From nobody Thu Dec 18 23:26:03 2025 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD697313550; Tue, 16 Dec 2025 21:27:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920428; cv=none; b=ImtT+DoxxxYpK5ywjRLKTts13qC/qKv4Y9eaT+V8CSCV2bFPN23KfKURrAgq4S0BUcvLpqpQVzkcosXolzkKHpj77ot04FaqYIpdwzHXivNBI8lOSD/96uii24Pduh+COhNxAUy6xAM2EjRHTRxhBP1VsqMTssqzwMK3nP/QueQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920428; c=relaxed/simple; bh=A/q0j3aN/Ypa6dqWjOl9bbOjU6SlvR45QcbcnwvyOBg=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uJwwk40Wc7j8dIF/EsOh4E4mZMTbCe4WDwl3+82krm45aXyC/GERlZHyF0oh7H17BWJG3ZHQoy5/4mdK/jkNIyUDXLg8XXgYDK2pJllO81xayjT4MjToEy4Jhfe2TUr4CG48SJoQ1gg1KbIs2u7krhT/8wWyfq/Wh4pYRbSuWXU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=msI+cdJX; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="msI+cdJX" Received: from mail.zytor.com (c-76-133-66-138.hsd1.ca.comcast.net [76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 5BGLQC202563820 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 16 Dec 2025 13:26:15 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 5BGLQC202563820 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025112201; t=1765920377; bh=0H6Hb1SNFV2MzYNq0MIPEdNZM15rFuDuoHIHPxAZ1Q4=; h=From:To:Subject:Date:In-Reply-To:References:From; b=msI+cdJXzUNlR/eoMy2do2LDy33CiT4AkWQnbNT4gvIbk9NWGbm+/kelJk6lDm0af IRawxKGGMx2XhsNeQkzk7CsTrTzCecznGu/P98YSqoGMeFCPg5xUL+SXVBnr52uENF mPue3LYDtdGhIb0WovpF7PNq6pDtL7qFy1JtOxUnXPNQDvkZ2WCWNIKqGaBdCanBCm mobWWh0unykhcBK5UYYOfEQYT6cxpizs86NAebcTPoN74pg9BHAdSjay3EVrXqJ+gF 8N+H+rp4lK5q+mX7jocMWVm/qGh7p1O8Ae2RQSwXvWNlFgmeXHjZ9AsUZhCp1xKHQd JtI/OOF7LuQoA== From: "H. Peter Anvin" To: "H. Peter Anvin" , "Jason A. Donenfeld" , "Peter Zijlstra (Intel)" , "Theodore Ts'o" , =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= , Xin Li , Andrew Cooper , Andy Lutomirski , Ard Biesheuvel , Borislav Petkov , Brian Gerst , Dave Hansen , Ingo Molnar , James Morse , Jarkko Sakkinen , Josh Poimboeuf , Kees Cook , Nam Cao , Oleg Nesterov , Perry Yuan , Thomas Gleixner , Thomas Huth , Uros Bizjak , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-sgx@vger.kernel.org, x86@kernel.org Subject: [PATCH v4 01/10] x86/entry/vdso: rename vdso_image_* to vdso*_image Date: Tue, 16 Dec 2025 13:25:55 -0800 Message-ID: <20251216212606.1325678-2-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216212606.1325678-1-hpa@zytor.com> References: <20251216212606.1325678-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The vdso .so files are named vdso*.so. These structures are binary images and descriptions of these files, so it is more consistent for them to have a naming that more directly mirrors the filenames. It is also very slightly more compact (by one character...) and simplifies the Makefile just a little bit. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/entry/syscall_32.c | 2 +- arch/x86/entry/vdso/.gitignore | 11 ++++------- arch/x86/entry/vdso/Makefile | 8 ++++---- arch/x86/entry/vdso/vma.c | 10 +++++----- arch/x86/include/asm/elf.h | 2 +- arch/x86/include/asm/vdso.h | 6 +++--- arch/x86/kernel/process_64.c | 6 +++--- arch/x86/kernel/signal_32.c | 4 ++-- 8 files changed, 23 insertions(+), 26 deletions(-) diff --git a/arch/x86/entry/syscall_32.c b/arch/x86/entry/syscall_32.c index a67a644d0cfe..8e829575e12f 100644 --- a/arch/x86/entry/syscall_32.c +++ b/arch/x86/entry/syscall_32.c @@ -319,7 +319,7 @@ __visible noinstr bool do_fast_syscall_32(struct pt_reg= s *regs) * convention. Adjust regs so it looks like we entered using int80. */ unsigned long landing_pad =3D (unsigned long)current->mm->context.vdso + - vdso_image_32.sym_int80_landing_pad; + vdso32_image.sym_int80_landing_pad; =20 /* * SYSENTER loses EIP, and even SYSCALL32 needs us to skip forward diff --git a/arch/x86/entry/vdso/.gitignore b/arch/x86/entry/vdso/.gitignore index 37a6129d597b..eb60859dbcbf 100644 --- a/arch/x86/entry/vdso/.gitignore +++ b/arch/x86/entry/vdso/.gitignore @@ -1,8 +1,5 @@ # SPDX-License-Identifier: GPL-2.0-only -vdso.lds -vdsox32.lds -vdso32-syscall-syms.lds -vdso32-sysenter-syms.lds -vdso32-int80-syms.lds -vdso-image-*.c -vdso2c +*.lds +*.so +*.so.dbg +vdso*-image.c diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index f247f5f5cb44..7f833026d5b2 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -16,9 +16,9 @@ vobjs-$(CONFIG_X86_SGX) +=3D vsgx.o obj-y +=3D vma.o extable.o =20 # vDSO images to build: -obj-$(CONFIG_X86_64) +=3D vdso-image-64.o -obj-$(CONFIG_X86_X32_ABI) +=3D vdso-image-x32.o -obj-$(CONFIG_COMPAT_32) +=3D vdso-image-32.o vdso32-setup.o +obj-$(CONFIG_X86_64) +=3D vdso64-image.o +obj-$(CONFIG_X86_X32_ABI) +=3D vdsox32-image.o +obj-$(CONFIG_COMPAT_32) +=3D vdso32-image.o vdso32-setup.o =20 vobjs :=3D $(addprefix $(obj)/, $(vobjs-y)) vobjs32 :=3D $(addprefix $(obj)/, $(vobjs32-y)) @@ -44,7 +44,7 @@ hostprogs +=3D vdso2c quiet_cmd_vdso2c =3D VDSO2C $@ cmd_vdso2c =3D $(obj)/vdso2c $< $(<:%.dbg=3D%) $@ =20 -$(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c F= ORCE +$(obj)/vdso%-image.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FO= RCE $(call if_changed,vdso2c) =20 # diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c index afe105b2f907..8f98c2d7c7a9 100644 --- a/arch/x86/entry/vdso/vma.c +++ b/arch/x86/entry/vdso/vma.c @@ -65,7 +65,7 @@ static vm_fault_t vdso_fault(const struct vm_special_mapp= ing *sm, static void vdso_fix_landing(const struct vdso_image *image, struct vm_area_struct *new_vma) { - if (in_ia32_syscall() && image =3D=3D &vdso_image_32) { + if (in_ia32_syscall() && image =3D=3D &vdso32_image) { struct pt_regs *regs =3D current_pt_regs(); unsigned long vdso_land =3D image->sym_int80_landing_pad; unsigned long old_land_addr =3D vdso_land + @@ -230,7 +230,7 @@ static int load_vdso32(void) if (vdso32_enabled !=3D 1) /* Other values all mean "disabled" */ return 0; =20 - return map_vdso(&vdso_image_32, 0); + return map_vdso(&vdso32_image, 0); } =20 int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) @@ -239,7 +239,7 @@ int arch_setup_additional_pages(struct linux_binprm *bp= rm, int uses_interp) if (!vdso64_enabled) return 0; =20 - return map_vdso(&vdso_image_64, 0); + return map_vdso(&vdso64_image, 0); } =20 return load_vdso32(); @@ -252,7 +252,7 @@ int compat_arch_setup_additional_pages(struct linux_bin= prm *bprm, if (IS_ENABLED(CONFIG_X86_X32_ABI) && x32) { if (!vdso64_enabled) return 0; - return map_vdso(&vdso_image_x32, 0); + return map_vdso(&vdsox32_image, 0); } =20 if (IS_ENABLED(CONFIG_IA32_EMULATION)) @@ -267,7 +267,7 @@ bool arch_syscall_is_vdso_sigreturn(struct pt_regs *reg= s) const struct vdso_image *image =3D current->mm->context.vdso_image; unsigned long vdso =3D (unsigned long) current->mm->context.vdso; =20 - if (in_ia32_syscall() && image =3D=3D &vdso_image_32) { + if (in_ia32_syscall() && image =3D=3D &vdso32_image) { if (regs->ip =3D=3D vdso + image->sym_vdso32_sigreturn_landing_pad || regs->ip =3D=3D vdso + image->sym_vdso32_rt_sigreturn_landing_pad) return true; diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h index 6c8fdc96be7e..2ba5f166e58f 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h @@ -361,7 +361,7 @@ else if (IS_ENABLED(CONFIG_IA32_EMULATION)) \ =20 #define VDSO_ENTRY \ ((unsigned long)current->mm->context.vdso + \ - vdso_image_32.sym___kernel_vsyscall) + vdso32_image.sym___kernel_vsyscall) =20 struct linux_binprm; =20 diff --git a/arch/x86/include/asm/vdso.h b/arch/x86/include/asm/vdso.h index b7253ef3205a..e8afbe9faa5b 100644 --- a/arch/x86/include/asm/vdso.h +++ b/arch/x86/include/asm/vdso.h @@ -27,9 +27,9 @@ struct vdso_image { long sym_vdso32_rt_sigreturn_landing_pad; }; =20 -extern const struct vdso_image vdso_image_64; -extern const struct vdso_image vdso_image_x32; -extern const struct vdso_image vdso_image_32; +extern const struct vdso_image vdso64_image; +extern const struct vdso_image vdsox32_image; +extern const struct vdso_image vdso32_image; =20 extern int __init init_vdso_image(const struct vdso_image *image); =20 diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 432c0a004c60..08e72f429870 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -941,14 +941,14 @@ long do_arch_prctl_64(struct task_struct *task, int o= ption, unsigned long arg2) #ifdef CONFIG_CHECKPOINT_RESTORE # ifdef CONFIG_X86_X32_ABI case ARCH_MAP_VDSO_X32: - return prctl_map_vdso(&vdso_image_x32, arg2); + return prctl_map_vdso(&vdsox32_image, arg2); # endif # ifdef CONFIG_IA32_EMULATION case ARCH_MAP_VDSO_32: - return prctl_map_vdso(&vdso_image_32, arg2); + return prctl_map_vdso(&vdso32_image, arg2); # endif case ARCH_MAP_VDSO_64: - return prctl_map_vdso(&vdso_image_64, arg2); + return prctl_map_vdso(&vdso64_image, arg2); #endif #ifdef CONFIG_ADDRESS_MASKING case ARCH_GET_UNTAG_MASK: diff --git a/arch/x86/kernel/signal_32.c b/arch/x86/kernel/signal_32.c