From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B11811D79A6; Mon, 28 Oct 2024 16:09:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131795; cv=none; b=cWqGMeR0pt3MgePLfIWNHBkYKhPgZGCSRoK+KqPYJWQ2iPsea8aytE3uqhWs6pJshrpZPuxmjLLqq1l4x6C6ifPrjbom8bUIpdvBRx17Z1IuYeBge826ApNVc/iIQQj/MBEISf1ISq/WA9sl9mviPHZxrs+Josmva7aQLP4Guu4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131795; c=relaxed/simple; bh=DJFdDCZ1et5pgoiYyHDIDK7LFey+8tqwn/U3GItdAHQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Sl1OJFMa/xCL5bqPLA6TZYn6gNfhZpFc8y50pwgZSRjjJwlgl4r+34DkKoKj2Of/l8LWNLHSStAvQuHNqyfeBtHJ7MqZ6Ix6IX8zrcEUamHRJxBRRjaC4yZeIg06sXdD9gygNMP+xSlqTmEchSKY0T/Ji8YH5Ax+zuXbt+siZ2k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=mqwyLXlU; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="mqwyLXlU" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131793; x=1761667793; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=DJFdDCZ1et5pgoiYyHDIDK7LFey+8tqwn/U3GItdAHQ=; b=mqwyLXlUSozHNir35gAWSnPcEPGv9XtiNnGJ0iFB1RwEAt2eCaWPFOIZ P97hPPHr4rqNYmLk9uxM+a9qQbeEAJRhQspw1XxKrfKWA4ZzBDu3VTgO/ 9x1jFbU9MoqgR64I2Pdt/ZAqNCmzQM0tKOX+kNBrFBbziG19KVlspTTCn Tte2Aoi9m5s3sI/RB10l/mYtFs0cO3SSj0E+SwknufVCJIds31ep8MzmY decE2UbVEv65Uqkc3YCwMi03VrASss1EIP+bN0UVvK0hQtghCekb6e/b3 VVGOz2rjQ0E+LOUQLdoB+wadxuYxBFR9jWAq7fQY1/f4CICkqXi/YuZUM A==; X-CSE-ConnectionGUID: reNY4KA+QNOZS9n/HPghZg== X-CSE-MsgGUID: muPfyLeMRCSt/0tXP7xfxg== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32593669" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32593669" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:09:51 -0700 X-CSE-ConnectionGUID: FupYVk16Sm2eGGI6c0F9Ug== X-CSE-MsgGUID: VeEpl7C4QnGBjM/yrO28YQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112477743" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:09:40 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, Yian Chen Subject: [PATCH v5 01/16] x86/cpu: Enumerate the LASS feature bits Date: Mon, 28 Oct 2024 18:07:49 +0200 Message-ID: <20241028160917.1380714-2-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Sohil Mehta Linear Address Space Separation (LASS) is a security feature that intends to prevent malicious virtual address space accesses across user/kernel mode. Such mode based access protection already exists today with paging and features such as SMEP and SMAP. However, to enforce these protections, the processor must traverse the paging structures in memory. Malicious software can use timing information resulting from this traversal to determine details about the paging structures, and these details may also be used to determine the layout of the kernel memory. The LASS mechanism provides the same mode-based protections as paging but without traversing the paging structures. Because the protections enforced by LASS are applied before paging, software will not be able to derive paging-based timing information from the various caching structures such as the TLBs, mid-level caches, page walker, data caches, etc. LASS enforcement relies on the typical kernel implementation to divide the 64-bit virtual address space into two halves: Addr[63]=3D0 -> User address space Addr[63]=3D1 -> Kernel address space Any data access or code execution across address spaces typically results in a #GP fault. The LASS enforcement for kernel data access is dependent on CR4.SMAP being set. The enforcement can be disabled by toggling the RFLAGS.AC bit similar to SMAP. Define the CPU feature bits to enumerate this feature and include feature dependencies to reflect the same. Co-developed-by: Yian Chen Signed-off-by: Yian Chen Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/disabled-features.h | 4 +++- arch/x86/include/asm/smap.h | 18 ++++++++++++++++++ arch/x86/include/uapi/asm/processor-flags.h | 2 ++ arch/x86/kernel/cpu/cpuid-deps.c | 1 + tools/arch/x86/include/asm/cpufeatures.h | 1 + 6 files changed, 26 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index ea33439a5d00..acb3ccea2bd7 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -319,6 +319,7 @@ /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* "avx_vnni" AVX VNNI instructio= ns */ #define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* "avx512_bf16" AVX512 BFLOAT= 16 instructions */ +#define X86_FEATURE_LASS (12*32+ 6) /* "lass" Linear Address Space Separa= tion */ #define X86_FEATURE_CMPCCXADD (12*32+ 7) /* CMPccXADD instructio= ns */ #define X86_FEATURE_ARCH_PERFMON_EXT (12*32+ 8) /* Intel Architectural Per= fMon Extension */ #define X86_FEATURE_FZRM (12*32+10) /* Fast zero-length REP MOVSB */ diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/as= m/disabled-features.h index c492bdc97b05..76c7d362af94 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -22,12 +22,14 @@ # define DISABLE_CYRIX_ARR (1<<(X86_FEATURE_CYRIX_ARR & 31)) # define DISABLE_CENTAUR_MCR (1<<(X86_FEATURE_CENTAUR_MCR & 31)) # define DISABLE_PCID 0 +# define DISABLE_LASS 0 #else # define DISABLE_VME 0 # define DISABLE_K6_MTRR 0 # define DISABLE_CYRIX_ARR 0 # define DISABLE_CENTAUR_MCR 0 # define DISABLE_PCID (1<<(X86_FEATURE_PCID & 31)) +# define DISABLE_LASS (1<<(X86_FEATURE_LASS & 31)) #endif /* CONFIG_X86_64 */ =20 #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS @@ -146,7 +148,7 @@ #define DISABLED_MASK11 (DISABLE_RETPOLINE|DISABLE_RETHUNK|DISABLE_UNRET| \ DISABLE_CALL_DEPTH_TRACKING|DISABLE_USER_SHSTK) #define DISABLED_MASK12 (DISABLE_FRED|DISABLE_LAM) -#define DISABLED_MASK13 0 +#define DISABLED_MASK13 (DISABLE_LASS) #define DISABLED_MASK14 0 #define DISABLED_MASK15 0 #define DISABLED_MASK16 (DISABLE_PKU|DISABLE_OSPKE|DISABLE_LA57|DISABLE_UM= IP| \ diff --git a/arch/x86/include/asm/smap.h b/arch/x86/include/asm/smap.h index bab490379c65..8cb6f004800b 100644 --- a/arch/x86/include/asm/smap.h +++ b/arch/x86/include/asm/smap.h @@ -27,6 +27,12 @@ =20 #else /* __ASSEMBLY__ */ =20 +/* + * The CLAC/STAC instructions toggle enforcement of X86_FEATURE_SMAP. + * Add dedicated lass_*() variants for cases that are necessitated by + * LASS (X86_FEATURE_LASS) enforcement, which helps readability and + * avoids AC flag flipping on CPUs that don't support LASS. + */ static __always_inline void clac(void) { /* Note: a barrier is implicit in alternative() */ @@ -39,6 +45,18 @@ static __always_inline void stac(void) alternative("", __ASM_STAC, X86_FEATURE_SMAP); } =20 +static __always_inline void lass_clac(void) +{ + /* Note: a barrier is implicit in alternative() */ + alternative("", __ASM_CLAC, X86_FEATURE_LASS); +} + +static __always_inline void lass_stac(void) +{ + /* Note: a barrier is implicit in alternative() */ + alternative("", __ASM_STAC, X86_FEATURE_LASS); +} + static __always_inline unsigned long smap_save(void) { unsigned long flags; diff --git a/arch/x86/include/uapi/asm/processor-flags.h b/arch/x86/include= /uapi/asm/processor-flags.h index f1a4adc78272..81d0c8bf1137 100644 --- a/arch/x86/include/uapi/asm/processor-flags.h +++ b/arch/x86/include/uapi/asm/processor-flags.h @@ -136,6 +136,8 @@ #define X86_CR4_PKE _BITUL(X86_CR4_PKE_BIT) #define X86_CR4_CET_BIT 23 /* enable Control-flow Enforcement Technology = */ #define X86_CR4_CET _BITUL(X86_CR4_CET_BIT) +#define X86_CR4_LASS_BIT 27 /* enable Linear Address Space Separation supp= ort */ +#define X86_CR4_LASS _BITUL(X86_CR4_LASS_BIT) #define X86_CR4_LAM_SUP_BIT 28 /* LAM for supervisor pointers */ #define X86_CR4_LAM_SUP _BITUL(X86_CR4_LAM_SUP_BIT) =20 diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-d= eps.c index 8bd84114c2d9..3f73c4b03348 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -83,6 +83,7 @@ static const struct cpuid_dep cpuid_deps[] =3D { { X86_FEATURE_AMX_TILE, X86_FEATURE_XFD }, { X86_FEATURE_SHSTK, X86_FEATURE_XSAVES }, { X86_FEATURE_FRED, X86_FEATURE_LKGS }, + { X86_FEATURE_LASS, X86_FEATURE_SMAP }, {} }; =20 diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/incl= ude/asm/cpufeatures.h index 23698d0f4bb4..538930159f9f 100644 --- a/tools/arch/x86/include/asm/cpufeatures.h +++ b/tools/arch/x86/include/asm/cpufeatures.h @@ -319,6 +319,7 @@ /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* "avx_vnni" AVX VNNI instructio= ns */ #define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* "avx512_bf16" AVX512 BFLOAT= 16 instructions */ +#define X86_FEATURE_LASS (12*32+ 6) /* "lass" Linear Address Space Separa= tion */ #define X86_FEATURE_CMPCCXADD (12*32+ 7) /* CMPccXADD instructio= ns */ #define X86_FEATURE_ARCH_PERFMON_EXT (12*32+ 8) /* Intel Architectural Per= fMon Extension */ #define X86_FEATURE_FZRM (12*32+10) /* Fast zero-length REP MOVSB */ --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EFA4F1DE8B4; Mon, 28 Oct 2024 16:10:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131805; cv=none; b=CvddahfIfxqks4BaqKDWkmW88PS3M+VG1soRuOB5U5zD+PpC1Oz3BxXzcNioUTv0fDJJQyChke2/GlYrRqGHWJjJt5YjMmLPaIPGJKh+l6/CwamS6qMD4HxYVP1U81hZdGq3oGwZSTnF48jP1pPrLZyHOPjrRD9HBpOHsnHjKy4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131805; c=relaxed/simple; bh=T4m18ALGG4J3cKrkik1Jy+xt03Z4Z7JTblDpkh0f7Tc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Bh76WWPp7ydZ5Lhk3nG6ZKkTfwvaYO9mVVGwoqgLei9Bh+eCmZxvEbF0aH+CRbZj9rpkQi1WKC39RHrSn7J5OKBqMYCLTunTUVGp/v+fD/cKmIsrH1syZpIRDwnQoHwqrYlUc4eJta2TsLDLLbDggBkmM068oeebMewrCtjPULA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=GlUOs2ad; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="GlUOs2ad" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131804; x=1761667804; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=T4m18ALGG4J3cKrkik1Jy+xt03Z4Z7JTblDpkh0f7Tc=; b=GlUOs2adEpUcwedvFLp81s8lTJ8leZ446gD/C9ttgJ5YkvC9cj2D0hns 94mVFPJcYljzvo7tCetvVqZsBAmxHluANnwFz8rt+hDA9EHjY8Nomcr2L ehEm280W5/2L1oa93C0lCh1PdnJ5XrmrUV2PvksW56CDse063HEXO31sn J1shv9JKwBG6dvWWjxMcdFhrSjGFaCn1WluTgeI/OKdtoC66iXN7+eeBY 8BcTnxWxFv356qE3DzOVYIKAD9cvauhgo8n2UjS01t3/wSJOWFPckbsih YxBDe1eNDiyf3LI1bJLa4SqjnZqHiRvkjVs12MIR0MPp8EQT2vWHN8At0 w==; X-CSE-ConnectionGUID: 6XHherLARpyAjodgf7JtZw== X-CSE-MsgGUID: iUiM124DQwCz1Ap+xiizmQ== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32593735" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32593735" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:10:03 -0700 X-CSE-ConnectionGUID: If/wbgxpTReBBIBuv3Bdiw== X-CSE-MsgGUID: hWjtEhF4S7yhzDm8sAg4QQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112477831" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:09:51 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v5 02/16] x86/asm: Introduce inline memcpy and memset Date: Mon, 28 Oct 2024 18:07:50 +0200 Message-ID: <20241028160917.1380714-3-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Peter Zijlstra Provide inline memcpy and memset functions that can be used instead of the GCC builtins whenever necessary. Originally-by: Peter Zijlstra Link: https://lore.kernel.org/lkml/Y759AJ%2F0N9fqwDED@hirez.programming.kic= ks-ass.net/ Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/include/asm/string.h | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/arch/x86/include/asm/string.h b/arch/x86/include/asm/string.h index c3c2c1914d65..9cb5aae7fba9 100644 --- a/arch/x86/include/asm/string.h +++ b/arch/x86/include/asm/string.h @@ -1,6 +1,32 @@ /* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_X86_STRING_H +#define _ASM_X86_STRING_H + #ifdef CONFIG_X86_32 # include #else # include #endif + +static __always_inline void *__inline_memcpy(void *to, const void *from, s= ize_t len) +{ + void *ret =3D to; + + asm volatile("rep movsb" + : "+D" (to), "+S" (from), "+c" (len) + : : "memory"); + return ret; +} + +static __always_inline void *__inline_memset(void *s, int v, size_t n) +{ + void *ret =3D s; + + asm volatile("rep stosb" + : "+D" (s), "+c" (n) + : "a" ((uint8_t)v) + : "memory"); + return ret; +} + +#endif /* _ASM_X86_STRING_H */ --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D4BCC1DE2DC; Mon, 28 Oct 2024 16:10:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131816; cv=none; b=H5MYVfiEDe4u3l32s++yxh04ChW1wX5EAx6TvTgv42PpOiL3qvYKcySGXgCJQtRQJwvXRDycXTFLkGQpCJtJpzreYqWzHbpNqt97lN03PQXbJ9X3AAN/LV6c0Uq7w4ORjOYQ/eu5QdQOMbyn5YS/2YcduUa1N84I1SwO32P1xs0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131816; c=relaxed/simple; bh=tpZwbxuOtwKafq/ZWaEeClRFkKfw3zvYc+VQ2J4o/A4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZLHKCtIxuH4SCgb2v6sk2MfH8ppSlgD+lULfC4XYKA4bPp8qnTp3unYah81pxhou8ynhmoIpeYcTl2r6djoNqbT2w8nOItwP9226uY6KYAQnqlzIEcMhdNV7mQUBmbftBur6MvT11IzpQ8JipWmzT3uTYZT3vXJlePHd//o/6T4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=FxkXF/7L; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="FxkXF/7L" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131815; x=1761667815; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=tpZwbxuOtwKafq/ZWaEeClRFkKfw3zvYc+VQ2J4o/A4=; b=FxkXF/7LJNbVVFCLISRl8LFTejH9b8kadZ8CSBiTImrdED5t9WXgs6Cs AhBHFFvS3sf8Z62BBQ/VBfVp4t/3vFVNY1WfGVWXnpI1xQhJeLB+dUuMU Pzj0+sKHWigUOPLjuOIw+/DRdr4iuB1k1itSBsb9DV6OfW0Kxk2tFR4ck DD4rJi3EDoNfDVvvIQcwT7/6HNjj38AqlfcYnj6ZTWj4OpIZy0/igRc1N eiOVJ3O1rl6PN/msMD5ZV+UIT510vMbLsW+///ekm5qpMl22v76NM6oKY e+WICvH4SGjQ+xf/1PaqO905sIRPbWgQHAR2xeWWu1xKmjB0Gj7KXnvnd A==; X-CSE-ConnectionGUID: Jyj7dEKcRnu+RPe55TL+1A== X-CSE-MsgGUID: Lg1y3D3oQXql4y29tjyMXw== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32593778" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32593778" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:10:14 -0700 X-CSE-ConnectionGUID: b+9lEyH3TAafKzlKi/QHOQ== X-CSE-MsgGUID: 67Ww5h8MSAG9oupM/LPE2Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112477913" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:10:03 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v5 03/16] x86/alternatives: Disable LASS when patching kernel alternatives Date: Mon, 28 Oct 2024 18:07:51 +0200 Message-ID: <20241028160917.1380714-4-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Sohil Mehta For patching, the kernel initializes a temporary mm area in the lower half of the address range. See commit 4fc19708b165 ("x86/alternatives: Initialize temporary mm for patching"). Disable LASS enforcement during patching using the stac()/clac() instructions to avoid triggering a #GP fault. The objtool warns due to a call to a non-allowed function that exists outside of the stac/clac guard, or references to any function with a dynamic function pointer inside the guard. See the Objtool warnings section #9 in the document tools/objtool/Documentation/objtool.txt. Considering that patching is usually small, replace the memcpy and memset functions in the text poking functions with their inline versions respectively. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/kernel/alternative.