC instructions toggle enforcement of X86_FEATURE_SMAP as we= ll as + * X86_FEATURE_LASS. + */ static __always_inline void clac(void) { /* Note: a barrier is implicit in alternative() */ diff --git a/arch/x86/include/uapi/asm/processor-flags.h b/arch/x86/include= /uapi/asm/processor-flags.h index d898432947ff..1d2405869c7a 100644 --- a/arch/x86/include/uapi/asm/processor-flags.h +++ b/arch/x86/include/uapi/asm/processor-flags.h @@ -136,6 +136,8 @@ #define X86_CR4_PKE _BITUL(X86_CR4_PKE_BIT) #define X86_CR4_CET_BIT 23 /* enable Control-flow Enforcement Technology = */ #define X86_CR4_CET _BITUL(X86_CR4_CET_BIT) +#define X86_CR4_LASS_BIT 27 /* enable Linear Address Space Separation supp= ort */ +#define X86_CR4_LASS _BITUL(X86_CR4_LASS_BIT) #define X86_CR4_LAM_SUP_BIT 28 /* LAM for supervisor pointers */ #define X86_CR4_LAM_SUP _BITUL(X86_CR4_LAM_SUP_BIT) =20 diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-d= eps.c index f6748c8bd647..722020b2e837 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -81,6 +81,7 @@ static const struct cpuid_dep cpuid_deps[] =3D { { X86_FEATURE_XFD, X86_FEATURE_XSAVES }, { X86_FEATURE_XFD, X86_FEATURE_XGETBV1 }, { X86_FEATURE_AMX_TILE, X86_FEATURE_XFD }, + { X86_FEATURE_LASS, X86_FEATURE_SMAP }, {} }; =20 diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/incl= ude/asm/cpufeatures.h index b89005819cd5..59d2880be0e0 100644 --- a/tools/arch/x86/include/asm/cpufeatures.h +++ b/tools/arch/x86/include/asm/cpufeatures.h @@ -311,6 +311,7 @@ /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */ #define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* AVX512 BFLOAT16 instruction= s */ +#define X86_FEATURE_LASS (12*32+ 6) /* Linear Address Space Separation */ #define X86_FEATURE_CMPCCXADD (12*32+ 7) /* "" CMPccXADD instruc= tions */ #define X86_FEATURE_LKGS (12*32+18) /* "" Load "kernel" (userspace) GS */ #define X86_FEATURE_AMX_FP16 (12*32+21) /* "" AMX fp16 Support */ --=20 2.39.2 From nobody Sat Feb 7 22:21:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC80EC7EE29 for ; Fri, 9 Jun 2023 18:37:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231534AbjFIShI (ORCPT ); Fri, 9 Jun 2023 14:37:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49670 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231479AbjFIShC (ORCPT ); Fri, 9 Jun 2023 14:37:02 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A660035B5 for ; Fri, 9 Jun 2023 11:36:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686335819; x=1717871819; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=0EsEMi/iv7xFak5m4YpFIXQtablbSyEfe89CDk9g/WM=; b=g+7cW+k5VxytIm8zCD28lq3kcnhJSDE99k4k/Mzeb2NG/99AWjlhUPuV H0VZkTRd4jvFJySXZoqtWGDcX0iqkdRH9tcXkRjXHWC0Sv7x8b3j6Ludf yntYtGsnQlduv7Y+eLFghXfW6dRSkJb0S04zJ9kmCkV3XGtK2EoKHVIa+ kabGmP7j5tyoICGU3OoJqT2ixxQrnCQ7aMcwDKvJV1gGVTRyeODj5jC6+ DY8IZu154Yy3fcmZkRDanS3DxzX5ADbgJkP7relablDorbo/sdgrPpaeu z3nCUllFcWY8HyUxkkFya6P/Do3HPNFLI8/8ynYSWjLOs27hmkT0l7z+R g==; X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022083" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="338022083" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2023 11:36:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710443951" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="710443951" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:36:55 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta Cc: Peter Zijlstra , Alexander Shishkin Subject: [PATCH v3 02/12] x86/asm: Introduce inline memcpy and memset Date: Fri, 9 Jun 2023 21:36:22 +0300 Message-Id: <20230609183632.48706-3-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Peter Zijlstra Provide inline memcpy and memset functions that can be used instead of the GCC builtins whenever necessary. Code posted by Peter Zijlstra . Link: https://lore.kernel.org/lkml/Y759AJ%2F0N9fqwDED@hirez.programming.kic= ks-ass.net/ [Missing Signed-off-by from PeterZ] Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/include/asm/string_32.h | 21 +++++++++++++++++++++ arch/x86/include/asm/string_64.h | 21 +++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/arch/x86/include/asm/string_32.h b/arch/x86/include/asm/string= _32.h index 32c0d981a82a..8896270e5eda 100644 --- a/arch/x86/include/asm/string_32.h +++ b/arch/x86/include/asm/string_32.h @@ -151,6 +151,16 @@ extern void *memcpy(void *, const void *, size_t); =20 #endif /* !CONFIG_FORTIFY_SOURCE */ =20 +static __always_inline void *__inline_memcpy(void *to, const void *from, s= ize_t len) +{ + void *ret =3D to; + + asm volatile("rep movsb" + : "+D" (to), "+S" (from), "+c" (len) + : : "memory"); + return ret; +} + #define __HAVE_ARCH_MEMMOVE void *memmove(void *dest, const void *src, size_t n); =20 @@ -195,6 +205,17 @@ extern void *memset(void *, int, size_t); #define memset(s, c, count) __builtin_memset(s, c, count) #endif /* !CONFIG_FORTIFY_SOURCE */ =20 +static __always_inline void *__inline_memset(void *s, int v, size_t n) +{ + void *ret =3D s; + + asm volatile("rep stosb" + : "+D" (s), "+c" (n) + : "a" ((uint8_t)v) + : "memory"); + return