index 42bbc42bd350..e55cf19e68fe 100644 --- a/arch/x86/kernel/signal_32.c +++ b/arch/x86/kernel/signal_32.c @@ -282,7 +282,7 @@ int ia32_setup_frame(struct ksignal *ksig, struct pt_re= gs *regs) /* Return stub is in 32bit vsyscall page */ if (current->mm->context.vdso) restorer =3D current->mm->context.vdso + - vdso_image_32.sym___kernel_sigreturn; + vdso32_image.sym___kernel_sigreturn; else restorer =3D &frame->retcode; } @@ -368,7 +368,7 @@ int ia32_setup_rt_frame(struct ksignal *ksig, struct pt= _regs *regs) restorer =3D ksig->ka.sa.sa_restorer; else restorer =3D current->mm->context.vdso + - vdso_image_32.sym___kernel_rt_sigreturn; + vdso32_image.sym___kernel_rt_sigreturn; unsafe_put_user(ptr_to_compat(restorer), &frame->pretcode, Efault); =20 /* --=20 2.52.0 From nobody Thu Dec 18 23:26:03 2025 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD3BE30BB97; Tue, 16 Dec 2025 21:27:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920428; cv=none; b=FZkGiy36FaZJb1IFYOYrs12aWWeNesIy+bI/Hs2SwmODCG+F7e+RUauCgPhKiFhvS0SQ/zYZ32uV5ntwjt0AFpJp5uOzM4DeHeO8uWRpIgN/pidS6PSJQuVd6oDpHo+Yga+zxTQfROOYm1MBBWXYHS09Mdoob9QdbCxwggp/Ejo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920428; c=relaxed/simple; bh=MoqvLbMfn2F43wSd1sfYHLLZub8UGjJ7D/U+nOpcdbY=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WkeM8a9H0QDIitgQIXlio7Ekiob7YIC0goLxcRMIKjfIXR/L4jOWK0SLRTwkFZ7+itvsPy0bE7JlGYOqZHzKvZkPuT4KtXIb+nkaJOQbAK6ZDonsFboM8mBL1CA6dumvQCk5BN1Pp6MMmKun1ZlREDDSbHyhFXbGssdQGOwHmYE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=Q+IRqKFs; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="Q+IRqKFs" Received: from mail.zytor.com (c-76-133-66-138.hsd1.ca.comcast.net [76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 5BGLQC212563820 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 16 Dec 2025 13:26:17 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 5BGLQC212563820 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025112201; t=1765920378; bh=qfIXPrDPPzOmRPX4wlKrygGvZVz41nwH1/qG7m+qlJI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=Q+IRqKFsMsjzabNidYuoiQalsihl+u+9Y6XqjoBvDQJMt/PjkkwuN7wshh+5LWG7K GfpXrzloSEZ0VINGbw2wGowWxdH32j70El2W2gA1U4+1m6GcIHxTZ3upciVpsX7ytj BsLXycBjpGX/jHy8bE5wjvQs4Qdv91KbcMkSaWuBEBEs/SlFxv3IWijoKr27UfDiTI AKcBPv2nPS5P7JsHfhKQgnVmKI0YOVCw4DeEgpe1x/ZtK5KdvFNj1pX1Z8OMyECL05 7jU2d+AHxOkPBHODFxeKLlZ6Dokp57+egI445ZoVGKdh+/iRZNyo8pnsGnj23SGAUB WJ+QT3rVHN6Sg== From: "H. Peter Anvin" To: "H. Peter Anvin" , "Jason A. Donenfeld" , "Peter Zijlstra (Intel)" , "Theodore Ts'o" , =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= , Xin Li , Andrew Cooper , Andy Lutomirski , Ard Biesheuvel , Borislav Petkov , Brian Gerst , Dave Hansen , Ingo Molnar , James Morse , Jarkko Sakkinen , Josh Poimboeuf , Kees Cook , Nam Cao , Oleg Nesterov , Perry Yuan , Thomas Gleixner , Thomas Huth , Uros Bizjak , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-sgx@vger.kernel.org, x86@kernel.org Subject: [PATCH v4 02/10] x86/entry/vdso: move vdso2c to arch/x86/tools Date: Tue, 16 Dec 2025 13:25:56 -0800 Message-ID: <20251216212606.1325678-3-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216212606.1325678-1-hpa@zytor.com> References: <20251216212606.1325678-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" It is generally better to build tools in arch/x86/tools to keep host cflags proliferation down, and to reduce makefile sequencing issues. Move the vdso build tool vdso2c into arch/x86/tools in preparation for refactoring the vdso makefiles. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/Makefile | 2 +- arch/x86/entry/vdso/Makefile | 7 +++---- arch/x86/tools/Makefile | 15 ++++++++++----- arch/x86/{entry/vdso =3D> tools}/vdso2c.c | 0 arch/x86/{entry/vdso =3D> tools}/vdso2c.h | 0 5 files changed, 14 insertions(+), 10 deletions(-) rename arch/x86/{entry/vdso =3D> tools}/vdso2c.c (100%) rename arch/x86/{entry/vdso =3D> tools}/vdso2c.h (100%) diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 1d403a3612ea..9ab7522ced18 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -252,7 +252,7 @@ endif =20 =20 archscripts: scripts_basic - $(Q)$(MAKE) $(build)=3Darch/x86/tools relocs + $(Q)$(MAKE) $(build)=3Darch/x86/tools relocs vdso2c =20 ### # Syscall table generation diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 7f833026d5b2..3d9b09f00c70 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -38,13 +38,12 @@ VDSO_LDFLAGS_vdso.lds =3D -m elf_x86_64 -soname linux-v= dso.so.1 \ $(obj)/vdso64.so.dbg: $(obj)/vdso.lds $(vobjs) FORCE $(call if_changed,vdso_and_check) =20 -HOST_EXTRACFLAGS +=3D -I$(srctree)/tools/include -I$(srctree)/include/uapi= -I$(srctree)/arch/$(SUBARCH)/include/uapi -hostprogs +=3D vdso2c +VDSO2C =3D $(objtree)/arch/x86/tools/vdso2c =20 quiet_cmd_vdso2c =3D VDSO2C $@ - cmd_vdso2c =3D $(obj)/vdso2c $< $(<:%.dbg=3D%) $@ + cmd_vdso2c =3D $(VDSO2C) $< $(<:%.dbg=3D%) $@ =20 -$(obj)/vdso%-image.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FO= RCE +$(obj)/vdso%-image.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(VDSO2C) FORCE $(call if_changed,vdso2c) =20 # diff --git a/arch/x86/tools/Makefile b/arch/x86/tools/Makefile index 7278e2545c35..39a183fffd04 100644 --- a/arch/x86/tools/Makefile +++ b/arch/x86/tools/Makefile @@ -38,9 +38,14 @@ $(obj)/insn_decoder_test.o: $(srctree)/tools/arch/x86/li= b/insn.c $(srctree)/tool =20 $(obj)/insn_sanity.o: $(srctree)/tools/arch/x86/lib/insn.c $(srctree)/tool= s/arch/x86/lib/inat.c $(srctree)/tools/arch/x86/include/asm/inat_types.h $(= srctree)/tools/arch/x86/include/asm/inat.h $(srctree)/tools/arch/x86/includ= e/asm/insn.h $(objtree)/arch/x86/lib/inat-tables.c =20 -HOST_EXTRACFLAGS +=3D -I$(srctree)/tools/include -hostprogs +=3D relocs -relocs-objs :=3D relocs_32.o relocs_64.o relocs_common.o -PHONY +=3D relocs -relocs: $(obj)/relocs +HOST_EXTRACFLAGS +=3D -I$(srctree)/tools/include -I$(srctree)/include/uapi= \ + -I$(srctree)/arch/$(SUBARCH)/include/uapi + +hostprogs +=3D relocs vdso2c +relocs-objs :=3D relocs_32.o relocs_64.o relocs_common.o + +always-y :=3D $(hostprogs) + +PHONY +=3D $(hostprogs) +$(hostprogs): %: $(obj)/% @: diff --git a/arch/x86/entry/vdso/vdso2c.c b/arch/x86/tools/vdso2c.c similarity index 100% rename from arch/x86/entry/vdso/vdso2c.c rename to arch/x86/tools/vdso2c.c diff --git a/arch/x86/entry/vdso/vdso2c.h b/arch/x86/tools/vdso2c.h similarity index 100% rename from arch/x86/entry/vdso/vdso2c.h rename to arch/x86/tools/vdso2c.h --=20 2.52.0 From nobody Thu Dec 18 23:26:03 2025 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD46131329E; Tue, 16 Dec 2025 21:27:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920429; cv=none; b=SZWPtG0toYtnslZVeCrrqyGZBw5Nl6v+lIyK4rytIfL3c3MUba3K4Iv2fcu2fpa/qYgWpmvVbNrWy+/BOylIdvEEx0Bix6kPm9Zfpmk4D+vQShE5AyPl3OOJ4VhFOFeCz7cQ8u8nPA4M7ccrRwuc9SU0T5m/oNJZWQXQMCkVJnw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920429; c=relaxed/simple; bh=IFbK2Vstj6wU91JxtVxu7k/PGBg6LmOaDJDvE5IgZnE=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ficGqEqZ03ruXVw0XHJDG4CWmaHL+roPQTGBm4mQfT7GGTgRKW424GM1l256S6xFbZrFKcaGcUyUmlJ886dZ1imeG1fQ5zwfEdG69YbIeigzyr0CjhhCm74tYbz767HSDTdzOR2zauSX/AlDkxYo1Ri5NayXpp2Q6giafI2vTMg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=JAGn9jve; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="JAGn9jve" Received: from mail.zytor.com (c-76-133-66-138.hsd1.ca.comcast.net [76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 5BGLQC222563820 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 16 Dec 2025 13:26:19 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 5BGLQC222563820 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025112201; t=1765920380; bh=AB+971Z2K/0s3r5t/Zl6ByNhuiR5RGHV+jj8e23dhBU=; h=From:To:Subject:Date:In-Reply-To:References:From; b=JAGn9jvequsBQajOt8EWt9/pri2sqlPQ2L0iTyrJ6ux3OCwDroLRIeW1Uh9OQGQeT NCqjS+MnoOiWIWjUwVjAIFK0RKBgfg6RyvbVVEZH/twuOlDwqGpnJAIP52hdBJI56G Qo+vguRsbMl/Pve/xkRKMgVBprRFOB2vzslWteExTDQrHCvRPURPNzXYAURn9TJEUy /AskQg4SJyYiXEgPUUfGymdPHP12RySiVmP3GY7aZbVvGK5tinvf2vBlwvwSvnUAul fmVWWkedofANuUXjtRl8bdsEmbJTgQPDSBl9ClMrKk7CURLGp8jnMBOCHz0yptmxHE RfVC4rtckX9Uw== From: "H. Peter Anvin" To: "H. Peter Anvin" , "Jason A. Donenfeld" , "Peter Zijlstra (Intel)" , "Theodore Ts'o" , =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= , Xin Li , Andrew Cooper , Andy Lutomirski , Ard Biesheuvel , Borislav Petkov , Brian Gerst , Dave Hansen , Ingo Molnar , James Morse , Jarkko Sakkinen , Josh Poimboeuf , Kees Cook , Nam Cao , Oleg Nesterov , Perry Yuan , Thomas Gleixner , Thomas Huth , Uros Bizjak , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-sgx@vger.kernel.org, x86@kernel.org Subject: [PATCH v4 03/10] x86/entry/vdso: refactor the vdso build Date: Tue, 16 Dec 2025 13:25:57 -0800 Message-ID: <20251216212606.1325678-4-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216212606.1325678-1-hpa@zytor.com> References: <20251216212606.1325678-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" - Separate out the vdso sources into common, vdso32, and vdso64 directories. - Build the 32- and 64-bit vdsos in their respective subdirectories; this greatly simplifies the build flags handling. - Unify the mangling of Makefile flags between the 32- and 64-bit vdso code as much as possible; all common rules are put in arch/x86/entry/vdso/common/Makefile.include. The remaining is very simple for 32 bits; the 64-bit one is only slightly more complicated because it contains the x32 generation rule. - Define __DISABLE_EXPORTS when building the vdso. This need seems to have been masked by different ordering compile flags before. - Change CONFIG_X86_64 to BUILD_VDSO32_64 in vdso32/system_call.S, to make it compatible with including fake_32bit_build.h. - The -fcf-protection=3D option was "leaking" from the kernel build, for reasons that was not clear to me. Futhermore, several distributions ship with it set to a default value other than "-fcf-protection=3Dnone". Make it match the configuration options for *user space*. Note that this patch may seem large, but the vast majority of it is simply code movement. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/entry/vdso/Makefile | 161 +----------------- arch/x86/entry/vdso/common/Makefile.include | 89 ++++++++++ .../entry/vdso/{vdso-note.S =3D> common/note.S} | 5 +- .../entry/vdso/{ =3D> common}/vclock_gettime.c | 0 .../entry/vdso/{ =3D> common}/vdso-layout.lds.S | 0 arch/x86/entry/vdso/{ =3D> common}/vgetcpu.c | 0 arch/x86/entry/vdso/vdso32/Makefile | 24 +++ arch/x86/entry/vdso/vdso32/note.S | 19 +-- arch/x86/entry/vdso/vdso32/system_call.S | 2 +- arch/x86/entry/vdso/vdso32/vclock_gettime.c | 5 +- arch/x86/entry/vdso/vdso32/vdso32.lds.S | 2 +- arch/x86/entry/vdso/vdso32/vgetcpu.c | 4 +- arch/x86/entry/vdso/vdso64/Makefile | 46 +++++ arch/x86/entry/vdso/vdso64/note.S | 1 + arch/x86/entry/vdso/vdso64/vclock_gettime.c | 1 + .../vdso/{vdso.lds.S =3D> vdso64/vdso64.lds.S} | 2 +- .../x86/entry/vdso/{ =3D> vdso64}/vdsox32.lds.S | 2 +- arch/x86/entry/vdso/vdso64/vgetcpu.c | 1 + .../vdso/{ =3D> vdso64}/vgetrandom-chacha.S | 0 arch/x86/entry/vdso/{ =3D> vdso64}/vgetrandom.c | 2 +- arch/x86/entry/vdso/{ =3D> vdso64}/vsgx.S | 0 21 files changed, 180 insertions(+), 186 deletions(-) create mode 100644 arch/x86/entry/vdso/common/Makefile.include rename arch/x86/entry/vdso/{vdso-note.S =3D> common/note.S} (62%) rename arch/x86/entry/vdso/{ =3D> common}/vclock_gettime.c (100%) rename arch/x86/entry/vdso/{ =3D> common}/vdso-layout.lds.S (100%) rename arch/x86/entry/vdso/{ =3D> common}/vgetcpu.c (100%) create mode 100644 arch/x86/entry/vdso/vdso32/Makefile create mode 100644 arch/x86/entry/vdso/vdso64/Makefile create mode 100644 arch/x86/entry/vdso/vdso64/note.S create mode 100644 arch/x86/entry/vdso/vdso64/vclock_gettime.c rename arch/x86/entry/vdso/{vdso.lds.S =3D> vdso64/vdso64.lds.S} (94%) rename arch/x86/entry/vdso/{ =3D> vdso64}/vdsox32.lds.S (92%) create mode 100644 arch/x86/entry/vdso/vdso64/vgetcpu.c rename arch/x86/entry/vdso/{ =3D> vdso64}/vgetrandom-chacha.S (100%) rename arch/x86/entry/vdso/{ =3D> vdso64}/vgetrandom.c (91%) rename arch/x86/entry/vdso/{ =3D> vdso64}/vsgx.S (100%) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 3d9b09f00c70..987b43fd4cd3 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -3,159 +3,10 @@ # Building vDSO images for x86. # =20 -# Include the generic Makefile to check the built vDSO: -include $(srctree)/lib/vdso/Makefile.include +# Regular kernel objects +obj-y :=3D vma.o extable.o +obj-$(CONFIG_COMPAT_32) +=3D vdso32-setup.o =20 -# Files to link into the vDSO: -vobjs-y :=3D vdso-note.o vclock_gettime.o vgetcpu.o vgetrandom.o vgetrando= m-chacha.o -vobjs32-y :=3D vdso32/note.o vdso32/system_call.o vdso32/sigreturn.o -vobjs32-y +=3D vdso32/vclock_gettime.o vdso32/vgetcpu.o -vobjs-$(CONFIG_X86_SGX) +=3D vsgx.o - -# Files to link into the kernel: -obj-y +=3D vma.o extable.o - -# vDSO images to build: -obj-$(CONFIG_X86_64) +=3D vdso64-image.o -obj-$(CONFIG_X86_X32_ABI) +=3D vdsox32-image.o -obj-$(CONFIG_COMPAT_32) +=3D vdso32-image.o vdso32-setup.o - -vobjs :=3D $(addprefix $(obj)/, $(vobjs-y)) -vobjs32 :=3D $(addprefix $(obj)/, $(vobjs32-y)) - -$(obj)/vdso.o: $(obj)/vdso.so - -targets +=3D vdso.lds $(vobjs-y) -targets +=3D vdso32/vdso32.lds $(vobjs32-y) - -targets +=3D $(foreach x, 64 x32 32, vdso-image-$(x).c vdso$(x).so vdso$(x= ).so.dbg) - -CPPFLAGS_vdso.lds +=3D -P -C - -VDSO_LDFLAGS_vdso.lds =3D -m elf_x86_64 -soname linux-vdso.so.1 \ - -z max-page-size=3D4096 - -$(obj)/vdso64.so.dbg: $(obj)/vdso.lds $(vobjs) FORCE - $(call if_changed,vdso_and_check) - -VDSO2C =3D $(objtree)/arch/x86/tools/vdso2c - -quiet_cmd_vdso2c =3D VDSO2C $@ - cmd_vdso2c =3D $(VDSO2C) $< $(<:%.dbg=3D%) $@ - -$(obj)/vdso%-image.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(VDSO2C) FORCE - $(call if_changed,vdso2c) - -# -# Don't omit frame pointers for ease of userspace debugging, but do -# optimize sibling calls. -# -CFL :=3D $(PROFILING) -mcmodel=3Dsmall -fPIC -O2 -fasynchronous-unwind-tab= les -m64 \ - $(filter -g%,$(KBUILD_CFLAGS)) -fno-stack-protector \ - -fno-omit-frame-pointer -foptimize-sibling-calls \ - -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO - -ifdef CONFIG_MITIGATION_RETPOLINE -ifneq ($(RETPOLINE_VDSO_CFLAGS),) - CFL +=3D $(RETPOLINE_VDSO_CFLAGS) -endif -endif - -$(vobjs): KBUILD_CFLAGS :=3D $(filter-out $(PADDING_CFLAGS) $(CC_FLAGS_LTO= ) $(CC_FLAGS_CFI) $(RANDSTRUCT_CFLAGS) $(KSTACK_ERASE_CFLAGS) $(GCC_PLUGINS= _CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) -$(vobjs): KBUILD_AFLAGS +=3D -DBUILD_VDSO - -# -# vDSO code runs in userspace and -pg doesn't help with profiling anyway. -# -CFLAGS_REMOVE_vclock_gettime.o =3D -pg -CFLAGS_REMOVE_vdso32/vclock_gettime.o =3D -pg -CFLAGS_REMOVE_vgetcpu.o =3D -pg -CFLAGS_REMOVE_vdso32/vgetcpu.o =3D -pg -CFLAGS_REMOVE_vsgx.o =3D -pg -CFLAGS_REMOVE_vgetrandom.o =3D -pg - -# -# X32 processes use x32 vDSO to access 64bit kernel data. -# -# Build x32 vDSO image: -# 1. Compile x32 vDSO as 64bit. -# 2. Convert object files to x32. -# 3. Build x32 VDSO image with x32 objects, which contains 64bit codes -# so that it can reach 64bit address space with 64bit pointers. -# - -CPPFLAGS_vdsox32.lds =3D $(CPPFLAGS_vdso.lds) -VDSO_LDFLAGS_vdsox32.lds =3D -m elf32_x86_64 -soname linux-vdso.so.1 \ - -z max-page-size=3D4096 - -# x32-rebranded versions -vobjx32s-y :=3D $(vobjs-y:.o=3D-x32.o) - -# same thing, but in the output directory -vobjx32s :=3D $(addprefix $(obj)/, $(vobjx32s-y)) - -# Convert 64bit object file to x32 for x32 vDSO. -quiet_cmd_x32 =3D X32 $@ - cmd_x32 =3D $(OBJCOPY) -O elf32-x86-64 $< $@ - -$(obj)/%-x32.o: $(obj)/%.o FORCE - $(call if_changed,x32) - -targets +=3D vdsox32.lds $(vobjx32s-y) - -$(obj)/%.so: OBJCOPYFLAGS :=3D -S --remove-section __ex_table -$(obj)/%.so: $(obj)/%.so.dbg FORCE - $(call if_changed,objcopy) - -$(obj)/vdsox32.so.dbg: $(obj)/vdsox32.lds $(vobjx32s) FORCE - $(call if_changed,vdso_and_check) - -CPPFLAGS_vdso32/vdso32.lds =3D $(CPPFLAGS_vdso.lds) -VDSO_LDFLAGS_vdso32.lds =3D -m elf_i386 -soname linux-gate.so.1 - -KBUILD_AFLAGS_32 :=3D $(filter-out -m64,$(KBUILD_AFLAGS)) -DBUILD_VDSO -$(obj)/vdso32.so.dbg: KBUILD_AFLAGS =3D $(KBUILD_AFLAGS_32) -$(obj)/vdso32.so.dbg: asflags-$(CONFIG_X86_64) +=3D -m32 - -KBUILD_CFLAGS_32 :=3D $(filter-out -m64,$(KBUILD_CFLAGS)) -KBUILD_CFLAGS_32 :=3D $(filter-out -mcmodel=3Dkernel,$(KBUILD_CFLAGS_32)) -KBUILD_CFLAGS_32 :=3D $(filter-out -fno-pic,$(KBUILD_CFLAGS_32)) -KBUILD_CFLAGS_32 :=3D $(filter-out -mfentry,$(KBUILD_CFLAGS_32)) -KBUILD_CFLAGS_32 :=3D $(filter-out $(RANDSTRUCT_CFLAGS),$(KBUILD_CFLAGS_32= )) -KBUILD_CFLAGS_32 :=3D $(filter-out $(KSTACK_ERASE_CFLAGS),$(KBUILD_CFLAGS_= 32)) -KBUILD_CFLAGS_32 :=3D $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_3= 2)) -KBUILD_CFLAGS_32 :=3D $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32)) -KBUILD_CFLAGS_32 :=3D $(filter-out $(CC_FLAGS_LTO),$(KBUILD_CFLAGS_32)) -KBUILD_CFLAGS_32 :=3D $(filter-out $(CC_FLAGS_CFI),$(KBUILD_CFLAGS_32)) -KBUILD_CFLAGS_32 :=3D $(filter-out $(PADDING_CFLAGS),$(KBUILD_CFLAGS_32)) -KBUILD_CFLAGS_32 +=3D -m32 -msoft-float -mregparm=3D0 -fpic -KBUILD_CFLAGS_32 +=3D -fno-stack-protector -KBUILD_CFLAGS_32 +=3D $(call cc-option, -foptimize-sibling-calls) -KBUILD_CFLAGS_32 +=3D -fno-omit-frame-pointer -KBUILD_CFLAGS_32 +=3D -DDISABLE_BRANCH_PROFILING -KBUILD_CFLAGS_32 +=3D -DBUILD_VDSO - -ifdef CONFIG_MITIGATION_RETPOLINE -ifneq ($(RETPOLINE_VDSO_CFLAGS),) - KBUILD_CFLAGS_32 +=3D $(RETPOLINE_VDSO_CFLAGS) -endif -endif - -$(obj)/vdso32.so.dbg: KBUILD_CFLAGS =3D $(KBUILD_CFLAGS_32) - -$(obj)/vdso32.so.dbg: $(obj)/vdso32/vdso32.lds $(vobjs32) FORCE - $(call if_changed,vdso_and_check) - -# -# The DSO