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index d17518ca19b8..2dc097014c2d 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -1841,16 +1841,24 @@ static inline void unuse_temporary_mm(temp_mm_state= _t prev_state) __ro_after_init struct mm_struct *poking_mm; __ro_after_init unsigned long poking_addr; =20 +/* + * poking_init() initializes the text poking address from the lower half o= f the + * address space. Relax LASS enforcement when accessing the poking address. + */ static void text_poke_memcpy(void *dst, const void *src, size_t len) { - memcpy(dst, src, len); + lass_stac(); + __inline_memcpy(dst, src, len); + lass_clac(); } =20 static void text_poke_memset(void *dst, const void *src, size_t len) { int c =3D *(const int *)src; =20 - memset(dst, c, len); + lass_stac(); + __inline_memset(dst, c, len); + lass_clac(); } =20 typedef void text_poke_f(void *dst, const void *src, size_t len); --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5047A1DED6D; Mon, 28 Oct 2024 16:10:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131828; cv=none; b=uiasrgQWd9YDZM22dAPu9uFDUYwYWoYMJPxKEXG+INchxM9/H/Jiynlqns3UXn7fmQof/U6fO0yigS6l9RnpZnVbz7Q+OHu1KtU6nIrNvL+EtODfVhaFGWtolH2JVd7nHrcEzLiJe5CfRlokrXi/IU6zgxLfp2JbSlnthVhHOgE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131828; c=relaxed/simple; bh=NS1oZqVmDFSqOd7suxOZQbWGb+FfwQyfnc6oWKU6zlU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Czj33TWc9ndPKQJeRUSzgEVDDqr9Hv1QdSGwebY+DdkNjx3pSAy508WRsTNu5xZgSJng4gTtDuMl4ltQU5CgTtMf6zMcfvDLY12ygTYkQXR46X7nsmJeX8lul8iUc9Ke1zmmslIObRzYuroO/DIDVe8PGWTS7k8WkZ2hWDQZhOc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=cuCmtkvi; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="cuCmtkvi" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131827; x=1761667827; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=NS1oZqVmDFSqOd7suxOZQbWGb+FfwQyfnc6oWKU6zlU=; b=cuCmtkvitEPJgPO4vzlQJf1PrEpsDapQioAcAy6TdS87N4oT2++vEPQ/ 818R8HtePCPTcHEEbjbfbN+fwt6JKLkiah8sc5Tc0U5SdFM15R0c20Rze 0H2H+nmkE8/lLycnE+0cvOSGY9giqbSQ0C4OydAf0n1jSah+7Rk/hJS7n t4iW2Femz8cEpJ8JOn0ibi5dBluH6AZYWH81HwUVMCVrMgLwX1o1T7DtM ZNKqLcuzXzqnMNscf6OWP/UugqjSCpfGcZHDtYGj3vkBkcK7aIxWQ8SX6 EXwND0Ks+BYfsyUL3sCwULL/x7/3/UxTOSmLsCIASlwcHvwBzKOunHM6c Q==; X-CSE-ConnectionGUID: RG/G9f/xRNmwGYrlC7f6Sg== X-CSE-MsgGUID: Ja4spV/ATwiJ7B2XvoIN1g== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32593829" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32593829" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:10:26 -0700 X-CSE-ConnectionGUID: k0VhDcnvRoK3Cl8XAKKg0w== X-CSE-MsgGUID: dV8sUVfnRK6J46aXc35MXQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112478007" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:10:14 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v5 04/16] init/main.c: Move EFI runtime service initialization to x86/cpu Date: Mon, 28 Oct 2024 18:07:52 +0200 Message-ID: <20241028160917.1380714-5-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The EFI call in start_kernel() is guarded by #ifdef CONFIG_X86. Move the thing to the arch_cpu_finalize_init() path on x86 and get rid of the #ifdef in start_kernel(). No functional change intended. Signed-off-by: Alexander Shishkin Suggested-by: Kirill A. Shutemov Acked-by: Ard Biesheuvel Reviewed-by: Sohil Mehta --- arch/x86/kernel/cpu/common.c | 7 +++++++ init/main.c | 5 ----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 8f41ab219cf1..b24ad418536e 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -26,6 +26,7 @@ #include #include #include +#include =20 #include #include @@ -2382,6 +2383,12 @@ void __init arch_cpu_finalize_init(void) fpu__init_system(); fpu__init_cpu(); =20 + /* + * This needs to follow the FPU initializtion, since EFI depends on it. + */ + if (efi_enabled(EFI_RUNTIME_SERVICES)) + efi_enter_virtual_mode(); + /* * Ensure that access to the per CPU representation has the initial * boot CPU configuration. diff --git a/init/main.c b/init/main.c index c4778edae797..1d3a0a82d136 100644 --- a/init/main.c +++ b/init/main.c @@ -51,7 +51,6 @@ #include #include #include -#include #include #include #include @@ -1072,10 +1071,6 @@ void start_kernel(void) =20 pid_idr_init(); anon_vma_init(); -#ifdef CONFIG_X86 - if (efi_enabled(EFI_RUNTIME_SERVICES)) - efi_enter_virtual_mode(); -#endif thread_stack_cache_init(); cred_init(); fork_init(); --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE9821DE88D; Mon, 28 Oct 2024 16:10:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131839; cv=none; b=nfKPpusFzsK6Y5A49qmOChRk8SBIgJ08+sMQgGl4gCv9SvWWQE+hT3QH7W640e9Vf7AKoMW/z/8pUEMPark0I2HFHGoSuEuI4M5KSZFxXrQsyMAHq3goTpsUS/3tzBrNc2ATKamqP+VSQVVjhLUSNDSHk9wEjt/Z8HtVAvYbtEA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131839; c=relaxed/simple; bh=dIp/wj6YZYefOa08wFUaFvuDpIEOByeQWZvphyXBK5g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=i/YAEoQ4toUaFIliOsPGwefiMRXOV8de7iGtt1tI9hegSjIwBtNR/zLw7QiYlUCDqSQ40EQ1VYMjg5u5WaMUFeg+8VLdnuW2Rrff7k8VgwrneiMX4d4URCBEunrFReKSP90HmHZNCpElnEFjhTZyId8AQLM+HHzM/X+/dGlm5ms= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=oHYEM2kJ; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="oHYEM2kJ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131838; x=1761667838; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=dIp/wj6YZYefOa08wFUaFvuDpIEOByeQWZvphyXBK5g=; b=oHYEM2kJVfcgqMcWfaqTf4zE8s5U0AdJpon+POkj06qDycvTQvaitGKG H/ZVVp6qbN1MUBOJ++E3KCVpGAOW4HAdOdRX9z3MVmlyT4FhSa+bPnEKN igDXBXdbQVluLtC6eYQCQuiOR+lwE1DEipp4IGhv6gXmBlhNyveVTXdoO iB7bbpqPeNwoFpyIhtuBpzMneon6Ln1u5P8r2IDk+EiMPre/T4G4YzMWu QEbp63UAcMuo7q2SBewMRHZDrf7fTcg6WzmcUyey2Ekch/VsohABlCKVh cX+7ashc/WD+Q7gCi32Pf7iiya6wMA9f7HabEjMWiPiILCUtbmm7c9ohd g==; X-CSE-ConnectionGUID: /yvpvkIXRfaHE42J2hdljQ== X-CSE-MsgGUID: z8uYN9N4R5+Tyx+jegcO6g== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32593868" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32593868" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:10:37 -0700 X-CSE-ConnectionGUID: HVJrAmVbSk+8Rwa408FxTg== X-CSE-MsgGUID: Bnbh2LWZTASaTBk7pQCRPQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112478049" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:10:26 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v5 05/16] x86/cpu: Defer CR pinning setup until after EFI initialization Date: Mon, 28 Oct 2024 18:07:53 +0200 Message-ID: <20241028160917.1380714-6-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In order to map the EFI runtime services, set_virtual_address_map needs to be called, which resides in the lower half of the address space. This means that LASS needs to be temporarily disabled around this call. This can only be done before the CR pinning is set up. Move CR pinning setup behind the EFI initialization. Signed-off-by: Alexander Shishkin Suggested-by: Kirill A. Shutemov --- arch/x86/kernel/cpu/common.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index b24ad418536e..c249fd0aa3fb 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1953,7 +1953,6 @@ static __init void identify_boot_cpu(void) enable_sep_cpu(); #endif cpu_detect_tlb(&boot_cpu_data); - setup_cr_pinning(); =20 tsx_init(); tdx_init(); @@ -2385,10 +2384,16 @@ void __init arch_cpu_finalize_init(void) =20 /* * This needs to follow the FPU initializtion, since EFI depends on it. + * It also needs to precede the CR pinning setup, because we need to be + * able to temporarily clear the CR4.LASS bit in order to execute the + * set_virtual_address_map call, which resides in lower addresses and + * would trip LASS if enabled. */ if (efi_enabled(EFI_RUNTIME_SERVICES)) efi_enter_virtual_mode(); =20 + setup_cr_pinning(); + /* * Ensure that access to the per CPU representation has the initial * boot CPU configuration. --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 556521DED67; Mon, 28 Oct 2024 16:10:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131851; cv=none; b=DefSn8Xr6TanBb5SqJ5PB3QFyxL9dG1rPGW5ECpqxoSPCHWoSnb+EdzDiAIXxc3MEQFHfrB9dcOWJ3RcdjvBFWGujaZw2EcwZR1v5pPhRD3kMGHaVGZN2o313N5hsM2aTjmllVOj3mm7aFw2ZERm4FtY0D35gpVBQncxXrHsHIY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131851; c=relaxed/simple; bh=Y9PMFm8PdEy5dKAPuPEC0T6fFR338eDHBLUlCswd6VM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oOrURkxRVGkp0YJceb6U73xqEwBsajFu5bvsUKP37wRt3GvTCVfxvVstaoUtlG8jsRj4zG7MSnUdU6/uaNHftkCP9Gn65+LXJT+e5EKLsDT2jIvB9h253H54cdQVF6fj5bFrBYL6V8lQqbv7IR6Mbvpz7CxVAYXG+5J/3Tbgx3U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=C6DdHih1; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="C6DdHih1" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131850; x=1761667850; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Y9PMFm8PdEy5dKAPuPEC0T6fFR338eDHBLUlCswd6VM=; b=C6DdHih14tIan2iOR4pN1UfUvIjj05Z+Fb4qCCcZTyfH35PhAI1qZX2M 