ret; +} + #define __HAVE_ARCH_MEMSET16 static inline void *memset16(uint16_t *s, uint16_t v, size_t n) { diff --git a/arch/x86/include/asm/string_64.h b/arch/x86/include/asm/string= _64.h index 857d364b9888..ea51e2d73265 100644 --- a/arch/x86/include/asm/string_64.h +++ b/arch/x86/include/asm/string_64.h @@ -18,10 +18,31 @@ extern void *memcpy(void *to, const void *from, size_t len); extern void *__memcpy(void *to, const void *from, size_t len); =20 +static __always_inline void *__inline_memcpy(void *to, const void *from, s= ize_t len) +{ + void *ret =3D to; + + asm volatile("rep movsb" + : "+D" (to), "+S" (from), "+c" (len) + : : "memory"); + return ret; +} + #define __HAVE_ARCH_MEMSET void *memset(void *s, int c, size_t n); void *__memset(void *s, int c, size_t n); =20 +static __always_inline void *__inline_memset(void *s, int v, size_t n) +{ + void *ret =3D s; + + asm volatile("rep stosb" + : "+D" (s), "+c" (n) + : "a" ((uint8_t)v) + : "memory"); + return ret; +} + /* * KMSAN needs to instrument as much code as possible. Use C versions of * memsetXX() from lib/string.c under KMSAN. --=20 2.39.2 From nobody Sat Feb 7 22:21:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1803C7EE25 for ; Fri, 9 Jun 2023 18:37:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231650AbjFIShL (ORCPT ); Fri, 9 Jun 2023 14:37:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49690 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231494AbjFIShD (ORCPT ); Fri, 9 Jun 2023 14:37:03 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C03893A81 for ; Fri, 9 Jun 2023 11:37:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686335821; x=1717871821; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Proxdl6OP+ssiJM42L+/0ZzD/+N45NVfmnXriOx5xto=; b=GdcwdBO2MszjDYqGJ7Lp3/i6ecGtP+G0GvT1FTBSzTtBqfDvuj6mRV6g obelZYy8t2OndJ11yJQJtk4pPQZYvFXpsQBEOBIa7NBFrSPSGbGOzU20u /BC44OuSJgyRNwE7P9rIOAxSaXYjzS5L0UK1hGIhVYzpgRSNJT4zY8u19 dSwb8mXi/QUZkUO7CpPHhRr3fy2mauD6/KFsdLUGLjOKV8VPlWZX+uaYw wByqvFDFO8hMJLwRzpsi/uQOoRJRvwIjVe7oCBG9LzDs+SE05dVxI+SJo TaxfLLWXGkQNBRK+yB4dBPO7LDmeyrQtB5sK4rIp/b1RRizNEU8yZXePl A==; X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022090" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="338022090" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2023 11:37:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710443967" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="710443967" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:36:58 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta Cc: Alexander Shishkin Subject: [PATCH v3 03/12] x86/alternatives: Disable LASS when patching kernel alternatives Date: Fri, 9 Jun 2023 21:36:23 +0300 Message-Id: <20230609183632.48706-4-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta For patching, the kernel initializes a temporary mm area in the lower half of the address range. See commit 4fc19708b165 ("x86/alternatives: Initialize temporary mm for patching"). Disable LASS enforcement during patching using the stac()/clac() instructions to avoid triggering a #GP fault. The objtool warns due to a call to a non-allowed function that exists outside of the stac/clac guard, or references to any function with a dynamic function pointer inside the guard. See the Objtool warnings section #9 in the document tools/objtool/Documentation/objtool.txt. Considering that patching is usually small, replace the memcpy and memset functions in the text poking functions with their inline versions respectively. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/kernel/alternative.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index f615e0cb6d93..eac6a5406d39 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -1526,16 +1526,24 @@ static inline void unuse_temporary_mm(temp_mm_state= _t prev_state) __ro_after_init struct mm_struct *poking_mm; __ro_after_init unsigned long poking_addr; =20 +/* + * poking_init() initializes the text poking address from the lower half o= f the + * address space. Relax LASS enforcement when accessing the poking address. + */ static void text_poke_memcpy(void *dst, const void *src, size_t len) { - memcpy(dst, src, len); + stac(); + __inline_memcpy(dst, src, len); + clac(); } =20 static void text_poke_memset(void *dst, const void *src, size_t len) { int c =3D *(const int *)src; =20 - memset(dst, c, len); + stac(); + __inline_memset(dst, c, len); + clac(); } =20 typedef void text_poke_f(void *dst, const void *src, size_t len); --=20 2.39.2 From nobody Sat Feb 7 22:21:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02C0BC7EE25 for ; Fri, 9 Jun 2023 18:37:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231731AbjFIShQ (ORCPT ); Fri, 9 Jun 2023 14:37:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230422AbjFIShG (ORCPT ); Fri, 9 Jun 2023 14:37:06 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 750183A9A for ; Fri, 9 Jun 2023 11:37:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686335824; x=1717871824; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1UrDnJHGNX2U4JfQB881tpK0A4pQCMjacd032qm+qm8=; b=c8oN27BMU7y1VjQJHkbOD4ZZ3u2m6bKgKX6fOB1NO17v97IvZYnYG5ry 