images are built using a special linker script. -# -quiet_cmd_vdso =3D VDSO $@ - cmd_vdso =3D $(LD) -o $@ \ - $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \ - -T $(filter %.lds,$^) $(filter %.o,$^) - -VDSO_LDFLAGS =3D -shared --hash-style=3Dboth --build-id=3Dsha1 --no-undefi= ned \ - $(call ld-option, --eh-frame-hdr) -Bsymbolic -z noexecstack - -quiet_cmd_vdso_and_check =3D VDSO $@ - cmd_vdso_and_check =3D $(cmd_vdso); $(cmd_vdso_check) +# vDSO directories +obj-$(CONFIG_X86_64) +=3D vdso64/ +obj-$(CONFIG_COMPAT_32) +=3D vdso32/ diff --git a/arch/x86/entry/vdso/common/Makefile.include b/arch/x86/entry/v= dso/common/Makefile.include new file mode 100644 index 000000000000..3514b4a6869b --- /dev/null +++ b/arch/x86/entry/vdso/common/Makefile.include @@ -0,0 +1,89 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Building vDSO images for x86. +# + +# Include the generic Makefile to check the built vDSO: +include $(srctree)/lib/vdso/Makefile.include + +obj-y +=3D $(foreach x,$(vdsos-y),vdso$(x)-image.o) + +targets +=3D $(foreach x,$(vdsos-y),vdso$(x)-image.c vdso$(x).so vdso$(x)= .so.dbg vdso$(x).lds) +targets +=3D $(vobjs-y) + +# vobjs-y with $(obj)/ prepended +vobjs :=3D $(addprefix $(obj)/,$(vobjs-y)) + +# Options for vdso*.lds +CPPFLAGS_VDSO_LDS :=3D -P -C -I$(src)/.. +$(obj)/%.lds : KBUILD_CPPFLAGS +=3D $(CPPFLAGS_VDSO_LDS) + +# +# Options from KBUILD_[AC]FLAGS that should *NOT* be kept +# +flags-remove-y +=3D \ + -D__KERNEL__ -mcmodel=3Dkernel -mregparm=3D3 \ + -fno-pic -fno-PIC -fno-pie fno-PIE \ + -mfentry -pg \ + $(RANDSTRUCT_CFLAGS) $(GCC_PLUGIN_CFLAGS) $(KSTACK_ERASE_CFLAGS) \ + $(RETPOLINE_CFLAGS) $(CC_FLAGS_LTO) $(CC_FLAGS_CFI) \ + $(PADDING_CFLAGS) + +# +# Don't omit frame pointers for ease of userspace debugging, but do +# optimize sibling calls. +# +flags-y +=3D -D__DISABLE_EXPORTS +flags-y +=3D -DDISABLE_BRANCH_PROFILING +flags-y +=3D -DBUILD_VDSO +flags-y +=3D -I$(src)/.. -I$(srctree) +flags-y +=3D -O2 -fpic +flags-y +=3D -fno-stack-protector +flags-y +=3D -fno-omit-frame-pointer +flags-y +=3D -foptimize-sibling-calls +flags-y +=3D -fasynchronous-unwind-tables + +# Reset cf protections enabled by compiler default +flags-y +=3D $(call cc-option, -fcf-protection=3Dnone) +flags-$(X86_USER_SHADOW_STACK) +=3D $(call cc-option, -fcf-protection=3Dre= turn) +# When user space IBT is supported, enable this. +# flags-$(CONFIG_USER_IBT) +=3D $(call cc-option, -fcf-protection=3Dbranch) + +flags-$(CONFIG_MITIGATION_RETPOLINE) +=3D $(RETPOLINE_VDSO_CFLAGS) + +# These need to be conditional on $(vobjs) as they do not apply to +# the output vdso*-image.o files which are standard kernel objects. +$(vobjs) : KBUILD_AFLAGS :=3D \ + $(filter-out $(flags-remove-y),$(KBUILD_AFLAGS)) $(flags-y) +$(vobjs) : KBUILD_CFLAGS :=3D \ + $(filter-out $(flags-remove-y),$(KBUILD_CFLAGS)) $(flags-y) + +# +# The VDSO images are built using a special linker script. +# +VDSO_LDFLAGS :=3D -shared --hash-style=3Dboth --build-id=3Dsha1 --no-undef= ined \ + $(call ld-option, --eh-frame-hdr) -Bsymbolic -z noexecstack + +quiet_cmd_vdso =3D VDSO $@ + cmd_vdso =3D $(LD) -o $@ \ + $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$*) \ + -T $(filter %.lds,$^) $(filter %.o,$^) +quiet_cmd_vdso_and_check =3D VDSO $@ + cmd_vdso_and_check =3D $(cmd_vdso); $(cmd_vdso_check) + +$(obj)/vdso%.so.dbg: $(obj)/vdso%.lds FORCE + $(call if_changed,vdso_and_check) + +$(obj)/%.so: OBJCOPYFLAGS :=3D -S --remove-section __ex_table +$(obj)/%.so: $(obj)/%.so.dbg FORCE + $(call if_changed,objcopy) + +VDSO2C =3D $(objtree)/arch/x86/tools/vdso2c + +quiet_cmd_vdso2c =3D VDSO2C $@ + cmd_vdso2c =3D $(VDSO2C) $< $(<:%.dbg=3D%) $@ + +$(obj)/%-image.c: $(obj)/%.so.dbg $(obj)/%.so $(VDSO2C) FORCE + $(call if_changed,vdso2c) + +$(obj)/%-image.o: $(obj)/%-image.c diff --git a/arch/x86/entry/vdso/vdso-note.S b/arch/x86/entry/vdso/common/n= ote.S similarity index 62% rename from arch/x86/entry/vdso/vdso-note.S rename to arch/x86/entry/vdso/common/note.S index 79423170118f..2cbd39939dc6 100644 --- a/arch/x86/entry/vdso/vdso-note.S +++ b/arch/x86/entry/vdso/common/note.S @@ -1,13 +1,16 @@ +/* SPDX-License-Identifier: GPL-2.0 */ /* * This supplies .note.* sections to go into the PT_NOTE inside the vDSO t= ext. * Here we can supply some information useful to userland. */ =20 #include -#include #include #include =20 +/* Ideally this would use UTS_NAME, but using a quoted string here + doesn't work. Remember to change this when changing the + kernel's name. */ ELFNOTE_START(Linux, 0, "a") .long LINUX_VERSION_CODE ELFNOTE_END diff --git a/arch/x86/entry/vdso/vclock_gettime.c b/arch/x86/entry/vdso/com= mon/vclock_gettime.c similarity index 100% rename from arch/x86/entry/vdso/vclock_gettime.c rename to arch/x86/entry/vdso/common/vclock_gettime.c diff --git a/arch/x86/entry/vdso/vdso-layout.lds.S b/arch/x86/entry/vdso/co= mmon/vdso-layout.lds.S similarity index 100% rename from arch/x86/entry/vdso/vdso-layout.lds.S rename to arch/x86/entry/vdso/common/vdso-layout.lds.S diff --git a/arch/x86/entry/vdso/vgetcpu.c b/arch/x86/entry/vdso/common/vge= tcpu.c similarity index 100% rename from arch/x86/entry/vdso/vgetcpu.c rename to arch/x86/entry/vdso/common/vgetcpu.c diff --git a/arch/x86/entry/vdso/vdso32/Makefile b/arch/x86/entry/vdso/vdso= 32/Makefile new file mode 100644 index 000000000000..add6afb484ba --- /dev/null +++ b/arch/x86/entry/vdso/vdso32/Makefile @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# 32-bit vDSO images for x86. +# + +# The vDSOs built in this directory +vdsos-y :=3D 32 + +# Files to link into the vDSO: +vobjs-y :=3D note.o vclock_gettime.o vgetcpu.o +vobjs-y +=3D system_call.o sigreturn.o + +# Compilation flags +flags-y :=3D -DBUILD_VDSO32 -m32 -mregparm=3D0 +flags-$(CONFIG_X86_64) +=3D -include $(src)/fake_32bit_build.h +flags-remove-y :=3D -m64 + +# The location of this include matters! +include $(src)/../common/Makefile.include + +# Linker options for the vdso +VDSO_LDFLAGS_32 :=3D -m elf_i386 -soname linux-gate.so.1 + +$(obj)/vdso32.so.dbg: $(vobjs) diff --git a/arch/x86/entry/vdso/vdso32/note.S b/arch/x86/entry/vdso/vdso32= /note.S index 2cbd39939dc6..62d8aa51ce99 100644 --- a/arch/x86/entry/vdso/vdso32/note.S +++ b/arch/x86/entry/vdso/vdso32/note.S @@ -1,18 +1 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -/* - * This supplies .note.* sections to go into the PT_NOTE inside the vDSO t= ext. - * Here we can supply some information useful to userland. - */ - -#include -#include -#include - -/* Ideally this would use UTS_NAME, but using a quoted string here - doesn't work. Remember to change this when changing the - kernel's name. */ -ELFNOTE_START(Linux, 0, "a") - .long LINUX_VERSION_CODE -ELFNOTE_END - -BUILD_SALT +#include "common/note.S" diff --git a/arch/x86/entry/vdso/vdso32/system_call.S b/arch/x86/entry/vdso= /vdso32/system_call.S index d33c6513fd2c..2a15634bbe75 100644 --- a/arch/x86/entry/vdso/vdso32/system_call.S +++ b/arch/x86/entry/vdso/vdso32/system_call.S @@ -52,7 +52,7 @@ __kernel_vsyscall: #define SYSENTER_SEQUENCE "movl %esp, %ebp; sysenter" #define SYSCALL_SEQUENCE "movl %ecx, %ebp; syscall" =20 -#ifdef CONFIG_X86_64 +#ifdef BUILD_VDSO32_64 /* If SYSENTER (Intel) or SYSCALL32 (AMD) is available, use it. */ ALTERNATIVE_2 "", SYSENTER_SEQUENCE, X86_FEATURE_SYSENTER32, \ SYSCALL_SEQUENCE, X86_FEATURE_SYSCALL32 diff --git a/arch/x86/entry/vdso/vdso32/vclock_gettime.c b/arch/x86/entry/v= dso/vdso32/vclock_gettime.c index 86981decfea8..1481f0021b9f 100644 --- a/arch/x86/entry/vdso/vdso32/vclock_gettime.c +++ b/arch/x86/entry/vdso/vdso32/vclock_gettime.c @@ -1,4 +1 @@ -// SPDX-License-Identifier: GPL-2.0 -#define BUILD_VDSO32 -#include "fake_32bit_build.h" -#include "../vclock_gettime.c" +#include "common/vclock_gettime.c" diff --git a/arch/x86/entry/vdso/vdso32/vdso32.lds.S b/arch/x86/entry/vdso/= vdso32/vdso32.lds.S index 8a3be07006bb..8a853543fc0d 100644 --- a/arch/x86/entry/vdso/vdso32/vdso32.lds.S +++ b/arch/x86/entry/vdso/vdso32/vdso32.lds.S @@ -11,7 +11,7 @@ =20 #define BUILD_VDSO32 =20 -#include "../vdso-layout.lds.S" +#include "common/vdso-layout.lds.S" =20 /* The ELF entry point can be used to set the AT_SYSINFO value. */ ENTRY(__kernel_vsyscall); diff --git a/arch/x86/entry/vdso/vdso32/vgetcpu.c b/arch/x86/entry/vdso/vds= o32/vgetcpu.c index 3a9791f5e998..00cc8325a020 100644 --- a/arch/x86/entry/vdso/vdso32/vgetcpu.c +++ b/arch/x86/entry/vdso/vdso32/vgetcpu.c @@ -1,3 +1 @@ -// SPDX-License-Identifier: GPL-2.0 -#include "fake_32bit_build.h" -#include "../vgetcpu.c" +#include "common/vgetcpu.c" diff --git a/arch/x86/entry/vdso/vdso64/Makefile b/arch/x86/entry/vdso/vdso= 64/Makefile new file mode 100644 index 000000000000..bfffaf1aeecc --- /dev/null +++ b/arch/x86/entry/vdso/vdso64/Makefile @@ -0,0 +1,46 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# 64-bit vDSO images for x86. +# + +# The