7Ini9u+crc97Vzk8VWOipuuwfLH1h4FaIpGUD2FsN/rnf1uSe18wV16kZ SNI8+LY/q29TeOCvY/QMZoPTxdKEui4z3oeA0E5WIh41rOZfV9k11jTDN B03bkP1l88V7kwL7vn6IaNvfLwWsQU8ACkBDcO2Ggd9C7hzkH0quf24nL /lPHW20Nw65448xzF+BoVt7HL4c3zPjDsE6CzcnCN8diKEjyBQ95y/aTn UnZktDkXsCGXIjcqSuf0uCPWNptlfKfz7O+IMAsG3ZKDpJesxcRPAPCHe Q==; X-CSE-ConnectionGUID: L/8nnXJNS3urQy+It2h0dw== X-CSE-MsgGUID: qcoHaKn0S8yXledLCdkeWw== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32593922" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32593922" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:10:48 -0700 X-CSE-ConnectionGUID: ZLYI7IxeSXmu3myrLA8PIg== X-CSE-MsgGUID: 3PQ4HvZuRFePA+6bph51Jg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112478112" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:10:37 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v5 06/16] efi: Disable LASS around set_virtual_address_map call Date: Mon, 28 Oct 2024 18:07:54 +0200 Message-ID: <20241028160917.1380714-7-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Of all the EFI runtime services, set_virtual_address_map is the only one that is called at its lower mapping, which LASS prohibits regardless of EFLAGS.AC setting. The only way to allow this to happen is to disable LASS in the CR4 register. Disable LASS around this low address EFI call. Signed-off-by: Alexander Shishkin --- arch/x86/platform/efi/efi.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c index 88a96816de9a..4a7033f6de1f 100644 --- a/arch/x86/platform/efi/efi.c +++ b/arch/x86/platform/efi/efi.c @@ -846,11 +846,24 @@ static void __init __efi_enter_virtual_mode(void) =20 efi_sync_low_kernel_mappings(); =20 + /* + * set_virtual_address_map is the only service located at lower + * addresses, so we have to temporarily disable LASS around it. + * Note that clearing EFLAGS.AC is not enough for this, the whole + * LASS needs to be disabled. + */ + if (cpu_feature_enabled(X86_FEATURE_LASS)) + cr4_clear_bits(X86_CR4_LASS); + status =3D efi_set_virtual_address_map(efi.memmap.desc_size * count, efi.memmap.desc_size, efi.memmap.desc_version, (efi_memory_desc_t *)pa, efi_systab_phys); + + if (cpu_feature_enabled(X86_FEATURE_LASS)) + cr4_set_bits(X86_CR4_LASS); + if (status !=3D EFI_SUCCESS) { pr_err("Unable to switch EFI into virtual mode (status=3D%lx)!\n", status); --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC8461DE896; Mon, 28 Oct 2024 16:11:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131870; cv=none; b=HDD2IFSDan9VRotqZmSMc641hTMB94H1FGC0Sf/NBZWs2sGncTWNtgpn7wGU25IgHa1W579WdJvHA4AxQn6ytwNwKgNB2FAmoJYBCiFuB+kXnE3eLfFlUHLY9UvimQuZn0lpY0SQXoSHHVDg34vLqHA0kTLuZ/3X/cEXyqJfX58= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131870; c=relaxed/simple; bh=vMZ2PXwv3yr3F7Qopdh6FeZmIokinGHzoFAAJ/FYb+Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Q2K6OSCe3cFqXElYDi3waDFJ4iPoz6VHt9wUq4z2CnRWd/0Y92j3U99xj5+9U1K3h3Mi8G/IBBULzgK/EHBQgq96qTvNcqnJ6Vvs/JNYq4PCbnEpcrEHvu9TCkWlQE2GskdppOZB3VVBnc5Vqxl6k5wchN0N958CrsT+J7o8794= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=C1rgeEDw; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="C1rgeEDw" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131869; x=1761667869; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=vMZ2PXwv3yr3F7Qopdh6FeZmIokinGHzoFAAJ/FYb+Y=; b=C1rgeEDwoG5U1PmE5UZnk385lLi447xpgOwJ+sw4rrPovJO21O/G4+P5 1JbGLbj6nCWMOeURe1k/9OQR9HPaQcjiiTXv1OTxThFhzThD9C9Mh25aL R210QQAQw/egXCeUcq7llxsBGR2JhA2JXHFVLxAdH+hXgYr/j00ijt0b6 QTLaRCG8p9k48KIP5kWLV340FGYHan1MlV20OMNbP5RtTXLuI5VixkR6Y WpsQa2OQhuNevHpjgUojqXzfPz5yHERRSa9aCMSYHM0Pnu6Nc07ds0c5m rOXdFuLWkPGSOR7sYOv0hk1oomd7qMqi4Kz7KJE1Fn880axil5zMQvpJA Q==; X-CSE-ConnectionGUID: 74Zb6SMvTJm2Ur5fVZTLSw== X-CSE-MsgGUID: aQLsLMtlTdKoudGTB00zLw== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32593967" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32593967" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:11:01 -0700 X-CSE-ConnectionGUID: qvBwCQAeQoC4UPA5PEmPfQ== X-CSE-MsgGUID: OCNmduO6SLabtfp+/O+97Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112478154" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:10:49 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v5 07/16] x86/vsyscall: Reorganize the #PF emulation code Date: Mon, 28 Oct 2024 18:07:55 +0200 Message-ID: <20241028160917.1380714-8-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Sohil Mehta Separate out the actual vsyscall emulation from the page fault specific handling in preparation for the upcoming #GP fault emulation. No functional change intended. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/entry/vsyscall/vsyscall_64.c | 42 +++++++++++++++------------ arch/x86/include/asm/vsyscall.h | 8 ++--- arch/x86/mm/fault.c | 2 +- 3 files changed, 29 insertions(+), 23 deletions(-) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscal= l/vsyscall_64.c index 2fb7d53cf333..e89d7d83a594 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -112,30 +112,13 @@ static bool write_ok_or_segv(unsigned long ptr, size_= t size) } } =20 -bool emulate_vsyscall(unsigned long error_code, - struct pt_regs *regs, unsigned long address) +static bool __emulate_vsyscall(struct pt_regs *regs, unsigned long address) { unsigned long caller; int vsyscall_nr, syscall_nr, tmp; long ret; unsigned long orig_dx; =20 - /* Write faults or kernel-privilege faults never get fixed up. */ - if ((error_code & (X86_PF_WRITE | X86_PF_USER)) !=3D X86_PF_USER) - return false; - - if (!(error_code & X86_PF_INSTR)) { - /* Failed vsyscall read */ - if (vsyscall_mode =3D=3D EMULATE) - return false; - - /* - * User code tried and failed to read the vsyscall page. - */ - warn_bad_vsyscall(KERN_INFO, regs, "vsyscall read attempt denied -- look= up the vsyscall kernel parameter if you need a workaround"); - return false; - } - /* * No point in checking CS -- the only way to get here is a user mode * trap to a high address, which means that we're in 64-bit user code. @@ -270,6 +253,29 @@ bool emulate_vsyscall(unsigned long error_code, return true; } =20 +bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs, + unsigned long address) +{ + /* Write faults or kernel-privilege faults never get fixed up. */ + if ((error_code & (X86_PF_WRITE | X86_PF_USER)) !=3D X86_PF_USER) + return false; + + if (!(error_code & X86_PF_INSTR)) { + /* Failed vsyscall read */ + if (vsyscall_mode =3D=3D EMULATE) + return false; + + /* + * User code tried and failed to read the vsyscall page. + */ + warn_bad_vsyscall(KERN_INFO, regs, + "vsyscall read attempt denied -- look up the vsyscall kernel paramet= er if you need a workaround"); + return false; + } + + return __emulate_vsyscall(regs, address); +} + /* * A pseudo VMA to allow ptrace access for the vsyscall page. This only * covers the 64bit vsyscall page now. 32bit has a real VMA now and does diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscal= l.h index 472f0263dbc6..214977f4fa11 100644 --- a/arch/x86/include/asm/vsyscall.h +++ b/arch/x86/include/asm/vsyscall.h @@ -14,12 +14,12 @@ extern void set_vsyscall_pgtable_user_bits(pgd_t *root); * Called on instruction fetch fault in vsyscall page. * Returns true if handled. */ -extern bool emulate_vsyscall(unsigned long error_code, - struct pt_regs *regs, unsigned long address); +extern bool emulate_vsyscall_pf(unsigned long error_code, + struct pt_regs *regs, unsigned long address); #else static inline void map_vsyscall(void) {} -static inline bool emulate_vsyscall(unsigned long error_code, - struct pt_regs *regs, unsigned long address) +static inline bool emulate_vsyscall_pf(unsigned long error_code, + struct pt_regs *regs, unsigned long address) { return false; } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index e6c469b323cc..44e2d1ef4128 