2mRDHRjVDPgRWiUf29bg54W9YsyNLyuEqBBldNiESTH7Vq5jBLh4Ndigw ex4qTHivHK91uGUOIGuhlfZ4V9PXQD4hSXnZ2b/T1nritXd5iCPaiFKNL M9ndFVopFKWWub5Qpu4r+MkVV3sBU4llYlE+Ru/5kZOty3mHKAmbWD8IG /4xBBiB250kzsk+4nql1IEfW8FH0O8+MpDG4Z3aBedXnMd7Q1PEmD0gke IVRU0iQs9eB51uAncPmYuK3mZBRTvfS0KCK9Z2fhHgTh0m9DvhcR6hUM1 Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022115" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="338022115" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2023 11:37:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710443981" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="710443981" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:37:01 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta Cc: Alexander Shishkin Subject: [PATCH v3 04/12] x86/cpu: Enable LASS during CPU initialization Date: Fri, 9 Jun 2023 21:36:24 +0300 Message-Id: <20230609183632.48706-5-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta Being a security feature, enable LASS by default if the platform supports it. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/kernel/cpu/common.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 80710a68ef7d..315cc67ba93a 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -413,6 +413,12 @@ static __always_inline void setup_umip(struct cpuinfo_= x86 *c) cr4_clear_bits(X86_CR4_UMIP); } =20 +static __always_inline void setup_lass(struct cpuinfo_x86 *c) +{ + if (cpu_feature_enabled(X86_FEATURE_LASS)) + cr4_set_bits(X86_CR4_LASS); +} + /* These bits should not change their value after CPU init is finished. */ static const unsigned long cr4_pinned_mask =3D X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP | @@ -1859,6 +1865,7 @@ static void identify_cpu(struct cpuinfo_x86 *c) setup_smep(c); setup_smap(c); setup_umip(c); + setup_lass(c); =20 /* Enable FSGSBASE instructions if available. */ if (cpu_has(c, X86_FEATURE_FSGSBASE)) { --=20 2.39.2 From nobody Sat Feb 7 22:21:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5366BC7EE25 for ; Fri, 9 Jun 2023 18:37:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231566AbjFISh2 (ORCPT ); Fri, 9 Jun 2023 14:37:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49868 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231526AbjFIShL (ORCPT ); Fri, 9 Jun 2023 14:37:11 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F04683A81 for ; Fri, 9 Jun 2023 11:37:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686335826; x=1717871826; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=qKyNIvMeQTnITz3tvK/CEkwMGn5R6uyFtz+5959rH34=; b=cPd1yPdZZzJ2nqA42iQAK1nv0U/RLc7MEdnI4eAKdRdG5O20cfkJBy9A 5jNWxYOL5q9thbSWNa/tX2u0mnJVpCIb4z3igSZaVd/aLvKkzI4gaxCok mCc8hi29V+pIynwJxqwMTcTig5mUa3A6ctxxrrvzzBdGWn1w3HEoL7qKH HSzgJ9uH3bnSwO3qoxaXO/netpd8569sEOFi6ipKnMbpBHqnoWTyH3kmU 9xxaJAUH6XxRu+1SDTfmdqpT82nOlnvFMWZZqYrV8DJfJU/PGtfuhFHWO hv6E4blbD7SFRyEZb+34YrZYTdy+zBGn9IaQP6hgiZ39Pgus0IUaezyC9 g==; X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022130" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="338022130" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2023 11:37:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710444011" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="710444011" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:37:04 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta Cc: Alexander Shishkin Subject: [PATCH v3 05/12] x86/cpu: Remove redundant comment during feature setup Date: Fri, 9 Jun 2023 21:36:25 +0300 Message-Id: <20230609183632.48706-6-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta The code below the comment is self explanatory. Instead of updating the comment with the newly added LASS feature, it is better to just remove it. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/kernel/cpu/common.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 315cc67ba93a..f26c56fe9963 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1861,7 +1861,6 @@ static void identify_cpu(struct cpuinfo_x86 *c) /* Disable the PN if appropriate */ squash_the_stupid_serial_number(c); =20 - /* Set up SMEP/SMAP/UMIP */ setup_smep(c); setup_smap(c); setup_umip(c); --=20 2.39.2 From nobody Sat Feb 7 22:21:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58E94C7EE29 for ; Fri, 9 Jun 2023 18:37:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231777AbjFIShb (ORCPT ); Fri, 9 Jun 2023 14:37:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49684 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231738AbjFIShV (ORCPT ); Fri, 9 Jun 2023 14:37:21 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7F783A99 for ; Fri, 9 Jun 2023 11:37:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686335829; x=1717871829; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=13cn72a/wCkpmzunPjxPIh2qs4h8VINUpDvsn4MEd2k=; b=Zon+hOPsd+2vbS2D8HCN1G3YYn01M0ne26rxfPPrAu0lfnXPbP98O98D H3gA6rTyvSnjCO3ZnkdHDj6aS6B0snGEiJT6kZQlf7DOMtT0OTameaUNf