vDSOs built in this directory +vdsos-y :=3D 64 +vdsos-$(CONFIG_X86_X32_ABI) +=3D x32 + +# Files to link into the vDSO: +vobjs-y :=3D note.o vclock_gettime.o vgetcpu.o +vobjs-y +=3D vgetrandom.o vgetrandom-chacha.o +vobjs-$(CONFIG_X86_SGX) +=3D vsgx.o + +# Compilation flags +flags-y :=3D -DBUILD_VDSO64 -m64 -mcmodel=3Dsmall + +# The location of this include matters! +include $(src)/../common/Makefile.include + +# +# X32 processes use x32 vDSO to access 64bit kernel data. +# +# Build x32 vDSO image: +# 1. Compile x32 vDSO as 64bit. +# 2. Convert object files to x32. +# 3. Build x32 VDSO image with x32 objects, which contains 64bit codes +# so that it can reach 64bit address space with 64bit pointers. +# + +# Convert 64bit object file to x32 for x32 vDSO. +quiet_cmd_x32 =3D X32 $@ + cmd_x32 =3D $(OBJCOPY) -O elf32-x86-64 $< $@ + +$(obj)/%-x32.o: $(obj)/%.o FORCE + $(call if_changed,x32) + +vobjsx32 =3D $(patsubst %.o,%-x32.o,$(vobjs)) +targets +=3D $(patsubst %.o,%-x32.o,$(vobjs-y)) + +# Linker options for the vdso +VDSO_LDFLAGS_64 :=3D -m elf_x86_64 -soname linux-vdso.so.1 -z max-page-si= ze=3D4096 +VDSO_LDFLAGS_x32 :=3D $(subst elf_x86_64,elf32_x86_64,$(VDSO_LDFLAGS_64)) + +$(obj)/vdso64.so.dbg: $(vobjs) +$(obj)/vdsox32.so.dbg: $(vobjsx32) diff --git a/arch/x86/entry/vdso/vdso64/note.S b/arch/x86/entry/vdso/vdso64= /note.S new file mode 100644 index 000000000000..62d8aa51ce99 --- /dev/null +++ b/arch/x86/entry/vdso/vdso64/note.S @@ -0,0 +1 @@ +#include "common/note.S" diff --git a/arch/x86/entry/vdso/vdso64/vclock_gettime.c b/arch/x86/entry/v= dso/vdso64/vclock_gettime.c new file mode 100644 index 000000000000..1481f0021b9f --- /dev/null +++ b/arch/x86/entry/vdso/vdso64/vclock_gettime.c @@ -0,0 +1 @@ +#include "common/vclock_gettime.c" diff --git a/arch/x86/entry/vdso/vdso.lds.S b/arch/x86/entry/vdso/vdso64/vd= so64.lds.S similarity index 94% rename from arch/x86/entry/vdso/vdso.lds.S rename to arch/x86/entry/vdso/vdso64/vdso64.lds.S index 0bab5f4af6d1..5ce3f2b6373a 100644 --- a/arch/x86/entry/vdso/vdso.lds.S +++ b/arch/x86/entry/vdso/vdso64/vdso64.lds.S @@ -9,7 +9,7 @@ =20 #define BUILD_VDSO64 =20 -#include "vdso-layout.lds.S" +#include "common/vdso-layout.lds.S" =20 /* * This controls what userland symbols we export from the vDSO. diff --git a/arch/x86/entry/vdso/vdsox32.lds.S b/arch/x86/entry/vdso/vdso64= /vdsox32.lds.S similarity index 92% rename from arch/x86/entry/vdso/vdsox32.lds.S rename to arch/x86/entry/vdso/vdso64/vdsox32.lds.S index 16a8050a4fb6..3dbd20c8dacc 100644 --- a/arch/x86/entry/vdso/vdsox32.lds.S +++ b/arch/x86/entry/vdso/vdso64/vdsox32.lds.S @@ -9,7 +9,7 @@ =20 #define BUILD_VDSOX32 =20 -#include "vdso-layout.lds.S" +#include "common/vdso-layout.lds.S" =20 /* * This controls what userland symbols we export from the vDSO. diff --git a/arch/x86/entry/vdso/vdso64/vgetcpu.c b/arch/x86/entry/vdso/vds= o64/vgetcpu.c new file mode 100644 index 000000000000..00cc8325a020 --- /dev/null +++ b/arch/x86/entry/vdso/vdso64/vgetcpu.c @@ -0,0 +1 @@ +#include "common/vgetcpu.c" diff --git a/arch/x86/entry/vdso/vgetrandom-chacha.S b/arch/x86/entry/vdso/= vdso64/vgetrandom-chacha.S similarity index 100% rename from arch/x86/entry/vdso/vgetrandom-chacha.S rename to arch/x86/entry/vdso/vdso64/vgetrandom-chacha.S diff --git a/arch/x86/entry/vdso/vgetrandom.c b/arch/x86/entry/vdso/vdso64/= vgetrandom.c similarity index 91% rename from arch/x86/entry/vdso/vgetrandom.c rename to arch/x86/entry/vdso/vdso64/vgetrandom.c index 430862b8977c..6a95d36b12d9 100644 --- a/arch/x86/entry/vdso/vgetrandom.c +++ b/arch/x86/entry/vdso/vdso64/vgetrandom.c @@ -4,7 +4,7 @@ */ #include =20 -#include "../../../../lib/vdso/getrandom.c" +#include "lib/vdso/getrandom.c" =20 ssize_t __vdso_getrandom(void *buffer, size_t len, unsigned int flags, voi= d *opaque_state, size_t opaque_len) { diff --git a/arch/x86/entry/vdso/vsgx.S b/arch/x86/entry/vdso/vdso64/vsgx.S similarity index 100% rename from arch/x86/entry/vdso/vsgx.S rename to arch/x86/entry/vdso/vdso64/vsgx.S --=20 2.52.0 From nobody Thu Dec 18 23:26:03 2025 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CCD09313E3B; Tue, 16 Dec 2025 21:27:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920429; cv=none; b=X9An+jAqlT+FIXLVg5ZM5yfZpTf1a/Xijnrj+C6rZdu9TvZ1VQB3k1PhJOS7jfIj/oBDRkuPfIEqyOAN/8YWHlIh6WuxdaawtXiKGboseEmUFvXeX3ZJ5V6SadwHXjFVZQsnO8FjeHoDXNFj5uoIyT+hRnnGuDoOskdA9arrU5o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920429; c=relaxed/simple; bh=N1Z8+wkQNe1RsROgSoYg6HFodjmTZzIHEzxBe/9ZWhQ=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fwqqfXGiFX9roLFrpzwhlW9cvcaKv7jtWDLCkPzr5WwcJ5kpr4wVWWr4hkQuykSykz5AiqLIzkto94qKLZwSfbXyYsXWRQkHjf8AE+v0vEgzRYBIeC2UmaAAIFKo8pxGNaeybo1ffJez3/aV31USMNNYzOGnmTtB2eiraMr3pVE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=mTWPV4T3; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="mTWPV4T3" Received: from mail.zytor.com (c-76-133-66-138.hsd1.ca.comcast.net [76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 5BGLQC232563820 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 16 Dec 2025 13:26:21 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 5BGLQC232563820 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025112201; t=1765920382; bh=VVho2iKTMWzAOd/OWaBSJbTv3DT5W1zC1/L1M7eea/8=; h=From:To:Subject:Date:In-Reply-To:References:From; b=mTWPV4T32LsdgIUAUxulKyJglC0lEQQXWDC418iZYLOqAvtuXY6ej0zpaZWqkTR2g D/OnQat9s8GAKwoNr2iJvBGFXzev6L1K5B53TkCBa9p3LoIQxqQycnI7jsjfHZFzHL m/j1YMTmAlI2wl/9EuM3it0PXKftu3FveJUuhKuguhWu/zDlFBSrvC2r5aNCR77eTN P4SfbARzVQVSPMKHLWaT8oTc/sWqxaxQLyHdAtiVjgq0hW6ZXgiI7lCROF5b31Q/b4 H7BHHvSAcKo35c1tLY8vqdxuRhqHCZgFQcf6lAQJzRkDgEnTf/7IKK9Jdk4x6lkcD6 TKADZ/12Kud+g== From: "H. Peter Anvin" To: "H. Peter Anvin" , "Jason A. Donenfeld" , "Peter Zijlstra (Intel)" , "Theodore Ts'o" , =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= , Xin Li , Andrew Cooper , Andy Lutomirski , Ard Biesheuvel , Borislav Petkov , Brian Gerst , Dave Hansen , Ingo Molnar , James Morse , Jarkko Sakkinen , Josh Poimboeuf , Kees Cook , Nam Cao , Oleg Nesterov , Perry Yuan , Thomas Gleixner , Thomas Huth , Uros Bizjak , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-sgx@vger.kernel.org, x86@kernel.org Subject: [PATCH v4 04/10] x86/entry/vdso32: don't rely on int80_landing_pad for adjusting ip Date: Tue, 16 Dec 2025 13:25:58 -0800 Message-ID: <20251216212606.1325678-5-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216212606.1325678-1-hpa@zytor.com> References: <20251216212606.1325678-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" There is no fundamental reason to use the int80_landing_pad symbol to adjust ip when moving the vdso. If ip falls within the vdso, and the vdso is moved, we should change the ip accordingly, regardless of mode or location within the vdso. This *currently* can only happen on 32 bits, but there isn't any reason not to do so generically. Note that if this is ever possible from a vdso-internal call, then the user space stack will also needed to be adjusted (as well as the shadow stack, if enabled.) Fortunately this is not currently the case. At the moment, we don't even consider other threads when moving the vdso. The assumption is that it is only used by process freeze/thaw for migration, where this is not an issue. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/entry/vdso/vma.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c index 8f98c2d7c7a9..e7fd7517370f 100644 --- a/arch/x86/entry/vdso/vma.c +++ b/arch/x86/entry/vdso/vma.c @@ -65,16 +65,12 @@ static vm_fault_t vdso_fault(const struct vm_special_ma= pping *sm, static void vdso_fix_landing(const struct vdso_image *image, struct vm_area_struct *new_vma) { - if (in_ia32_syscall() && image =3D=3D &vdso32_image) { - struct pt_regs *regs =3D current_pt_regs(); - unsigned long vdso_land =3D image->sym_int80_landing_pad; - unsigned long old_land_addr =3D vdso_land + - (unsigned long)current->mm->context.vdso; - - /* Fixing userspace landing - look at do_fast_syscall_32 */ - if (regs->ip =3D=3D old_land_addr) - regs->ip =3D new_vma->vm_start + vdso_land; - } + struct pt_regs *regs =3D current_pt_regs(); + unsigned long ipoffset =3D regs->ip - + (unsigned long)current->mm->context.vdso; + + if (ipoffset < image->size) + regs->ip =3D new_vma->vm_start + ipoffset; } =20 static int vdso_mremap(const struct vm_special_mapping *sm, --=20 2.52.0 From nobody Thu Dec 18 23:26:03 2025 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD2EC286425; Tue, 16 Dec 2025 