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -1318,7 +1318,7 @@ void do_user_addr_fault(struct pt_regs *regs, * to consider the PF_PK bit. */ if (is_vsyscall_vaddr(address)) { - if (emulate_vsyscall(error_code, regs, address)) + if (emulate_vsyscall_pf(error_code, regs, address)) return; } #endif --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5369E1DED79; Mon, 28 Oct 2024 16:11:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131873; cv=none; b=AciDn1kNTCx8FPtiRd1rI/fzxlzdIu/5a9fRTCKphEm/mlkabh4NxiseHQAdvJVBsc7v2UW2vBBud25H5sITOb4uxucYf14RlIMXsotluprUd6EBX2oxeu8stZU13gOeQgom6NnQt0WFWM/Af6Oh1eFFgBVtVGpRZ8sWhuXiMXU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131873; c=relaxed/simple; bh=/e9CEUnpJeeIZTRwKdpP8Oe+65UK9FKHB4gY3LCDsGY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cnJUIE4RvEPhm46IxmlFZmFgBl7dssPAyHaqk/z/AcLj2EXKzHIcjH7IblsKdQ7j07K3DWmb+G7R8yTco6J56w2u6tGD52b0NV76/EMNEqoxa7Io0Ck0npDwY8ix6JABqZQrmISxgF2xPd21M7AsC2+lQM26eF494pnnucnV3kg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=ZBE37yV3; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="ZBE37yV3" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131872; x=1761667872; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=/e9CEUnpJeeIZTRwKdpP8Oe+65UK9FKHB4gY3LCDsGY=; b=ZBE37yV3+AVJuo5BCHOe+KlAsNUkXLqIdyJDjYQ/WqqLEm4bG+z3hR4i BijGs6i4vIcv2aHHfx1LZm7KT6u/gKwcoh6ym+GRNT4jx6tyhpOLicimh m2kATtyG/LIOkYLerEci8i2Bz80kmA2s4UiF7K37/7qOgw+RL5S3JmiIh XjlG0YLNqjSKp4FcKV+FfBm5YTv6hetiVjQGZXnfk6tysh/LM2Q5io+m4 wKq3ZuFoU57KZSpzyQQHEBKKDnmy630Ie1uxOEoJ+eudUbdfbXZ66Asli qUIVay0WY4W9dO3iOJ3bY+7ORPLyBu8CaakQ6xhAUiejBq1SdvGFguRpz Q==; X-CSE-ConnectionGUID: X+RkWZMDSIirCBJ3iROTBA== X-CSE-MsgGUID: oIwtpLb5RaCZB0048p5Njg== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32594005" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32594005" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:11:11 -0700 X-CSE-ConnectionGUID: FiJ+Ex3eQta2n1/ohVCARw== X-CSE-MsgGUID: RZAkx7/JSuuBXDDAQ+E7aw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112478270" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:11:00 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, Dave Hansen Subject: [PATCH v5 08/16] x86/traps: Consolidate user fixups in exc_general_protection() Date: Mon, 28 Oct 2024 18:07:56 +0200 Message-ID: <20241028160917.1380714-9-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Sohil Mehta Move the UMIP exception fixup along with the other user mode fixups, that is, under the common "if (user_mode(regs))" condition where the rest of the fixups reside. No functional change intended. Suggested-by: Dave Hansen Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/kernel/traps.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index d05392db5d0f..b26a7aba0b2d 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -701,11 +701,6 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) =20 cond_local_irq_enable(regs); =20 - if (static_cpu_has(X86_FEATURE_UMIP)) { - if (user_mode(regs) && fixup_umip_exception(regs)) - goto exit; - } - if (v8086_mode(regs)) { local_irq_enable(); handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code); @@ -720,6 +715,9 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) if (fixup_vdso_exception(regs, X86_TRAP_GP, error_code, 0)) goto exit; =20 + if (cpu_feature_enabled(X86_FEATURE_UMIP) && fixup_umip_exception(regs)) + goto exit; + gp_user_force_sig_segv(regs, X86_TRAP_GP, error_code, desc); goto exit; } --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2AF811DE88D; Mon, 28 Oct 2024 16:11:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131889; cv=none; b=C8DGbYfu7wPwOYdV4tVkXK1XbYTKpG08+RlFIms/eTxoD2B7rFKzrOa9UjqB2RkB5HTjG7zPmXqKF1ck5cPqeKNYdL3ERYM+qoX/lXkkSz8I1S/UJiUeeSs2jnOuzsrFhOAbNhePio34OX3+HQ9f+WXff12NEO3x5cmw8ufGLMg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131889; c=relaxed/simple; bh=w5K9tnpNfIhxgsl1DakKCktAt8CuiOfXH+/Ug2G4GBE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ThyrwLobFql88IC2qJpfZb2ntGUOW1kgtvkrnveceoPzE0bAOfc3ltb/cIWc+UajFyApcWAtl9rbPs0cgqAUNC3W0rFo9HjkD0CxRzzJho7L5bf52ZOkXvqC3I/twWBo0G1R0m8KYAGmSrDbooP4N86kGQbkG0PH2mqJ13OwWQQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=eb5NCnKc; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="eb5NCnKc" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131887; x=1761667887; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=w5K9tnpNfIhxgsl1DakKCktAt8CuiOfXH+/Ug2G4GBE=; b=eb5NCnKcBvK5sLaK+Ic56zuUYNGNWTrSKYcBd/rf7fWBzShUSmh08MPB GuBxGddK/xeRjtVNXD28xeIgewo0d6rOsvoLomLj5yMrhbas/1hlNd8tb Uh7M7qc5QbhrmBECL+LuMJv6DJ1rTNNhIfPpH9qHz8iDhXIFJc72PCV8y a6UU83WzCJYNczpY/muN35kJV4SlJ81LGgKw2C6XSQP13DvK4Dar9cn0y tMQ2hdT9a5QWzu38OH4i94ll3VNiIXwW564xYSI0gp3bBvvMa0hB6/0U9 P9EySexf3UjKEOGouHU6Fq9E+r0EbgFevPICNz1E4qE0lzhrEOUblbccU g==; X-CSE-ConnectionGUID: w9wTuQK6QUmpSj/lMjlV5Q== X-CSE-MsgGUID: P4Ccx401Q0Gi3YoFf+tVvw== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32594047" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32594047" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:11:22 -0700 X-CSE-ConnectionGUID: bR97gmOgTE2zftVUzhTEAQ== X-CSE-MsgGUID: 39OZsU0zS+e2W7HZOyQY+A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112478352" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:11:11 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v5 09/16] x86/vsyscall: Add vsyscall emulation for #GP Date: Mon, 28 Oct 2024 18:07:57 +0200 Message-ID: <20241028160917.1380714-10-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Sohil Mehta The legacy vsyscall page is mapped at a fixed address in the kernel address range 0xffffffffff600000-0xffffffffff601000. Prior to LASS being introduced, a legacy vsyscall page access from userspace would always generate a page fault. The kernel emulates the execute (XONLY) accesses in the page fault handler and returns back to userspace with the appropriate register values. Since LASS intercepts these accesses before the paging structures are traversed it generates a general protection fault instead of a page fault. The #GP fault doesn't provide much information in terms of the error code. So, use the faulting RIP which is preserved in the user registers to emulate the vsyscall access without going through complex instruction decoding. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/entry/vsyscall/vsyscall_64.c | 11 ++++++++++- arch/x86/include/asm/vsyscall.h | 6 ++++++ arch/x86/kernel/traps.c | 4 ++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscal= l/vsyscall_64.c index e89d7d83a594..97608883b4b4 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -23,7 +23,7 @@ * soon be no new userspace code that will ever use a vsyscall. * * The code in this file emulates vsyscalls when notified of a page - * fault to a vsyscall address. + * fault or a general protection fault to a vsyscall address. */ =20 #include @@ -276,6 +276,15 @@ bool emulate_vsyscall_pf(unsigned long error_code, str= uct pt_regs *regs, return __emulate_vsyscall(regs, address); } =20 +bool emulate_vsyscall_gp(struct pt_regs *regs) +{ + /* Emulate only if the RIP points to the vsyscall address */ + if (!is_vsyscall_vaddr(regs->ip)) + return false; + + return __emulate_vsyscall(regs, regs->ip); +} + /* * A pseudo VMA to allow ptrace access for the vsyscall page. This only * covers the 64bit vsyscall page now. 32bit has a real VMA now and does diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscal= l.h index 214977f4fa11..4eb8d3673223 100644 --- a/arch/x86/include/asm/vsyscall.h +++ b/arch/x86/include/asm/vsyscall.h @@ -16,6 +16,7 @@ extern void set_vsyscall_pgtable_user_bits(pgd_t *root); */ extern bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs, unsigned long address); +extern bool emulate_vsyscall_gp(struct pt_regs *regs); #else static inline void