DXneOeeSKDbiCH1CrrTmPEYWLs8ZH+jvowIeDPCltEP/kxg/lg7GeFMHa BwehYmryttPDQxPf3oi5RMRXDGmDXyiR92WAkYWBvFyLn9BZWRqVQz+t8 ascfRoqnXEFgG+ur+UsqOmkKL0xwqV9/LJcpRKRFo7pj7E5zFzmaiZFtd hkvaEAG7V0oRO0AU6/XCDa8EmB0VU8Uw7Q74DcPo/bMx9tr69WmzOu9nX Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022156" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="338022156" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2023 11:37:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710444037" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="710444037" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:37:06 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta Cc: Alexander Shishkin Subject: [PATCH v3 06/12] x86/vsyscall: Reorganize the #PF emulation code Date: Fri, 9 Jun 2023 21:36:26 +0300 Message-Id: <20230609183632.48706-7-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta Separate out the actual vsyscall emulation from the page fault specific handling in preparation for the upcoming #GP fault emulation. Export is_vsyscall_vaddr() so that it can be reused later. No functional change intended. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/entry/vsyscall/vsyscall_64.c | 51 +++++++++++++++++---------- arch/x86/include/asm/vsyscall.h | 10 +++--- arch/x86/mm/fault.c | 13 ++----- 3 files changed, 41 insertions(+), 33 deletions(-) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscal= l/vsyscall_64.c index e0ca8120aea8..dd112e538992 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -82,6 +82,15 @@ static void warn_bad_vsyscall(const char *level, struct = pt_regs *regs, regs->sp, regs->ax, regs->si, regs->di); } =20 +/* + * The (legacy) vsyscall page is the long page in the kernel portion + * of the address space that has user-accessible permissions. + */ +bool is_vsyscall_vaddr(unsigned long vaddr) +{ + return unlikely((vaddr & PAGE_MASK) =3D=3D VSYSCALL_ADDR); +} + static int addr_to_vsyscall_nr(unsigned long addr) { int nr; @@ -117,8 +126,7 @@ static bool write_ok_or_segv(unsigned long ptr, size_t = size) } } =20 -bool emulate_vsyscall(unsigned long error_code, - struct pt_regs *regs, unsigned long address) +static bool __emulate_vsyscall(struct pt_regs *regs, unsigned long address) { struct task_struct *tsk; unsigned long caller; @@ -127,22 +135,6 @@ bool emulate_vsyscall(unsigned long error_code, long ret; unsigned long orig_dx; =20 - /* Write faults or kernel-privilege faults never get fixed up. */ - if ((error_code & (X86_PF_WRITE | X86_PF_USER)) !=3D X86_PF_USER) - return false; - - if (!(error_code & X86_PF_INSTR)) { - /* Failed vsyscall read */ - if (vsyscall_mode =3D=3D EMULATE) - return false; - - /* - * User code tried and failed to read the vsyscall page. - */ - warn_bad_vsyscall(KERN_INFO, regs, "vsyscall read attempt denied -- look= up the vsyscall kernel parameter if you need a workaround"); - return false; - } - /* * No point in checking CS -- the only way to get here is a user mode * trap to a high address, which means that we're in 64-bit user code. @@ -294,6 +286,29 @@ bool emulate_vsyscall(unsigned long error_code, return true; } =20 +bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs, + unsigned long address) +{ + /* Write faults or kernel-privilege faults never get fixed up. */ + if ((error_code & (X86_PF_WRITE | X86_PF_USER)) !=3D X86_PF_USER) + return false; + + if (!(error_code & X86_PF_INSTR)) { + /* Failed vsyscall read */ + if (vsyscall_mode =3D=3D EMULATE) + return false; + + /* + * User code tried and failed to read the vsyscall page. + */ + warn_bad_vsyscall(KERN_INFO, regs, + "vsyscall read attempt denied -- look up the vsyscall kernel paramet= er if you need a workaround"); + return false; + } + + return __emulate_vsyscall(regs, address); +} + /* * A pseudo VMA to allow ptrace access for the vsyscall page. This only * covers the 64bit vsyscall page now. 32bit has a real VMA now and does diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscal= l.h index ab60a71a8dcb..667b280afc1a 100644 --- a/arch/x86/include/asm/vsyscall.h +++ b/arch/x86/include/asm/vsyscall.h @@ -5,6 +5,8 @@ #include #include =20 +extern bool is_vsyscall_vaddr(unsigned long vaddr); + #ifdef CONFIG_X86_VSYSCALL_EMULATION extern void map_vsyscall(void); extern void set_vsyscall_pgtable_user_bits(pgd_t *root); @@ -13,12 +15,12 @@ extern void set_vsyscall_pgtable_user_bits(pgd_t *root); * Called on instruction fetch fault in vsyscall page. * Returns true if handled. */ -extern bool emulate_vsyscall(unsigned long error_code, - struct pt_regs *regs, unsigned long address); +extern bool emulate_vsyscall_pf(unsigned long error_code, + struct pt_regs *regs, unsigned long address); #else static inline void map_vsyscall(void) {} -static inline bool emulate_vsyscall(unsigned long error_code, - struct pt_regs *regs, unsigned long address) +static inline bool emulate_vsyscall_pf(unsigned long error_code, + struct pt_regs *regs, unsigned long address) { return false; } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index e4399983c50c..645eb3323f34 