21:27:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920428; cv=none; b=UptSu3b783iMRIAv/0a5MT1r622C9C6j1mPxtdqzh8jQnjcgCxD6fwRTM9rdRFN7JSU+SxZzQlRWdzuLlMzeq50ZXDRXr/Qa07onSZUUgNI/mB3IxT0ybaTSc2Tp6rmsInV2FgIyJ0DAdOdMUP99AvURB/b+1w3R7DlUwo+7j98= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920428; c=relaxed/simple; bh=wB8EFBJw6WQTnv4e1fFlQlrfpC3o4jLaZ5FPmcDqoKk=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RKcpaRfmnpwNnLgTTnMZXAosysFaBDiCrZI3jVraZgnD2eE/nbd3WE7AyGDb0hOSd8UztZUtXPGl69aTMQnVd8RywbJQ9s9bBRzp90vpEuy7hW+82CKE7LsXlvi4/heFO+V4Avero2ef8zBhyOsePkeA+gx/FoJGrfVWjGWsTgk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=XzOLOxrp; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="XzOLOxrp" Received: from mail.zytor.com (c-76-133-66-138.hsd1.ca.comcast.net [76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 5BGLQC242563820 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 16 Dec 2025 13:26:22 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 5BGLQC242563820 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025112201; t=1765920384; bh=qflYDEYSfpEA8CgU+zw+8+XYOHYFRgGv++82XjVNC1o=; h=From:To:Subject:Date:In-Reply-To:References:From; b=XzOLOxrpdf40oquT64n+xO1zoW9HFk/YtJNWiV+60eMixlN2qmphpmp5QVfhL/nYA DqmL77T2IRZd2PDBgUmkUXw9Bouu+xqrhBJy7SDQKGPJwrME2yJ+EboA9ZGsytqqjG wq3/JCad6gGt8h1JzYcQxNBiUuovPKUctE/vZ0rDK6OfRDIIiv0imYf/5m7E1J5rWF COrHo3gQeDcHw4bMaF59odhQm604OYkNZ3JG5przpWGXs/FPgiwLzx3z69cB9VJTJT LI2TAR1Rq8FYdt9TZvnM6Id40wTN+l1TD+sifWO6JTqZfJBvaDmYGujXC0nFZVnZ82 FGgsLycI8fMiA== From: "H. Peter Anvin" To: "H. Peter Anvin" , "Jason A. Donenfeld" , "Peter Zijlstra (Intel)" , "Theodore Ts'o" , =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= , Xin Li , Andrew Cooper , Andy Lutomirski , Ard Biesheuvel , Borislav Petkov , Brian Gerst , Dave Hansen , Ingo Molnar , James Morse , Jarkko Sakkinen , Josh Poimboeuf , Kees Cook , Nam Cao , Oleg Nesterov , Perry Yuan , Thomas Gleixner , Thomas Huth , Uros Bizjak , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-sgx@vger.kernel.org, x86@kernel.org Subject: [PATCH v4 05/10] x86/entry/vdso32: remove SYSCALL_ENTER_KERNEL macro in sigreturn.S Date: Tue, 16 Dec 2025 13:25:59 -0800 Message-ID: <20251216212606.1325678-6-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216212606.1325678-1-hpa@zytor.com> References: <20251216212606.1325678-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" A macro SYSCALL_ENTER_KERNEL was defined in sigreturn.S, with the ability of overriding it. The override capability, however, is not used anywhere, and the macro name is potentially confusing because it seems to imply that sysenter/syscall could be used here, which is NOT true: the sigreturn system calls MUST use int $0x80. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/entry/vdso/vdso32/sigreturn.S | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/arch/x86/entry/vdso/vdso32/sigreturn.S b/arch/x86/entry/vdso/v= dso32/sigreturn.S index 1bd068f72d4c..965900c6763b 100644 --- a/arch/x86/entry/vdso/vdso32/sigreturn.S +++ b/arch/x86/entry/vdso/vdso32/sigreturn.S @@ -3,10 +3,6 @@ #include #include =20 -#ifndef SYSCALL_ENTER_KERNEL -#define SYSCALL_ENTER_KERNEL int $0x80 -#endif - .text .globl __kernel_sigreturn .type __kernel_sigreturn,@function @@ -16,7 +12,7 @@ __kernel_sigreturn: .LSTART_sigreturn: popl %eax /* XXX does this mean it needs unwind info? */ movl $__NR_sigreturn, %eax - SYSCALL_ENTER_KERNEL + int $0x80 .LEND_sigreturn: SYM_INNER_LABEL(vdso32_sigreturn_landing_pad, SYM_L_GLOBAL) nop @@ -28,7 +24,7 @@ SYM_INNER_LABEL(vdso32_sigreturn_landing_pad, SYM_L_GLOBA= L) __kernel_rt_sigreturn: .LSTART_rt_sigreturn: movl $__NR_rt_sigreturn, %eax - SYSCALL_ENTER_KERNEL + int $0x80 .LEND_rt_sigreturn: SYM_INNER_LABEL(vdso32_rt_sigreturn_landing_pad, SYM_L_GLOBAL) nop --=20 2.52.0 From nobody Thu Dec 18 23:26:03 2025 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 10DE82236FC; Tue, 16 Dec 2025 21:27:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920427; cv=none; b=XOVM9t2F03sys1Rva4XxeTQKVCL92IQUl4PcRLX30yBx41Hn9KhDnE1YZQcxbQ8YThUdOnGRlb/r4zhVW33Ivce6lWN8KgISbMDJATvkVIH6uJk8mUv03kbC8CE+h6uTi0sWftNYQ8E2Pu2a2Mj8YVeTAxKK+tXt5KObPELAe9I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920427; c=relaxed/simple; bh=e61CjiloAEF53HNJeu38OM+b8salyn4STPnFAJYPtZQ=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hp9UT0iTCPw+YDlTYaqI2fv4Pkq1fYtGCV5LynwL/ypLk0md+7YCqkji1lgGrI7n59QC45ICERGLPLTha2axFKR5grFjVGptWG6GVKINCbIxlcx0EC1jZeNFtEqjbrs3Fe1Q5oB6CiBz8SsUaYwPH3caBBXlt3C0ETN9wDmKUpo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=aIOynUn0; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="aIOynUn0" Received: from mail.zytor.com (c-76-133-66-138.hsd1.ca.comcast.net [76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 5BGLQC252563820 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 16 Dec 2025 13:26:24 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 5BGLQC252563820 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025112201; t=1765920386; bh=wIICqKngmY3M/xEXouuddTda7wdwqxugttI9lzZICi0=; h=From:To:Subject:Date:In-Reply-To:References:From; b=aIOynUn0ccNgU54mQ1f8G0xOW19byGDvnoE8VjzcdE7kl9FCQz/tBCu3cWCbfrTMe qyBQa3vrQgXoiidKLH3XX1unfbs2xtMsGB1G/T6Xk4Z9WojYukxxwjfcBvwJ5pLHQx thyoK9KB1XTBMpwdM6E8WNwr46yfEbVIL4ktPJjW8WBqUiBOqGUNwyJ0VEmiq8Nnw3 sm06wd+21ipQs/dBxtgzrHEKp6u57CuCrd2Lz3S4lH8C1mCbZalJCW8coxKQgDBj2t 7pO/4YcWtPNutRaS/V++Ly8F9b0t7BtubaP3W//Ov2e7mM35sjn70xa4FxYx1pNLWI me4yo2uF9gM7g== From: "H. Peter Anvin" To: "H. Peter Anvin" , "Jason A. Donenfeld" , "Peter Zijlstra (Intel)" , "Theodore Ts'o" , =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= , Xin Li , Andrew Cooper , Andy Lutomirski , Ard Biesheuvel , Borislav Petkov , Brian Gerst , Dave Hansen , Ingo Molnar , James Morse , Jarkko Sakkinen , Josh Poimboeuf , Kees Cook , Nam Cao , Oleg Nesterov , Perry Yuan , Thomas Gleixner , Thomas Huth , Uros Bizjak , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-sgx@vger.kernel.org, x86@kernel.org Subject: [PATCH v4 06/10] x86/entry/vdso32: remove open-coded DWARF in sigreturn.S Date: Tue, 16 Dec 2025 13:26:00 -0800 Message-ID: <20251216212606.1325678-7-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216212606.1325678-1-hpa@zytor.com> References: <20251216212606.1325678-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The vdso32 sigreturn.S contains open-coded DWARF bytecode, which includes a hack for gdb to not try to step back to a previous call instruction when backtracing from a signal handler. Neither of those are necessary anymore: the backtracing issue is handled by ".cfi_entry simple" and ".cfi_signal_frame", both of which have been supported for a very long time now, which allows the remaining frame to be built using regular .cfi annotations. Add a few more register offsets to the signal frame just for good measure. Replace the nop on fallthrough of the system call (which should never, ever happen) with a ud2a trap. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/entry/vdso/vdso32/sigreturn.S | 146 ++++++------------------- arch/x86/include/asm/dwarf2.h | 1 + arch/x86/kernel/asm-offsets.c | 6 + 3 files changed, 39 insertions(+), 114 deletions(-) diff --git a/arch/x86/entry/vdso/vdso32/sigreturn.S b/arch/x86/entry/vdso/v= dso32/sigreturn.S index 965900c6763b..25b0ac4b4bfe 100644 --- a/arch/x86/entry/vdso/vdso32/sigreturn.S +++ b/arch/x86/entry/vdso/vdso32/sigreturn.S @@ -1,136 +1,54 @@ /* SPDX-License-Identifier: GPL-2.0 */ #include #include +#include #include =20 +.macro STARTPROC_SIGNAL_FRAME sc + CFI_STARTPROC simple + CFI_SIGNAL_FRAME + /* -4 as pretcode has already been popped */ + CFI_DEF_CFA esp, \sc - 4 + CFI_OFFSET eip, IA32_SIGCONTEXT_ip + CFI_OFFSET eax, IA32_SIGCONTEXT_ax + CFI_OFFSET ebx, IA32_SIGCONTEXT_bx + CFI_OFFSET ecx, IA32_SIGCONTEXT_cx + CFI_OFFSET edx, IA32_SIGCONTEXT_dx + CFI_OFFSET esp, IA32_SIGCONTEXT_sp + CFI_OFFSET ebp, IA32_SIGCONTEXT_bp + CFI_OFFSET esi, IA32_SIGCONTEXT_si + CFI_OFFSET edi, IA32_SIGCONTEXT_di + CFI_OFFSET es, IA32_SIGCONTEXT_es + CFI_OFFSET cs, IA32_SIGCONTEXT_cs + CFI_OFFSET ss, IA32_SIGCONTEXT_ss + CFI_OFFSET ds, IA32_SIGCONTEXT_ds + CFI_OFFSET eflags, IA32_SIGCONTEXT_flags +.endm + .text .globl __kernel_sigreturn .type __kernel_sigreturn,@function - nop /* this guy is needed for .LSTARTFDEDLSI1 below (watch for HACK) */ ALIGN __kernel_sigreturn: -.LSTART_sigreturn: - popl %eax /* XXX does this mean it needs unwind info? */ + STARTPROC_SIGNAL_FRAME IA32_SIGFRAME_sigcontext + popl %eax + CFI_ADJUST_CFA_OFFSET -4 movl $__NR_sigreturn, %eax int $0x80 -.LEND_sigreturn: SYM_INNER_LABEL(vdso32_sigreturn_landing_pad, SYM_L_GLOBAL) - nop - .size __kernel_sigreturn,.-.LSTART_sigreturn + ud2a + CFI_ENDPROC + .size __kernel_sigreturn,.-__kernel_sigreturn =20 .globl __kernel_rt_sigreturn .type __kernel_rt_sigreturn,@function ALIGN __kernel_rt_sigreturn: -.LSTART_rt_sigreturn: + STARTPROC_SIGNAL_FRAME IA32_RT_SIGFRAME_sigcontext movl $__NR_rt_sigreturn, %eax int $0x80 -.LEND_rt_sigreturn: SYM_INNER_LABEL(vdso32_rt_sigreturn_landing_pad, SYM_L_GLOBAL) - nop - .size __kernel_rt_sigreturn,.