map_vsyscall(void) {} static inline bool emulate_vsyscall_pf(unsigned long error_code, @@ -23,6 +24,11 @@ static inline bool emulate_vsyscall_pf(unsigned long err= or_code, { return false; } + +static inline bool emulate_vsyscall_gp(struct pt_regs *regs) +{ + return false; +} #endif =20 /* diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index b26a7aba0b2d..bae635cc6971 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -68,6 +68,7 @@ #include #include #include +#include =20 #ifdef CONFIG_X86_64 #include @@ -718,6 +719,9 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) if (cpu_feature_enabled(X86_FEATURE_UMIP) && fixup_umip_exception(regs)) goto exit; =20 + if (cpu_feature_enabled(X86_FEATURE_LASS) && emulate_vsyscall_gp(regs)) + goto exit; + gp_user_force_sig_segv(regs, X86_TRAP_GP, error_code, desc); goto exit; } --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A9B61DF274; Mon, 28 Oct 2024 16:11:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131898; cv=none; b=tsJYIhvXGlmvIM6SWJ0MX7naw6f+U4+9Bra7JXcM32Z3JciuACCM9vftTL54Do3etM0hM+9e9Qwta6eImIaOs/e+JpED8eJG6upw+sVBG5ehjo9zy3n3Re1fWqAkwWNOffmIR4aMbVHrtGmsqeTHiP/qjhn51H/5IMLMy2f4EC0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131898; c=relaxed/simple; bh=p6UJ4UqeqaTwwIWbcQUazQxmnv70hIjs2k+J1k8n78M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Zr0f5vp/c9nMDPSyFJ1F+jZN7+0HyM6EaUslRA6no7VvxCuubxAfTxFCxccJ/ZMK9wA/YFnP35GxVxi5t8m288PFCgUkueeqnvq6NYVHtcePOx4tBHINrymJP78CgA+tovN0Kiq/GN6zQbkwnjTz8BxxAI+h/33948c5TjZZDKA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=RergVGlQ; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="RergVGlQ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131897; x=1761667897; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=p6UJ4UqeqaTwwIWbcQUazQxmnv70hIjs2k+J1k8n78M=; b=RergVGlQpHEsRwX9mJllFKzmsF/VMwpQGxt4+cq8wuKgqqzLvwudEBrw YrKk3CoYFuLUQuUiPOIiu1zUlKTE8umXUZfA/d/m0zhDA0CMwiHjZO7fb R98dPSUqNWf3lCOa/AkTynlUsf3xkjicjXUM9nKF0aAS5g+Rwpsv7NFR/ EIXTfq40y3eXLkUm29hpXX7bGSTgeknrK6EJw/at3cjURmcLZLxHW1b0O M6kb183ebSN5L+e2Ksn1WCCEDeqWkoxbAXPQ+SfDhqDlrMQ0g9Ys+HRyD YwFhiwhd0jvhegCzy9P5SrdoNwrMism/DXqZy5PvWbsPncWuE0+igeqGm w==; X-CSE-ConnectionGUID: O6fHeqa2Rp6GUxL01/yb6A== X-CSE-MsgGUID: CDfrT2pJQY2jRIQ/5cJ1SQ== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32594104" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32594104" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:11:35 -0700 X-CSE-ConnectionGUID: ySMFOMCLQoafDBj15lM3Zw== X-CSE-MsgGUID: ikFRhMSaQoWUSzti22uo7w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112478423" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:11:23 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v5 10/16] x86/vsyscall: Disable LASS if vsyscall mode is set to EMULATE Date: Mon, 28 Oct 2024 18:07:58 +0200 Message-ID: <20241028160917.1380714-11-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Sohil Mehta The EMULATE mode of vsyscall maps the vsyscall page into user address space which can be read directly by the user application. This mode has been deprecated recently and can only be enabled from a special command line parameter vsyscall=3Demulate. See commit bf00745e7791 ("x86/vsyscall: Remove CONFIG_LEGACY_VSYSCALL_EMULATE") Fixing the LASS violations during the EMULATE mode would need complex instruction decoding since the resulting #GP fault does not include any useful error information and the vsyscall address is not readily available in the RIP. At this point, no one is expected to be using the insecure and deprecated EMULATE mode. The rare usages that need support probably don't care much about security anyway. Disable LASS when EMULATE mode is requested during command line parsing to avoid breaking user software. LASS will be supported if vsyscall mode is set to XONLY or NONE. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/entry/vsyscall/vsyscall_64.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscal= l/vsyscall_64.c index 97608883b4b4..7c845c1db3b4 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include =20 @@ -63,6 +64,13 @@ static int __init vsyscall_setup(char *str) else return -EINVAL; =20 + if (cpu_feature_enabled(X86_FEATURE_LASS) && + vsyscall_mode =3D=3D EMULATE) { + cr4_clear_bits(X86_CR4_LASS); + setup_clear_cpu_cap(X86_FEATURE_LASS); + pr_warn_once("x86/cpu: Disabling LASS support due to vsyscall=3Demulate= \n"); + } + return 0; } =20 --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 320591DE2DC; Mon, 28 Oct 2024 16:11:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131909; cv=none; b=gwpYfIiQ5tH1eH+/7xgqXydk3dtH/AQb9d9SfUPpHgsSjuFcFpAHB08ZvTzaGIjJgzwWzNUOLu93uvtk/mJVTRs94y22lO+6Q3EW51kdtbbS1uWCXF45+kJ6SVk5rUXIGVXSb0GfUUxNPO01FgwxwTrL67w1w3+oPYSv/gpWiII= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131909; c=relaxed/simple; bh=oxno7cC+3IH61CN0hexYdRPH6yC3p84/tRYHn+BYINQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=nAHN/loWzvg5A6z7osrPbjmNEXiR4fi37CpndrpLFZD+6uDdVkHCsc+3jmDfD76hHwkHE+VpOXudp19M3VAswG/o0BXhT8h4bbLSPcZQejzyaN9d05UyRd7zsEL00aOSSSqox2OxZTJVA3dInOJ98vAUX2F8IkZSexv8RPOb2Ik= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=VF/1Am18; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="VF/1Am18" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131907; x=1761667907; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=oxno7cC+3IH61CN0hexYdRPH6yC3p84/tRYHn+BYINQ=; b=VF/1Am18VnyQgRsWMk5IIGxa76li/fhAYDyGzgoyHs97f+Ktl3ul8r30 TfcBMtIieiVhTUTrBKZ7bo+zuDWNzoHWx86ZkvCyG6srjSCFDLTOBYR5w FLl1PLEFjNz4LNO0IOwnmkkNML45R17N/gYRliM2ixh7PVDSmhx6GG9ll +YKiAm20hUnve/vyyagMx7MSqN7zWTcbNgLSsRsjSPgKYy0v71zW7hfth fGRi8IVS7eYCb/4oqdPyX025fSYhd4pS/e8Y8KbSm8d7x1CrgrhSPThgc zgcVi8EumqygDbRqRTFXR6p7v8tGwhwOxJ2kWM/1NPUOZhlCuzJwTxoKU Q==; X-CSE-ConnectionGUID: SjltdH7mQZyPT27H9AcUIg== X-CSE-MsgGUID: N1AhmG98QOWjGIuxgNBlJQ== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32594145" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32594145" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:11:47 -0700 X-CSE-ConnectionGUID: eYgwVBsqTOG+07m1BPnE+Q== X-CSE-MsgGUID: YrHgG6DCTbKBtF+seM84hQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112478510" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:11:35 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, Dave Hansen Subject: [PATCH v5 11/16] x86/vsyscall: Document the fact that vsyscall=emulate disables LASS Date: Mon, 28 Oct 2024 18:07:59 +0200 Message-ID: <20241028160917.1380714-12-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Since EMULATE mode of vsyscall disables LASS, because fixing the LASS violations during the EMULATE mode would need complex instruction decoding, document this fact in kernel-parameters.txt. Cc: Andy Lutomirski Suggested-by: Dave Hansen Signed-off-by: Alexander Shishkin --- Documentation/admin-guide/kernel-parameters.