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -730,7 +730,7 @@ kernelmode_fixup_or_oops(struct pt_regs *regs, unsigned= long error_code, * Per the above we're !in_interrupt(), aka. task context. * * In this case we need to make sure we're not recursively - * faulting through the emulate_vsyscall() logic. + * faulting through the emulate_vsyscall_pf() logic. */ if (current->thread.sig_on_uaccess_err && signal) { sanitize_error_code(address, &error_code); @@ -798,15 +798,6 @@ show_signal_msg(struct pt_regs *regs, unsigned long er= ror_code, show_opcodes(regs, loglvl); } =20 -/* - * The (legacy) vsyscall page is the long page in the kernel portion - * of the address space that has user-accessible permissions. - */ -static bool is_vsyscall_vaddr(unsigned long vaddr) -{ - return unlikely((vaddr & PAGE_MASK) =3D=3D VSYSCALL_ADDR); -} - static void __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, unsigned long address, u32 pkey, int si_code) @@ -1329,7 +1320,7 @@ void do_user_addr_fault(struct pt_regs *regs, * to consider the PF_PK bit. */ if (is_vsyscall_vaddr(address)) { - if (emulate_vsyscall(error_code, regs, address)) + if (emulate_vsyscall_pf(error_code, regs, address)) return; } #endif --=20 2.39.2 From nobody Sat Feb 7 22:21:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D956DC7EE29 for ; Fri, 9 Jun 2023 18:37:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231657AbjFIShe (ORCPT ); Fri, 9 Jun 2023 14:37:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231779AbjFIShZ (ORCPT ); Fri, 9 Jun 2023 14:37:25 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4E2793ABF for ; Fri, 9 Jun 2023 11:37:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686335832; x=1717871832; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=jwp2HjzYTo7V1oc3MvCqOYLHYFthgPfSLKoKbfmVBTI=; b=NjzZInySB9HgOhCIiP8pcWuNdaboqXoixvdOPMDviVqYfaBOjMZ6pup4 U6C9sfDfqQtyHUP7Iq5n5DkuD0BX+dkoVa40YSMOuv9bd6iJzXsK5Ar6g gQmp4GNNLegUJLnWNdS1ZsWmEOKa2njb7kbUA3jOvJojwMV9AdzfBfngA DTgVwK2p7zG7vBThoCT5y70maXfCs9p57IRCwU3gZiK39kqqbU5gld2V3 b36ByPgcZRJ+B+9RChiXorlYGxsGFymEap3cBzbo5E9q6Ivky32/GFaKZ jR3HaNmm6jgmE+9nRDqw6mYS8XEGBwm3okA+8t9jRPupP0VZNAgF5wiaZ A==; X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022169" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="338022169" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2023 11:37:12 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710444055" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="710444055" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:37:09 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta Cc: Dave Hansen , Alexander Shishkin Subject: [PATCH v3 07/12] x86/traps: Consolidate user fixups in exc_general_protection() Date: Fri, 9 Jun 2023 21:36:27 +0300 Message-Id: <20230609183632.48706-8-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta Move the UMIP exception fixup along with the other user mode fixups. No functional change intended. Suggested-by: Dave Hansen Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/kernel/traps.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index 58b1f208eff5..f3e619ce9fbd 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -736,11 +736,6 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) =20 cond_local_irq_enable(regs); =20 - if (static_cpu_has(X86_FEATURE_UMIP)) { - if (user_mode(regs) && fixup_umip_exception(regs)) - goto exit; - } - if (v8086_mode(regs)) { local_irq_enable(); handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code); @@ -755,6 +750,9 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) if (fixup_vdso_exception(regs, X86_TRAP_GP, error_code, 0)) goto exit; =20 + if (cpu_feature_enabled(X86_FEATURE_UMIP) && fixup_umip_exception(regs)) + goto exit; + gp_user_force_sig_segv(regs, X86_TRAP_GP, error_code, desc); goto exit; } --=20 2.39.2 From nobody Sat Feb 7 22:21:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0964DC7EE29 for ; Fri, 9 Jun 2023 18:37:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229683AbjFISho (ORCPT ); Fri, 9 Jun 2023 14:37:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231708AbjFISh1 (ORCPT ); Fri, 9 Jun 2023 14:37:27 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D6B7E3C1B for ; Fri, 9 Jun 2023 11:37:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686335834; x=1717871834; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=rt9yrRSSQctOLo3XiuDMAeXvCUu9OQR70n+HgxLIsZI=; b=ehaSCjjrMt2sXmmP8ykcWVHJorxI1ZJX9Wg1p4nbV+q3RD0OsBFw9iYD 8I03eGc0YAzEpojQIXFpyLZmeI5zTK/3N883ImZ1+hYuFdITMfWLRXXQi x45+KuIsqWnqISrSBCzmBLOiR6jnjim2fGgS8Xv2d8o6LKI9kWgWEehIM FpoDhfkWL7QaJuNRru8V14fwX2YMmbfRMZ0x5JhDDWN0jf4aT6/hNeQXv l1bTNjUCoTGRifdC2MbQYMG6RIc6F1tqAG5QFexj3ChRWH4mJvI19RIYS YtPRTFFKfoHNMieeQMNPQHdE0t+6bCnDBnfHefOI2g8gz46K89xgq7tCQ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022183" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="338022183" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2023 11:37:14 