From nobody Tue Oct 7 21:38:31 2025 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4545A244670; Tue, 7 Oct 2025 06:54:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759820046; cv=none; b=hQIsBbBKyE6uaJf5FWFcqINjjVn1XlXBBl+CzP4otbmrAXQg+YYVFMQ/ebUY0sdk4M9x7L1uDBXQ5XuudoogBsELDXgsHZCCJg+AZ9EEed1i4luiMVl0Tonau6Ak+renh5iwVLpZZxHLCc/U/eLMnYoVwDeJA5pz6IzVB0X9kYE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759820046; c=relaxed/simple; bh=Q7agOSCAERHWB5so+wxbqMf9sjQ0R+iLN74s/s56CAk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rl7l/enI1Z9YZCKTeT72HFnbq8xPnz0GhUs5initlOqktRPXDUTDv+hub6/HACf8G5nZebuLjbEsk+PJ7ihYAUIMsP7hPICuIAOz1HGisfIx8bxwFVlRodlv7IAeCESuih8lorV8j8M0yanh6LPjphdlPyicWx786lXJZZBVu78= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=gl9Dn709; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="gl9Dn709" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1759820044; x=1791356044; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Q7agOSCAERHWB5so+wxbqMf9sjQ0R+iLN74s/s56CAk=; b=gl9Dn709b5P/MaWjrWewxXDM6wJaSW3jtu5YOmjV00DqL2ZBkD9vcUZL No3n8d3P5At/uDlVl2fkof4/VCVGhC8VHGD9eWvcyHzAhmjOfIbWSVAU1 BJydH876yip6cA/RjmnbmnluzQbdDWZzg6dtWZqtyjBzByanzsV8od6th EvYhb5zJC0fDRJWAl3/Bi+YnOPdw9GlQUuTjA9kqspiFwUhCn829DL1wA OfqqhfvN4yI6geefayf7Q1Jtyk1xfqoVqHihJXVy/WhjW3KkuVU6LhI0/ bkIOMi7YUwRkZ2nUimeOPbeQ9EY6ruhd8JhEmat7vNSFNggmdhrP5lRBm Q==; X-CSE-ConnectionGUID: +BbQqzGdQ4+kt+9TEmH2Tw== X-CSE-MsgGUID: qwyayd3oTjKgshbzMYsu7A== X-IronPort-AV: E=McAfee;i="6800,10657,11574"; a="72254521" X-IronPort-AV: E=Sophos;i="6.18,321,1751266800"; d="scan'208";a="72254521" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Oct 2025 23:54:03 -0700 X-CSE-ConnectionGUID: yLXKUA1+S5qtfzLq6a5LLw== X-CSE-MsgGUID: DH8lp9h+RfyypJg5xm6YTQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.18,321,1751266800"; d="scan'208";a="184354498" Received: from sohilmeh.sc.intel.com ([172.25.103.65]) by orviesa004.jf.intel.com with ESMTP; 06 Oct 2025 23:54:02 -0700 From: Sohil Mehta To: x86@kernel.org, Dave Hansen , Thomas Gleixner , Ingo Molnar , Borislav Petkov Cc: Jonathan Corbet , "H . Peter Anvin" , Andy Lutomirski , Josh Poimboeuf , Peter Zijlstra , Ard Biesheuvel , "Kirill A . Shutemov" , Sohil Mehta , Xin Li , David Woodhouse , Sean Christopherson , Rick Edgecombe , Vegard Nossum , Andrew Cooper , David Laight , Randy Dunlap , Geert Uytterhoeven , Kees Cook , Tony Luck , Alexander Shishkin , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v10 10/15] x86/vsyscall: Add vsyscall emulation for #GP Date: Mon, 6 Oct 2025 23:51:14 -0700 Message-ID: <20251007065119.148605-11-sohil.mehta@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251007065119.148605-1-sohil.mehta@intel.com> References: <20251007065119.148605-1-sohil.mehta@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The legacy vsyscall page is mapped at a fixed address in the kernel address range 0xffffffffff600000-0xffffffffff601000. Prior to LASS, a vsyscall page access from userspace would always generate a #PF. The kernel emulates the execute (XONLY) accesses in the #PF handler and returns the appropriate values to userspace. With LASS, these accesses are intercepted before the paging structures are traversed triggering a #GP instead of a #PF. However, the #GP doesn't provide much information in terms of the error code. Emulate the vsyscall access without going through complex instruction decoding. Use the faulting RIP which is preserved in the user registers to determine if the #GP was triggered due to a vsyscall access. Signed-off-by: Sohil Mehta --- v10: - No change. --- arch/x86/entry/vsyscall/vsyscall_64.c | 14 +++++++++++++- arch/x86/include/asm/vsyscall.h | 6 ++++++ arch/x86/kernel/traps.c | 4 ++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscal= l/vsyscall_64.c index 4c3f49bf39e6..ff319d7e778c 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -23,7 +23,7 @@ * soon be no new userspace code that will ever use a vsyscall. * * The code in this file emulates vsyscalls when notified of a page - * fault to a vsyscall address. + * fault or a general protection fault to a vsyscall address. */ =20 #include @@ -282,6 +282,18 @@ bool emulate_vsyscall_pf(unsigned long error_code, str= uct pt_regs *regs, return __emulate_vsyscall(regs, address); } =20 +bool emulate_vsyscall_gp(struct pt_regs *regs) +{ + if (!cpu_feature_enabled(X86_FEATURE_LASS)) + return false; + + /* Emulate only if the RIP points to the vsyscall address */ + if (!is_vsyscall_vaddr(regs->ip)) + return false; + + return __emulate_vsyscall(regs, regs->ip); +} + /* * A pseudo VMA to allow ptrace access for the vsyscall page. This only * covers the 64bit vsyscall page now. 32bit has a real VMA now and does diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscal= l.h index f34902364972..538053b1656a 100644 --- a/arch/x86/include/asm/vsyscall.h +++ b/arch/x86/include/asm/vsyscall.h @@ -15,6 +15,7 @@ extern void set_vsyscall_pgtable_user_bits(pgd_t *root); * Returns true if handled. */ bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs, u= nsigned long address); +bool emulate_vsyscall_gp(struct pt_regs *regs); #else static inline void map_vsyscall(void) {} static inline bool emulate_vsyscall_pf(unsigned long error_code, @@ -22,6 +23,11 @@ static inline bool emulate_vsyscall_pf(unsigned long err= or_code, { return false; } + +static inline bool emulate_vsyscall_gp(struct pt_regs *regs) +{ + return false; +} #endif =20 /* diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index 25b45193eb19..59bfbdf0a1a0 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -69,6 +69,7 @@ #include #include #include +#include =20 #ifdef CONFIG_X86_64 #include @@ -817,6 +818,9 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) if (fixup_umip_exception(regs)) goto exit; =20 + if (emulate_vsyscall_gp(regs)) + goto exit; + gp_user_force_sig_segv(regs, X86_TRAP_GP, error_code, desc); goto exit; } --=20 2.43.0