-.LSTART_rt_sigreturn - .previous - - .section .eh_frame,"a",@progbits -.LSTARTFRAMEDLSI1: - .long .LENDCIEDLSI1-.LSTARTCIEDLSI1 -.LSTARTCIEDLSI1: - .long 0 /* CIE ID */ - .byte 1 /* Version number */ - .string "zRS" /* NUL-terminated augmentation string */ - .uleb128 1 /* Code alignment factor */ - .sleb128 -4 /* Data alignment factor */ - .byte 8 /* Return address register column */ - .uleb128 1 /* Augmentation value length */ - .byte 0x1b /* DW_EH_PE_pcrel|DW_EH_PE_sdata4. */ - .byte 0 /* DW_CFA_nop */ - .align 4 -.LENDCIEDLSI1: - .long .LENDFDEDLSI1-.LSTARTFDEDLSI1 /* Length FDE */ -.LSTARTFDEDLSI1: - .long .LSTARTFDEDLSI1-.LSTARTFRAMEDLSI1 /* CIE pointer */ - /* HACK: The dwarf2 unwind routines will subtract 1 from the - return address to get an address in the middle of the - presumed call instruction. Since we didn't get here via - a call, we need to include the nop before the real start - to make up for it. */ - .long .LSTART_sigreturn-1-. /* PC-relative start address */ - .long .LEND_sigreturn-.LSTART_sigreturn+1 - .uleb128 0 /* Augmentation */ - /* What follows are the instructions for the table generation. - We record the locations of each register saved. This is - complicated by the fact that the "CFA" is always assumed to - be the value of the stack pointer in the caller. This means - that we must define the CFA of this body of code to be the - saved value of the stack pointer in the sigcontext. Which - also means that there is no fixed relation to the other - saved registers, which means that we must use DW_CFA_expression - to compute their addresses. It also means that when we - adjust the stack with the popl, we have to do it all over again. */ - -#define do_cfa_expr(offset) \ - .byte 0x0f; /* DW_CFA_def_cfa_expression */ \ - .uleb128 1f-0f; /* length */ \ -0: .byte 0x74; /* DW_OP_breg4 */ \ - .sleb128 offset; /* offset */ \ - .byte 0x06; /* DW_OP_deref */ \ -1: - -#define do_expr(regno, offset) \ - .byte 0x10; /* DW_CFA_expression */ \ - .uleb128 regno; /* regno */ \ - .uleb128 1f-0f; /* length */ \ -0: .byte 0x74; /* DW_OP_breg4 */ \ - .sleb128 offset; /* offset */ \ -1: - - do_cfa_expr(IA32_SIGCONTEXT_sp+4) - do_expr(0, IA32_SIGCONTEXT_ax+4) - do_expr(1, IA32_SIGCONTEXT_cx+4) - do_expr(2, IA32_SIGCONTEXT_dx+4) - do_expr(3, IA32_SIGCONTEXT_bx+4) - do_expr(5, IA32_SIGCONTEXT_bp+4) - do_expr(6, IA32_SIGCONTEXT_si+4) - do_expr(7, IA32_SIGCONTEXT_di+4) - do_expr(8, IA32_SIGCONTEXT_ip+4) - - .byte 0x42 /* DW_CFA_advance_loc 2 -- nop; popl eax. */ - - do_cfa_expr(IA32_SIGCONTEXT_sp) - do_expr(0, IA32_SIGCONTEXT_ax) - do_expr(1, IA32_SIGCONTEXT_cx) - do_expr(2, IA32_SIGCONTEXT_dx) - do_expr(3, IA32_SIGCONTEXT_bx) - do_expr(5, IA32_SIGCONTEXT_bp) - do_expr(6, IA32_SIGCONTEXT_si) - do_expr(7, IA32_SIGCONTEXT_di) - do_expr(8, IA32_SIGCONTEXT_ip) - - .align 4 -.LENDFDEDLSI1: - - .long .LENDFDEDLSI2-.LSTARTFDEDLSI2 /* Length FDE */ -.LSTARTFDEDLSI2: - .long .LSTARTFDEDLSI2-.LSTARTFRAMEDLSI1 /* CIE pointer */ - /* HACK: See above wrt unwind library assumptions. */ - .long .LSTART_rt_sigreturn-1-. /* PC-relative start address */ - .long .LEND_rt_sigreturn-.LSTART_rt_sigreturn+1 - .uleb128 0 /* Augmentation */ - /* What follows are the instructions for the table generation. - We record the locations of each register saved. This is - slightly less complicated than the above, since we don't - modify the stack pointer in the process. */ - - do_cfa_expr(IA32_RT_SIGFRAME_sigcontext-4 + IA32_SIGCONTEXT_sp) - do_expr(0, IA32_RT_SIGFRAME_sigcontext-4 + IA32_SIGCONTEXT_ax) - do_expr(1, IA32_RT_SIGFRAME_sigcontext-4 + IA32_SIGCONTEXT_cx) - do_expr(2, IA32_RT_SIGFRAME_sigcontext-4 + IA32_SIGCONTEXT_dx) - do_expr(3, IA32_RT_SIGFRAME_sigcontext-4 + IA32_SIGCONTEXT_bx) - do_expr(5, IA32_RT_SIGFRAME_sigcontext-4 + IA32_SIGCONTEXT_bp) - do_expr(6, IA32_RT_SIGFRAME_sigcontext-4 + IA32_SIGCONTEXT_si) - do_expr(7, IA32_RT_SIGFRAME_sigcontext-4 + IA32_SIGCONTEXT_di) - do_expr(8, IA32_RT_SIGFRAME_sigcontext-4 + IA32_SIGCONTEXT_ip) - - .align 4 -.LENDFDEDLSI2: + ud2a + CFI_ENDPROC + .size __kernel_rt_sigreturn,.-__kernel_rt_sigreturn .previous diff --git a/arch/x86/include/asm/dwarf2.h b/arch/x86/include/asm/dwarf2.h index 302e11b15da8..09c9684d3ad6 100644 --- a/arch/x86/include/asm/dwarf2.h +++ b/arch/x86/include/asm/dwarf2.h @@ -20,6 +20,7 @@ #define CFI_RESTORE_STATE .cfi_restore_state #define CFI_UNDEFINED .cfi_undefined #define CFI_ESCAPE .cfi_escape +#define CFI_SIGNAL_FRAME .cfi_signal_frame =20 #ifndef BUILD_VDSO /* diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c index 25fcde525c68..081816888f7a 100644 --- a/arch/x86/kernel/asm-offsets.c +++ b/arch/x86/kernel/asm-offsets.c @@ -63,8 +63,14 @@ static void __used common(void) OFFSET(IA32_SIGCONTEXT_bp, sigcontext_32, bp); OFFSET(IA32_SIGCONTEXT_sp, sigcontext_32, sp); OFFSET(IA32_SIGCONTEXT_ip, sigcontext_32, ip); + OFFSET(IA32_SIGCONTEXT_es, sigcontext_32, es); + OFFSET(IA32_SIGCONTEXT_cs, sigcontext_32, cs); + OFFSET(IA32_SIGCONTEXT_ss, sigcontext_32, ss); + OFFSET(IA32_SIGCONTEXT_ds, sigcontext_32, ds); + OFFSET(IA32_SIGCONTEXT_flags, sigcontext_32, flags); =20 BLANK(); + OFFSET(IA32_SIGFRAME_sigcontext, sigframe_ia32, sc); OFFSET(IA32_RT_SIGFRAME_sigcontext, rt_sigframe_ia32, uc.uc_mcontext); #endif =20 --=20 2.52.0 From nobody Thu Dec 18 23:26:03 2025 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 10D6B2236E5; Tue, 16 Dec 2025 21:27:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920427; cv=none; b=j6RbQBJPIrlK5FRD/Cmcsb52FUnT4GmbGxpH4FSMWPM8Yb1AnqbtCsEmh+a4+IQHwygJTk3BG1y9ivzKQi3v+IMhKcM1Zqk5USzm1rwsI43PnTFF/V/gXq/SVPUrfdTtQh/MxtsEN6LkRfYKzaqKCPTVpb3bYkoLam/KPMMAcGY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920427; c=relaxed/simple; bh=AkKQ2tZklkT/DL1C8Cmil8i1aOc7CgePsBkRk80OoYs=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EgMQvMWzg/pjT/1QBzSuwicUE05/eHexgeb6bOh3AGqtR5dXCxnFv6UT2LnDdoXssd6/myTjnPz/k/NFs3uYgHjn0/vQQpNsqeBplA1lbNdm4cSYwhR1Fn5ZLFzQJVFvXk4OXV+IF4FFGPFpxx+sMfTrN1Vm+OYQFwUks0ts/rM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=GpfvH0IM; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="GpfvH0IM" Received: from mail.zytor.com (c-76-133-66-138.hsd1.ca.comcast.net [76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 5BGLQC262563820 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 16 Dec 2025 13:26:26 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 5BGLQC262563820 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025112201; t=1765920388; bh=h6JrzHOOAMme4MQvq7kaYnijp0CWQPH74cgg8oIQDMc=; h=From:To:Subject:Date:In-Reply-To:References:From; b=GpfvH0IMUuf7A/nYM5NS7m4EL2/7SY5jNrD8tA5DahEY5Hz4XpXAhQ+yqY2hISAAr E/ONMQNi4KZLmVv3vCkTrnF/cUgwYs3jZW9oAJnhc1uJvusB8sxg0LQSQTdNMnwOMC 0D4RtESUpg9Nk9sKY7NEBMSXt55AldwD8XpqON4hOxyIBPZX1DM3vaFKivszgobsbr V9CaZZ9CKAaHtYC3FxpKG33U33gxYveC04TqFiRk8Wy4ncdaC59Gx8fYrEUBob6fyP N5wj2G/JXAfF9aWElwsPtHx9MFSrZ1pPfyyhCfvRGQ9KBjRfayjbx0aLcPkDzBiO7b JWM7IEqSuotbg== From: "H. Peter Anvin" To: "H. Peter Anvin" , "Jason A. Donenfeld" , "Peter Zijlstra (Intel)" , "Theodore Ts'o" , =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= , Xin Li , Andrew Cooper , Andy Lutomirski , Ard Biesheuvel , Borislav Petkov , Brian Gerst , Dave Hansen , Ingo Molnar , James Morse , Jarkko Sakkinen , Josh Poimboeuf , Kees Cook , Nam Cao , Oleg Nesterov , Perry Yuan , Thomas Gleixner , Thomas Huth , Uros Bizjak , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-sgx@vger.kernel.org, x86@kernel.org Subject: [PATCH v4 07/10] x86/entry/vdso: include GNU_PROPERTY and GNU_STACK PHDRs Date: Tue, 16 Dec 2025 13:26:01 -0800 Message-ID: <20251216212606.1325678-8-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216212606.1325678-1-hpa@zytor.com> References: <20251216212606.1325678-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently the vdso doesn't include .note.gnu.property or a GNU noexec stack annotation (the -z noexecstack in the linker script is ineffective because we specify PHDRs explicitly.) The motivation is that the dynamic linker currently do not check these. However, this is a weak excuse: the vdso*.so are also supposed to be usable at link libraries, and there is no reason why the dynamic linker might not want or need to check these in the future, so add them back in -- it is trivial enough. Use symbolic constants for the PHDR permission flags. [ v4: drop unrelated formatting changes ] Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/entry/vdso/common/vdso-layout.lds.S | 38 ++++++++++++-------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/arch/x86/entry/vdso/common/vdso-layout.lds.S b/arch/x86/entry/= vdso/common/vdso-layout.lds.S index ec1ac191a057..a1e30be3e83d 100644 --- a/arch/x86/entry/vdso/common/vdso-layout.lds.S +++ b/arch/x86/entry/vdso/common/vdso-layout.lds.S @@ -47,18 +47,18 @@ SECTIONS *(.gnu.linkonce.b.*) } :text =20 - /* - * Discard .note.gnu.property sections which are unused and have - * different alignment requirement from vDSO note sections. - */ - /DISCARD/ : { + .note.gnu.property : { *(.note.gnu.property) - } - .note : { *(.note.