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710444066" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="710444066" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:37:12 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta Cc: Alexander Shishkin Subject: [PATCH v3 08/12] x86/vsyscall: Add vsyscall emulation for #GP Date: Fri, 9 Jun 2023 21:36:28 +0300 Message-Id: <20230609183632.48706-9-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta The legacy vsyscall page is mapped at a fixed address in the kernel address range 0xffffffffff600000-0xffffffffff601000. Prior to LASS being introduced, a legacy vsyscall page access from userspace would always generate a page fault. The kernel emulates the execute (XONLY) accesses in the page fault handler and returns back to userspace with the appropriate register values. Since LASS intercepts these accesses before the paging structures are traversed it generates a general protection fault instead of a page fault. The #GP fault doesn't provide much information in terms of the error code. So, use the faulting RIP which is preserved in the user registers to emulate the vsyscall access without going through complex instruction decoding. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/entry/vsyscall/vsyscall_64.c | 11 ++++++++++- arch/x86/include/asm/vsyscall.h | 6 ++++++ arch/x86/kernel/traps.c | 4 ++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscal= l/vsyscall_64.c index dd112e538992..76e1344997d2 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -23,7 +23,7 @@ * soon be no new userspace code that will ever use a vsyscall. * * The code in this file emulates vsyscalls when notified of a page - * fault to a vsyscall address. + * fault or a general protection fault to a vsyscall address. */ =20 #include @@ -309,6 +309,15 @@ bool emulate_vsyscall_pf(unsigned long error_code, str= uct pt_regs *regs, return __emulate_vsyscall(regs, address); } =20 +bool emulate_vsyscall_gp(struct pt_regs *regs) +{ + /* Emulate only if the RIP points to the vsyscall address */ + if (!is_vsyscall_vaddr(regs->ip)) + return false; + + return __emulate_vsyscall(regs, regs->ip); +} + /* * A pseudo VMA to allow ptrace access for the vsyscall page. This only * covers the 64bit vsyscall page now. 32bit has a real VMA now and does diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscal= l.h index 667b280afc1a..7180a849143f 100644 --- a/arch/x86/include/asm/vsyscall.h +++ b/arch/x86/include/asm/vsyscall.h @@ -17,6 +17,7 @@ extern void set_vsyscall_pgtable_user_bits(pgd_t *root); */ extern bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs, unsigned long address); +extern bool emulate_vsyscall_gp(struct pt_regs *regs); #else static inline void map_vsyscall(void) {} static inline bool emulate_vsyscall_pf(unsigned long error_code, @@ -24,6 +25,11 @@ static inline bool emulate_vsyscall_pf(unsigned long err= or_code, { return false; } + +static inline bool emulate_vsyscall_gp(struct pt_regs *regs) +{ + return false; +} #endif =20 #endif /* _ASM_X86_VSYSCALL_H */ diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index f3e619ce9fbd..42d13e17e068 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -65,6 +65,7 @@ #include #include #include +#include =20 #ifdef CONFIG_X86_64 #include @@ -753,6 +754,9 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) if (cpu_feature_enabled(X86_FEATURE_UMIP) && fixup_umip_exception(regs)) goto exit; =20 + if (cpu_feature_enabled(X86_FEATURE_LASS) && emulate_vsyscall_gp(regs)) + goto exit; + gp_user_force_sig_segv(regs, X86_TRAP_GP, error_code, desc); goto exit; } --=20 2.39.2 From nobody Sat Feb 7 22:21:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 13178C7EE29 for ; Fri, 9 Jun 2023 18:37:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231908AbjFIShy (ORCPT ); Fri, 9 Jun 2023 14:37:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231773AbjFIShb (ORCPT ); Fri, 9 Jun 2023 14:37:31 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8DFE4208 for ; Fri, 9 Jun 2023 11:37:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686335837; x=1717871837; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Kqqh5ha8khfs4wbhJ6L5qG6qGaL9WXdzS8FyENlo0gA=; b=ZZXSZhkoTInxPwLd8uHBteQJMYAoCgsZwGFkjjqKkiCaRjM5qi11p/1f hrYRVEiUIx8oua9XygkdkDTRJwL7+yE2wDVGUUZN/STlBka5wvXCWcx1u ocREf/n+Ys/KDI4FPHxxXLPuY352crIjwOO89CcAK/CjvUEEU4p6yGy1m cHnWPsOCfl67XpL55PJilWAdF47MwhJ3iFijrHZ01iIMKJJI4mraynmOZ RCEIm+oRxDqfkuaU2GWTByZTBjRVoJ0uWs5JfEcTAk5wvy5FjLf4yjclR 8Nfw6C1gdzxHZhI0gMebD19a+chY+Mznlq/eDRK3VLE8274Lqem6AKwPD w==; X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022190" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="338022190" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2023 11:37:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710444084" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="710444084" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:37:14 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta Cc: Alexander Shishkin Subject: [PATCH v3 09/12] x86/vsyscall: Disable LASS if vsyscall mode is set to EMULATE Date: Fri, 9 Jun 2023 21:36:29 +0300 Message-Id: <20230609183632.48706-10-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta The EMULATE mode of vsyscall maps the vsyscall page into user address space which can be read directly by the user application. This mode has been deprecated recently and can only be enabled from a special command line parameter vsyscall=3Demulate. See commit bf00745e7791 ("x86/vsyscall: Remove CONFIG_LEGACY_VSYSCALL_EMULATE") Fixing the LASS violations during the EMULATE mode would need complex instruction decoding since the resulting #GP fault does not include any useful error information and the vsyscall address is not readily available in the RIP. At this point, no one is expected to be using the insecure and deprecated EMULATE mode. The rare usages that need support probably don't care much about security anyway. Disable LASS when EMULATE mode is requested during command line parsing to avoid breaking user software. LASS will be supported if vsyscall mode is set to XONLY or NONE. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/entry/vsyscall/vsyscall_64.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscal= l/vsyscall_64.c index 76e1344997d2..edd58eda8f50 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include =20 @@ -63,6 +64,13 @@ static int __init vsyscall_setup(char *str) else return -EINVAL; =20 + if (cpu_feature_enabled(X86_FEATURE_LASS) && + vsyscall_mode =3D=3D EMULATE) { + cr4_clear_bits(X86_CR4_LASS); + setup_clear_cpu_cap(X86_FEATURE_LASS); + pr_info_once("x86/cpu: Disabling LASS support due to vsyscall=3Demulate= \n"); + } + return 0; } =20 --=20 2.39.2 From nobody Sat Feb 7 22:21:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A795CC7EE25 for ; Fri, 9 Jun 2023 18:38:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231990AbjFISiL (ORCPT ); Fri, 9 Jun 2023 14:38:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49882 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230454AbjFIShq (ORCPT ); Fri, 9 Jun 2023 14:37:46 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2800B4231 for ; Fri, 9 Jun 2023 11:37:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686335845; x=1717871845; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=G6sE0O+Ymn27nVkvLirQB/p1cOObowjit5BY1oI6ToA=; b=jqZausiQqiliZT/hXqP1O+IG1QdCGRCqzgWrrEe8TEy8Sl5kfHOYsi6g 4T+cUj4RkdnHs0PHC4uBbqTqZcNwApAJ9iXcSClMslTgXCSzobp/X2WQD iXWFSiHYcLAL+qNN1rH2lgAmJ8v41nqlv1wDS6Om4nNxdIjLvTTLe0Ofq YGDainiuXsUl/Ll4ort/wPu0Ja7QIvHCXXhYfoJn6vhDUVFqwEAC3SGQP 92I7bLghifsegjkT0c+96uXLNAkL/cNvPHNrR8+hyanKej7GpDKEqWP19 JjT0WQKPh33RQsiP0o1uMtM+GUOWhxE1ih3SMBwFX9Xsxhp8Y+UM1HJLn w==; X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022207" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="338022207" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2023 11:37:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710444098" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="710444098" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:37:17 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta Cc: Alexander Shishkin , Dave Hansen Subject: [PATCH v3 10/12] x86/vsyscall: Document the fact that vsyscall=emulate disables LASS Date: Fri, 9 Jun 2023 21:36:30 +0300 Message-Id: <20230609183632.48706-11-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Since EMULATE mode of vsyscall disables LASS, because fixing the LASS violations during the EMULATE mode would need complex instruction decoding, document this fact in kernel-parameters.txt. Cc: Andy Lutomirski Suggested-by: Dave Hansen Signed-off-by: Alexander Shishkin --- Documentation/admin-guide/kernel-parameters.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentatio= n/admin-guide/kernel-parameters.txt index 9e5bab29685f..efed9193107e 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -6850,7 +6850,9 @@ =20 emulate Vsyscalls turn into traps and are emulated reasonably safely. The vsyscall page is - readable. + readable. This also disables the LASS + feature to allow userspace to poke around + the vsyscall page. =20 xonly [default] Vsyscalls turn into traps and are emulated reasonably safely. The vsyscall --=20 2.39.2 From nobody Sat Feb 7 22:21:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E9B1C7EE37 for ; Fri, 9 Jun 2023 18:38:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229900AbjFISiP (ORCPT ); Fri, 9 Jun 2023 14:38:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50412 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231841AbjFIShv (ORCPT ); Fri, 9 Jun 2023 14:37:51 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0868359A for ; Fri, 9 Jun 2023 11:37:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686335847; x=1717871847; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=DqKTca5gyr7Im4WSf8/P06PY9UT7NdBNnxnbcZy0OCE=; b=Xc/2danfFPgfvQIqNzl2NRRTTEDEp60FaHLAUKJNOwzBuepjtEFKp6e4 Q4j8sG2Jx6XAIwUt3SOMM51xXI/4CK8UsGpVdmaE9xCiRtfaQUjEKAcYD H47PbIbt1/9P51xxqCJLG5TAtMZMbXG1hPIj9wvGHHzzCuBR0fItngwir oANSd1WQY2/CvX+N++7w4L+0bQHJD21hLGAWndbPRp+CQqX2Jomn0LY/3 