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentatio= n/admin-guide/kernel-parameters.txt index 1518343bbe22..4091dc48670a 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -7391,7 +7391,9 @@ =20 emulate Vsyscalls turn into traps and are emulated reasonably safely. The vsyscall page is - readable. + readable. This also disables the LASS + feature to allow userspace to poke around + the vsyscall page. =20 xonly [default] Vsyscalls turn into traps and are emulated reasonably safely. The vsyscall --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 70BEF1DEFEE; Mon, 28 Oct 2024 16:12:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131922; cv=none; b=YetBVwE3W+YkKw/S8mxYuT8VkwaHtfNYFrFlVh8Prv5OHI0fhb1Ogo6tNwMql4NhdNmK/hCfWaMj/Ri+zEZ3GWlIww4eijyDAUJzupHlEnkEhPmgU0XCqpMAc9yz4qW/YOQbKyyjkbJyRsCNGT87k7cq8kdogr2XLn+4IdABqZw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131922; c=relaxed/simple; bh=wOMJ6l35iG3/UV7cdqJrNVNPNZiJ7wbNmpeZyTJVyao=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bNRpniNTYC9Nvj4z5uqavrUYJW9Q5Mt7DqhlCW5A/STVoGBc8wbGCVUUnuvU9l68RcIG9LSJ2Ds2/Jncw6FYWQ63P/nlcPZcZnod0yDzjSIzpYijyquIdjg55CJbidJG7QA1nZSolsMMqNh+GOHALpxO3GwfVs9yGkUqV9b3oLs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=m2246HPw; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="m2246HPw" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131921; x=1761667921; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=wOMJ6l35iG3/UV7cdqJrNVNPNZiJ7wbNmpeZyTJVyao=; b=m2246HPwerG0/mFHltHuGfXkSBOnBLkn0PHW3rG1GFCB7s8RHmBIYmm6 TFhOaMdGlZ2U8v62ts19qYcD3fkOGL70YrZhuSPRJ4IdupCMrdDIHgbse R3DoXU5NYnbMW+WiFgjCSsHmTx97QMvxarf8DlgVbPlCTbUJqCpODIeVR TLh1Q1PLdkzgmOlTJDeA4H6WcOzhjJliAgF+bFTMgZg7ioj6XEk2Khos8 LAYw1wuMQF+M8SXk3Ot2ED5bcYPqsFNPFHtLJfaMRdgunaj9TzthACqKY vUo92CcMQumy5EVNXg+ucQwuRSxd43xJ/ac7snwqWMcP9GWd3vRGJ+DWW A==; X-CSE-ConnectionGUID: l2SwnE9HRm6pBKGBxFhfbA== X-CSE-MsgGUID: PvGTuqlKQYOgRV4OEkhkgw== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32594219" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32594219" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:11:59 -0700 X-CSE-ConnectionGUID: r0rgbptQS7+frk7w52MmQg== X-CSE-MsgGUID: 1hDCkkhiQ2icapOXK47IBQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112478650" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:11:47 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, Yian Chen Subject: [PATCH v5 12/16] x86/cpu: Set LASS CR4 bit as pinning sensitive Date: Mon, 28 Oct 2024 18:08:00 +0200 Message-ID: <20241028160917.1380714-13-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Yian Chen Security features such as LASS are not expected to be disabled once initialized. Add LASS to the CR4 pinned mask. Signed-off-by: Yian Chen Signed-off-by: Alexander Shishkin Reviewed-by: Tony Luck --- arch/x86/kernel/cpu/common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index c249fd0aa3fb..f8eed9548ea1 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -402,7 +402,8 @@ static __always_inline void setup_umip(struct cpuinfo_x= 86 *c) =20 /* These bits should not change their value after CPU init is finished. */ static const unsigned long cr4_pinned_mask =3D X86_CR4_SMEP | X86_CR4_SMAP= | X86_CR4_UMIP | - X86_CR4_FSGSBASE | X86_CR4_CET | X86_CR4_FRED; + X86_CR4_FSGSBASE | X86_CR4_CET | X86_CR4_FRED | + X86_CR4_LASS; static DEFINE_STATIC_KEY_FALSE_RO(cr_pinning); static unsigned long cr4_pinned_bits __ro_after_init; =20 --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 29A061DED6B; Mon, 28 Oct 2024 16:12:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131933; cv=none; b=mMP5zJT3PPDJHJhlmbqeXNLm6CukP/ej2CbgO0NPmh8b14bGgfGb5oQ1QVsUpy3VWwhOaRukR9+55MSqbGn2JaOBN/YWDW1D4X2blGJa/7nqv8cmS5E2YdJIvP6YOPpmxz6Jiz/rd/dUO6+xt9Q9VS9S7R1poGDPtgBxjlI9o+o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131933; c=relaxed/simple; bh=93VnYKIFxvP/5UMU/Ce687kY9FqRNs9gkUoibkzkDyU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NejWv2s7KXcSpXtdQ9kLFrnsS1OqRdIUzJU0YmJT9oiP7smTPZl6EhRxdfnwq/VCymIBNd/YMPhsO3KZF2rRtBpwfCn3i5NiAUdz4+n5cZBWiPIsYpYfX8YxcRuHV998I370AtxVZ/hu4PxxCB/4ENFjzHvIEIn1YGGAlmVa46Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=U/1prSLy; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="U/1prSLy" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131931; x=1761667931; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=93VnYKIFxvP/5UMU/Ce687kY9FqRNs9gkUoibkzkDyU=; b=U/1prSLyI9C/zuZfTJzcyWyffnwyuxMZPLgKn4jtqEGc8W651x0KYc5m eGuSRDPGsRK9b5mIVlMqon1LZDlv1rk9EiBMGV+0kzkim8/HRi04tbTzE /n02mDPLBxrwM7q28hE3PgINpNiKsixKgew6tl+HEAMhdV4jbV4Gp0M6d Fba/WHmvqEOVZ5VeI4hYrXFfCmRomX7PqFusPY5/p4eWntSz2rWVavipb 4eDwmtJEm3w5i1hkgSXd+oVBh1G9Wn6eI2OYGJ+SSj8Pu1Hftitcaw+qm vgGSJJmGs2E1JKI2OpKsajfveBlBN6wcCtL5XjOJ26fwTF0ovgrpmgoaY w==; X-CSE-ConnectionGUID: fwQqsWwJSNeBTSJwJMSPIQ== X-CSE-MsgGUID: Wy2v1xv9RMCPCUW172GsMA== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32594259" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32594259" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:12:11 -0700 X-CSE-ConnectionGUID: KTVTLQ8eSnS72cz6fo1PsA== X-CSE-MsgGUID: AEy7ZPIVTkGNCkEvhm3plQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112478747" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:11:59 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v5 13/16] x86/traps: Communicate a LASS violation in #GP message Date: Mon, 28 Oct 2024 18:08:01 +0200 Message-ID: <20241028160917.1380714-14-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Provide a more helpful message on #GP when a kernel side LASS violation is detected. Signed-off-by: Alexander Shishkin --- arch/x86/kernel/traps.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index bae635cc6971..89e35ab8dbd9 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -537,7 +537,8 @@ DEFINE_IDTENTRY(exc_bounds) enum kernel_gp_hint { GP_NO_HINT, GP_NON_CANONICAL, - GP_CANONICAL + GP_CANONICAL, + GP_LASS_VIOLATION }; =20 /* @@ -573,6 +574,8 @@ static enum kernel_gp_hint get_kernel_gp_address(struct= pt_regs *regs, if (*addr < ~__VIRTUAL_MASK && *addr + insn.opnd_bytes - 1 > __VIRTUAL_MASK) return GP_NON_CANONICAL; + else if (*addr < ~__VIRTUAL_MASK && cpu_feature_enabled(X86_FEATURE_LASS)) + return GP_LASS_VIOLATION; #endif =20 return GP_CANONICAL; @@ -696,6 +699,11 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) char desc[sizeof(GPFSTR) + 50 + 2*sizeof(unsigned long) + 1] =3D GPFSTR; enum kernel_gp_hint hint =3D GP_NO_HINT; unsigned long gp_addr; + static char *help[] =3D { + [GP_NON_CANONICAL] =3D "probably for non-canonical address", + [GP_CANONICAL] =3D "maybe for address", + [GP_LASS_VIOLATION] =3D "LASS prevented access to address" + }; =20 if (user_mode(regs) && try_fixup_enqcmd_gp()) return; @@ -735,9 +743,7 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) hint =3D get_kernel_gp_address(regs, &gp_addr); =20 if (hint !=3D GP_NO_HINT) - snprintf(desc, sizeof(desc), GPFSTR ", %s 0x%lx", - (hint =3D=3D GP_NON_CANONICAL) ? "probably for non-canonical address" - : "maybe for address", + snprintf(desc, sizeof(desc), GPFSTR ", %s 0x%lx", help[hint], gp_addr); =20 /* --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8D12C1DED7C; Mon, 28 Oct 2024 16:12:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131944; cv=none; b=uh+JykL4f+5wgUXlvSd2bcwPN7JAkrMaEteQZBNypRf3L3AuY/of42BsF4/YjLgTQvez7y79BR4HW929aFuR7CMgISFaiyvD81nrAmk+ftAL9hPWuT/ScVmWlLlOUGH5raKXC7eqnz4518WehsaZ9v4xMN4p+o5FFGB0ubM4wzM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131944; c=relaxed/simple; bh=0UbvcEXBzd96pFeQsY9BD0bfGY00eu1UunRcSxKT5fU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=VSGWvkrizX9yACgN+3srQTug34YMP40Dg6lY0ZffVeSVDOvKKMGNkk7lrgVysQegC5dfoRJtZj2v0+d59GRTMlDNliwJb4lIMpW6XapuAJ3PTutFpv89e15eNRefodh3qiEI1g90DTYnebBCcg0wUB5V5XkGO6tUrV0NDYTXPk4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=DqWFAGtL; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="DqWFAGtL" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131943; x=1761667943; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=0UbvcEXBzd96pFeQsY9BD0bfGY00eu1UunRcSxKT5fU=; b=DqWFAGtLb907DCbwlBPrMqOkr5TwiejP5h+sO+j8GkYA80c35VwtybCQ c1rK4Hfwn/wCmLqeGVVxFVw1VLuxYX6eK0Sumi0KAKA4v8wJNu4D6EqE2 eJgPnsq9CFXqk7HGbf4hq2JVWMHw/UuhBusM5MnXSENOQoTsK7AOnhOUp GoW6Jb7Fli43Ik+EE2NQznGSvAli15wBnY+qpb12gBnOvkzuPPmQ+jQVp zbOZhK02DmJ2QXpLOZFCjo3m14YI7j5dJb8RL1Qd4S5Scds/30sdKL8Z3 3BogiCDJ17SCmNZJKjzZGP6aPG7ZoOKgSZUaq5D+9rtiFwlUDw0D6jx9U A==; X-CSE-ConnectionGUID: b0Z6s+9CR2OW6MTab+kvsA== X-CSE-MsgGUID: amLNDxlLSFGK0S3kKLRkIA== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32594311" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32594311" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:12:22 -0700 X-CSE-ConnectionGUID: Rjo4v9BvTwSSynfELkT3AQ== X-CSE-MsgGUID: bNFLXTAdSx2iW22Mb41jqQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112478842" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:12:10 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v5 14/16] x86/cpu: Make LAM depend on LASS Date: Mon, 28 Oct 2024 18:08:02 +0200 Message-ID: <20241028160917.1380714-15-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" To prevent exploits for Spectre based on LAM as demonstrated by the whitepaper [1], make LAM depend on LASS, which avoids this type of vulnerability. [1] https://download.vusec.net/papers/slam_sp24.pdf Signed-off-by: Alexander Shishkin --- arch/x86/kernel/cpu/cpuid-deps.