i0RVhMevXAD6nsOscoH+JIiDoa6IkPey1DTvjsqkbIzbQfj/xTN60Or9p T/g7IZoNGkNa2ZySIe5pvPN5SgbSOPpRV4MeeTK4iOuMA/2xiBaSrglwl Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022216" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="338022216" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2023 11:37:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710444115" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="710444115" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:37:20 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta Cc: Yian Chen , Alexander Shishkin Subject: [PATCH v3 11/12] x86/cpu: Set LASS CR4 bit as pinning sensitive Date: Fri, 9 Jun 2023 21:36:31 +0300 Message-Id: <20230609183632.48706-12-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Yian Chen Security features such as LASS are not expected to be disabled once initialized. Add LASS to the CR4 pinned mask. Signed-off-by: Yian Chen Signed-off-by: Alexander Shishkin Reviewed-by: Tony Luck --- arch/x86/kernel/cpu/common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index f26c56fe9963..9ddc19c8832d 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -422,7 +422,7 @@ static __always_inline void setup_lass(struct cpuinfo_x= 86 *c) /* These bits should not change their value after CPU init is finished. */ static const unsigned long cr4_pinned_mask =3D X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP | - X86_CR4_FSGSBASE | X86_CR4_CET; + X86_CR4_FSGSBASE | X86_CR4_CET | X86_CR4_LASS; static DEFINE_STATIC_KEY_FALSE_RO(cr_pinning); static unsigned long cr4_pinned_bits __ro_after_init; =20 --=20 2.39.2 From nobody Sat Feb 7 22:21:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 558FCC7EE25 for ; Fri, 9 Jun 2023 18:39:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230016AbjFISis (ORCPT ); Fri, 9 Jun 2023 14:38:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50746 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231938AbjFIShz (ORCPT ); Fri, 9 Jun 2023 14:37:55 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A4E583AB2 for ; Fri, 9 Jun 2023 11:37:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686335851; x=1717871851; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=cSHO1BH7WnTgrrvVGbc7GV85jY3NXc9iqn2mc1vIguw=; b=RRK7GH/x94E81wUK/rhlA+HweDkoCEaS8Eo5/mTas+aKSqcnuat1YC8D fqXRGsWKyNdrRbMJec4yMpeib+rtWRlr3GgJ1VU944dZlqgyhZt1S0dPm Egn/XhyUp/B+zuiXlFeyzIYdVtgUx/kNWtPKb6pvFkf7FZlsxDOjFrKab 4Oe7B1MFQxuaF1L9m2MxQuj1jkbcmkl96lI7xUI5RK5o8+el2o0VY8fT5 hfh+1+3jWskUiJXm4UoTGOMub6e95SZDPdPfxcZH7p/cyirRPZ7isDZFs wL+Ph8BUIAPujjkqKJOwvFKSP/1IMmVEWUl0e/q5guTginc5TVVfX6MTs g==; X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022230" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="338022230" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2023 11:37:25 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710444135" X-IronPort-AV: E=Sophos;i="6.00,230,1681196400"; d="scan'208";a="710444135" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:37:22 -0700 From: Alexander Shishkin To: linux-kernel@vger.kernel.org, x86@kernel.org, Andy Lutomirski , Dave Hansen , Ravi Shankar , Tony Luck , Sohil Mehta Cc: Alexander Shishkin Subject: [RFC v3 12/12] x86/efi: Disable LASS enforcement when switching to EFI MM Date: Fri, 9 Jun 2023 21:36:32 +0300 Message-Id: <20230609183632.48706-13-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sohil Mehta [Code is experimental and not yet ready to be merged upstream] PeterZ suggested that EFI memory can be mapped in user virtual address space which would trigger LASS violation upon access. It isn't exactly clear how and when these user address mapping happen. It may be possible this is related to EFI mixed mode. Link:https://lore.kernel.org/lkml/Y73S56t%2FwDIGEPlK@hirez.programming.kick= s-ass.net/ stac()/clac() calls in the EFI MM enter and exit functions trigger objtool warnings due to switch_mm() not being classified as func_uaccess_safe. Refer Objtool warnings section #9 in the document tools/objtool/Documentation/objtool.txt. This would need to be resolved before even considering merging. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/platform/efi/efi_64.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c index 232acf418cfb..20966efcd87a 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -473,9 +473,14 @@ void __init efi_dump_pagetable(void) * while the EFI-mm is borrowed. mmgrab()/mmdrop() is not used because the= mm * can not change under us. * It should be ensured that there are no concurrent calls to this functio= n. + * + * Disable LASS enforcement temporarily when switching to EFI MM since it = could + * be mapped into the low 64-bit virtual address space with address bit 63= set + * to 0. */ void efi_enter_mm(void) { + stac(); efi_prev_mm =3D current->active_mm; current->active_mm =3D &efi_mm; switch_mm(efi_prev_mm, &efi_mm, NULL); @@ -485,6 +490,7 @@ void efi_leave_mm(void) { current->active_mm =3D efi_prev_mm; switch_mm(&efi_mm, efi_prev_mm, NULL); + clac(); } =20 static DEFINE_SPINLOCK(efi_runtime_lock); --=20 2.39.2