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-d= eps.c index 3f73c4b03348..d9fb2423605e 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -84,6 +84,7 @@ static const struct cpuid_dep cpuid_deps[] =3D { { X86_FEATURE_SHSTK, X86_FEATURE_XSAVES }, { X86_FEATURE_FRED, X86_FEATURE_LKGS }, { X86_FEATURE_LASS, X86_FEATURE_SMAP }, + { X86_FEATURE_LAM, X86_FEATURE_LASS }, {} }; =20 --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D5E4015C13A; Mon, 28 Oct 2024 16:12:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131962; cv=none; b=HEDJvdsjDfEVQQvNv56/oL1I9o80WdxDomrXbi1zEmvHx6a6q1aqA/WYgSXTU+a7z0QQF5FoxLZqtFoC76RzZq8Ju/yIC5LVLd+C9kaiOAi16ERHmkXA+PEf/W/yzoKfgzKmRYgtOA5fvkJFcz5pi/BxYJEo8MKCn7NG592u7bw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131962; c=relaxed/simple; bh=NevhFlPE+KNvQiSPEghiI9LcPvmTS2/0EMqAIFv1Klc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bEcDtV/kfmmBSIERwF6zd3Fq7q50VUVKklhD2104qtQr5CMQ9yoA59a4TVyTPFvfnPpVczG71yIXB7E02wLTndCHYeA3oHUSkohhwGZzjTmhFbnfG81rxk9yGenoD75Vbp8nPqyn5zB0Fs0QQxJ9ztAtfNG/N57GhmB6Ro6I/Lg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=mpWj6jqy; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="mpWj6jqy" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131961; x=1761667961; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=NevhFlPE+KNvQiSPEghiI9LcPvmTS2/0EMqAIFv1Klc=; b=mpWj6jqyOodbrV9V3c5zPc51iUBXx+LkYQ8GW9KcMUk0mykF8i24ESrZ JUGmNZgI6IA9Xdp0WQXVxRZZG3PYSOGL22VH+jH8TbTcFUiNx2eo6ff+r pCTf2D8xJEJKiQYDw0JWpIDOOnSu+UUnPLGk6P9pf6N9tfDeIyiHYNRGM gBImZ80icHCdLb8VQWUk4KAM2U1fWlfyOwmyilCbROfIgbE+3e42yEQRH WLn8Ip33S5dnCwlH1oCjf+NJGk+me18OHGVDZAcCSsg3fm1kkQ3qFQnas BsjpWEN/k2K+yO2ndvtDjsbJmGqV59vgqQ9arBw/0gypp6HcvTTZYD5Dh Q==; X-CSE-ConnectionGUID: XJcpD+AuQQqvuII3irmZcQ== X-CSE-MsgGUID: YYqIDF1UR2Kcp2gjLm01YQ== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32594375" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32594375" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:12:34 -0700 X-CSE-ConnectionGUID: IYTBZ+s6S1iSYr7YEVFIsQ== X-CSE-MsgGUID: ihsFtu3hRuy/yB1N+Qhmog== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112478968" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:12:22 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v5 15/16] x86/cpu: Enable LASS during CPU initialization Date: Mon, 28 Oct 2024 18:08:03 +0200 Message-ID: <20241028160917.1380714-16-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Sohil Mehta Being a security feature, enable LASS by default if the platform supports it. While at it, get rid of the comment above the SMAP/SMEP/UMIP/LASS setup instead of updating it to mention LASS as well, as the whole sequence is quite self-explanatory. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin --- arch/x86/kernel/cpu/common.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index f8eed9548ea1..2f5faa5979a9 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -400,6 +400,12 @@ static __always_inline void setup_umip(struct cpuinfo_= x86 *c) cr4_clear_bits(X86_CR4_UMIP); } =20 +static __always_inline void setup_lass(struct cpuinfo_x86 *c) +{ + if (cpu_feature_enabled(X86_FEATURE_LASS)) + cr4_set_bits(X86_CR4_LASS); +} + /* These bits should not change their value after CPU init is finished. */ static const unsigned long cr4_pinned_mask =3D X86_CR4_SMEP | X86_CR4_SMAP= | X86_CR4_UMIP | X86_CR4_FSGSBASE | X86_CR4_CET | X86_CR4_FRED | @@ -1848,10 +1854,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) /* Disable the PN if appropriate */ squash_the_stupid_serial_number(c); =20 - /* Set up SMEP/SMAP/UMIP */ setup_smep(c); setup_smap(c); setup_umip(c); + setup_lass(c); =20 /* Enable FSGSBASE instructions if available. */ if (cpu_has(c, X86_FEATURE_FSGSBASE)) { --=20 2.45.2 From nobody Mon Nov 25 10:57:48 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A21CA1DFDA5; Mon, 28 Oct 2024 16:12:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131967; cv=none; b=PLcnT7FnhI8qyVyK1jpESEZklqa1IxxLjoiWOdvVr9uH8S/ejVGE9xgSuNF1i2B+YI5TFFdDbstEZQC1rUYLyX50JRKvWWPWYFw9PgSb3EG4MKPBglRuzTgo9UGOTnpt1Gs5+ywyVB9QxMz7oV15jZcvRICg2MLOje/ZdPty7I8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730131967; c=relaxed/simple; bh=dl3XZyhTS8Djp7/powdEYQthWqXNlLd0T3UVJapIuyQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DfaWLs0jEn1Eew7Tc1tcTF1VsJiezE0MFP/qrE3DkCruTUR+fWonoohZ5jUNWcZmJNCMiXXtYoF8IN7kmlUm4EYkNB7A306ucjc/FgZQJctMGPHbOvjigQVazxmoO+beTjPpOgJHjEnQiVCrOpNjZRcUaZdlg3/UK/e1sRtRvYY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Cm9K52mq; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Cm9K52mq" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730131966; x=1761667966; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=dl3XZyhTS8Djp7/powdEYQthWqXNlLd0T3UVJapIuyQ=; b=Cm9K52mqV6xBskDt85V+2IphJGVJYfgnqRb1pYeAVpv9yXsvutFqad6Z wigjwIG8RQQ6KmgIE8yB8sfhvrzI60YvecEEyouOh/CxnRY4SoN3t6clp 6Nha/KVC4996DLTjUwj5jBA+ur5KYVGfDFb9kPFkBA/PITLJ+frGGkEG2 VSuck4bOE4MImOmgYDWhbUa6gPpnHQKRc9429tG27FV4g+IMnn/hK+Cd0 tdPe5hfoSsXQj2svwsZ6p9YQy4HYXWlkh4Q4NnVVt52293tv73wPm8ORq 14CfvtcIM4BulNukhBIBJrVF40jAiHWoHTmy+jLlQWFNfh+EbF3tdpezG w==; X-CSE-ConnectionGUID: QjFofTcvREWsrGle7pwC6Q== X-CSE-MsgGUID: 0k+WfTdHTEmbXw1aZ1uRuw== X-IronPort-AV: E=McAfee;i="6700,10204,11239"; a="32594417" X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="32594417" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2024 09:12:45 -0700 X-CSE-ConnectionGUID: Gy1JfNpnSbKOqqaDJjmWRA== X-CSE-MsgGUID: /7wgu1DMQkCap2RejVcAAw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,239,1725346800"; d="scan'208";a="112479044" Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28]) by orviesa002.jf.intel.com with ESMTP; 28 Oct 2024 09:12:33 -0700 From: Alexander Shishkin To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , "Kirill A. Shutemov" , Alexey Kardashevskiy Cc: Jonathan Corbet , Alexander Shishkin , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v5 16/16] Revert "x86/lam: Disable ADDRESS_MASKING in most cases" Date: Mon, 28 Oct 2024 18:08:04 +0200 Message-ID: <20241028160917.1380714-17-alexander.shishkin@linux.intel.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> References: <20241028160917.1380714-1-alexander.shishkin@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This reverts commit 3267cb6d3a174ff83d6287dcd5b0047bbd912452. LASS mitigates the Spectre based on LAM (SLAM) [1] and an earlier commit made LAM depend on LASS, so we no longer need to disable LAM at compile time, so revert the commit that disables LAM. [1] https://download.vusec.net/papers/slam_sp24.pdf Signed-off-by: Alexander Shishkin CC: Pawan Gupta --- arch/x86/Kconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 0bdb7a394f59..192d5145f54e 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2257,7 +2257,6 @@ config RANDOMIZE_MEMORY_PHYSICAL_PADDING config ADDRESS_MASKING bool "Linear Address Masking support" depends on X86_64 - depends on COMPILE_TEST || !CPU_MITIGATIONS # wait for LASS help Linear Address Masking (LAM) modifies the checking that is applied to 64-bit linear addresses, allowing software to use of the --=20 2.45.2