*) } :text :note - - .eh_frame_hdr : { *(.eh_frame_hdr) } :text :eh_frame_hdr - .eh_frame : { KEEP (*(.eh_frame)) } :text + } :text :note :gnu_property + .note : { + *(.note*) + } :text :note =20 + .eh_frame_hdr : { *(.eh_frame_hdr) } :text :eh_frame_hdr + .eh_frame : { + KEEP (*(.eh_frame)) + *(.eh_frame.*) + } :text =20 /* * Text is well-separated from actual data: there's plenty of @@ -87,15 +87,23 @@ SECTIONS * Very old versions of ld do not recognize this name token; use the const= ant. */ #define PT_GNU_EH_FRAME 0x6474e550 +#define PT_GNU_STACK 0x6474e551 +#define PT_GNU_PROPERTY 0x6474e553 =20 /* * We must supply the ELF program headers explicitly to get just one * PT_LOAD segment, and set the flags explicitly to make segments read-onl= y. - */ +*/ +#define PF_R FLAGS(4) +#define PF_RW FLAGS(6) +#define PF_RX FLAGS(5) + PHDRS { - text PT_LOAD FLAGS(5) FILEHDR PHDRS; /* PF_R|PF_X */ - dynamic PT_DYNAMIC FLAGS(4); /* PF_R */ - note PT_NOTE FLAGS(4); /* PF_R */ - eh_frame_hdr PT_GNU_EH_FRAME; + text PT_LOAD PF_RX FILEHDR PHDRS; + dynamic PT_DYNAMIC PF_R; + note PT_NOTE PF_R; + eh_frame_hdr PT_GNU_EH_FRAME PF_R; + gnu_stack PT_GNU_STACK PF_RW; + gnu_property PT_GNU_PROPERTY PF_R; } --=20 2.52.0 From nobody Thu Dec 18 23:26:03 2025 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD081315D2F; Tue, 16 Dec 2025 21:27:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920430; cv=none; b=qZ7er1Ugt83YQrwfwh+X0UTpnVFfCg7A1cTGWNnIfTCfFYozoI062wua0b+q3/YFv/jo+b+3miu6M/27CKBhNqFrWBM0Wxnginy1Yi6waESlEGy4AxjWSHgKvlYPoRNkDCqDkg/uSypvls/dlFDb36RuzN4KGEeNEq6Y2RzJ2J0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920430; c=relaxed/simple; bh=+P9z8a4+8dMuME6/O/6xZJPOlqA0yDviBucSlS+gt68=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GPnhHtF4HFDiJE5fpSQ6G1kd98O1gU1SsNsFSaIbnWHQSRh0e3hxuP5ky3AvEdO2S11KCkClU8yNG5vSdN7s0NcSi9Z+8Gr8kDFXUqHkDYSeVqtrtwkrtqmBjZ67uJ1iSgNWa67sBZ/xnquL+IW6Au8nH38EtPFnKLaPgm+Z9OI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=m6jZ4on9; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="m6jZ4on9" Received: from mail.zytor.com (c-76-133-66-138.hsd1.ca.comcast.net [76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 5BGLQC272563820 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 16 Dec 2025 13:26:28 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 5BGLQC272563820 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025112201; t=1765920389; bh=78LVi13gVlB9UDQcZ9uC4YepVxV2P7X7WMn5xcDlZ3M=; h=From:To:Subject:Date:In-Reply-To:References:From; b=m6jZ4on9bgCY4hbv+oKFvhkI/cB5MXkvUB/930SdTWnEdvqd3c+6Tgq717pQtL3f8 9GGUe2fdEsGmuhy7+ieJsLfHrKGjPvnxTBsooU6FTl93As2qAoKzvbuvLfCfxE3Qdj Xx8ES7sYLmiiWjsHtf/VtxHSNauKX/L8/tbDBDY1L39d05X8YUugdgFi1IfaOivE5S HCH4BZKlQMiagUCGC6dZWLN1X2KOqq8vqurySJUxfdTTCvTw3AWozHStE43pYpfAO4 EyzJt+9H0QKi6MldJRhDVDQ/mGKzjB7KPd3ZIOA4f47l8rFr52OP739ZNO8jUbRzAA Dpjp6HTaO2XgQ== From: "H. Peter Anvin" To: "H. Peter Anvin" , "Jason A. Donenfeld" , "Peter Zijlstra (Intel)" , "Theodore Ts'o" , =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= , Xin Li , Andrew Cooper , Andy Lutomirski , Ard Biesheuvel , Borislav Petkov , Brian Gerst , Dave Hansen , Ingo Molnar , James Morse , Jarkko Sakkinen , Josh Poimboeuf , Kees Cook , Nam Cao , Oleg Nesterov , Perry Yuan , Thomas Gleixner , Thomas Huth , Uros Bizjak , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-sgx@vger.kernel.org, x86@kernel.org Subject: [PATCH v4 08/10] x86/vdso: abstract out vdso system call internals Date: Tue, 16 Dec 2025 13:26:02 -0800 Message-ID: <20251216212606.1325678-9-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216212606.1325678-1-hpa@zytor.com> References: <20251216212606.1325678-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Abstract out the calling of true system calls from the vdso into macros. It has been a very long time since gcc did not allow %ebx or %ebp in inline asm in 32-bit PIC mode; remove the corresponding hacks. Remove the use of memory output constraints in gettimeofday.h in favor of "memory" clobbers. The resulting code is identical for the current use cases, as the system call is usually a terminal fallback anyway, and it merely complicates the macroization. This patch adds only a handful of more lines of code than it removes, and in fact could be made substantially smaller by removing the macros for the argument counts that aren't currently used, however, it seems better to be general from the start. [ v3: remove stray comment from prototyping; remove VDSO_SYSCALL6() since it would require special handling on 32 bits and is currently unused. (Uros Biszjak) Indent nested preprocessor directives. ] Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/include/asm/vdso/gettimeofday.h | 108 ++--------------------- arch/x86/include/asm/vdso/sys_call.h | 103 +++++++++++++++++++++ 2 files changed, 111 insertions(+), 100 deletions(-) create mode 100644 arch/x86/include/asm/vdso/sys_call.h diff --git a/arch/x86/include/asm/vdso/gettimeofday.h b/arch/x86/include/as= m/vdso/gettimeofday.h index 73b2e7ee8f0f..3cf214cc4a75 100644 --- a/arch/x86/include/asm/vdso/gettimeofday.h +++ b/arch/x86/include/asm/vdso/gettimeofday.h @@ -18,6 +18,7 @@ #include #include #include +#include =20 #define VDSO_HAS_TIME 1 =20 @@ -53,130 +54,37 @@ extern struct ms_hyperv_tsc_page hvclock_page __attribute__((visibility("hidden"))); #endif =20 -#ifndef BUILD_VDSO32 - static __always_inline long clock_gettime_fallback(clockid_t _clkid, struct __kernel_timespec *_t= s) { - long ret; - - asm ("syscall" : "=3Da" (ret), "=3Dm" (*_ts) : - "0" (__NR_clock_gettime), "D" (_clkid), "S" (_ts) : - "rcx", "r11"); - - return ret; + return VDSO_SYSCALL2(clock_gettime,64,_clkid,_ts); } =20 static __always_inline long gettimeofday_fallback(struct __kernel_old_timeval *_tv, struct timezone *_tz) { - long ret; - - asm("syscall" : "=3Da" (ret) : - "0" (__NR_gettimeofday), "D" (_tv), "S" (_tz) : "memory"); - - return ret; + return VDSO_SYSCALL2(gettimeofday,,_tv,_tz); } =20 static __always_inline long clock_getres_fallback(clockid_t _clkid, struct __kernel_timespec *_ts) { - long ret; - - asm ("syscall" : "=3Da" (ret), "=3Dm" (*_ts) : - "0" (__NR_clock_getres), "D" (_clkid), "S" (_ts) : - "rcx", "r11"); - - return ret; + return VDSO_SYSCALL2(clock_getres,_time64,_clkid,_ts); } =20 -#else - -static __always_inline -long clock_gettime_fallback(clockid_t _clkid, struct __kernel_timespec *_t= s) -{ - long ret; - - asm ( - "mov %%ebx, %%edx \n" - "mov %[clock], %%ebx \n" - "call __kernel_vsyscall \n" - "mov %%edx, %%ebx \n" - : "=3Da" (ret), "=3Dm" (*_ts) - : "0" (__NR_clock_gettime64), [clock] "g" (_clkid), "c" (_ts) - : "edx"); - - return ret; -} +#ifndef CONFIG_X86_64 =20 static __always_inline long clock_gettime32_fallback(clockid_t _clkid, struct old_timespec32 *_ts) { - long ret; - - asm ( - "mov %%ebx, %%edx \n" - "mov %[clock], %%ebx \n" - "call __kernel_vsyscall \n" - "mov %%edx, %%ebx \n" - : "=3Da" (ret), "=3Dm" (*_ts) - : "0" (__NR_clock_gettime), [clock] "g" (_clkid), "c" (_ts) - : "edx"); - - return ret; -} - -static __always_inline -long gettimeofday_fallback(struct __kernel_old_timeval *_tv, - struct timezone *_tz) -{ - long ret; - - asm( - "mov %%ebx, %%edx \n" - "mov %2, %%ebx \n" - "call __kernel_vsyscall \n" - "mov %%edx, %%ebx \n" - : "=3Da" (ret) - : "0" (__NR_gettimeofday), "g" (_tv), "c" (_tz) - : "memory", "edx"); - - return ret; + return VDSO_SYSCALL2(clock_gettime,,_clkid,_ts); } =20 static __always_inline long -clock_getres_fallback(clockid_t _clkid, struct __kernel_timespec *_ts) -{ - long ret; - - asm ( - "mov %%ebx, %%edx \n" - "mov %[clock], %%ebx \n" - "call __kernel_vsyscall \n" - "mov %%edx, %%ebx \n" - : "=3Da" (ret), "=3Dm" (*_ts) - : "0" (__NR_clock_getres_time64), [clock] "g" (_clkid), "c" (_ts) - : "edx"); - - return ret; -} - -static __always_inline -long clock_getres32_fallback(clockid_t _clkid, struct old_timespec32 *_ts) +clock_getres32_fallback(clockid_t _clkid, struct old_timespec32 *_ts) { - long ret; - - asm ( - "mov %%ebx, %%edx \n" - "mov %[clock], %%ebx \n" - "call __kernel_vsyscall \n" - "mov %%edx, %%ebx \n" - : "=3Da" (ret), "=3Dm" (*_ts) - : "0" (__NR_clock_getres), [clock] "g" (_clkid), "c" (_ts) - : "edx"); - - return ret; + return VDSO_SYSCALL2(clock_getres,,_clkid,_ts); } =20 #endif diff --git a/arch/x86/include/asm/vdso/sys_call.h b/arch/x86/include/asm/vd= so/sys_call.h new file mode 100644 index 000000000000..dcfd17c6dd57 --- /dev/null +++ b/arch/x86/include/asm/vdso/sys_call.h @@ -0,0 +1,103 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Macros for issuing an inline system call from the vDSO. + */ + +#ifndef X86_ASM_VDSO_SYS_CALL_H +#define X86_ASM_VDSO_SYS_CALL_H + +#include +#include +#include + +#ifdef CONFIG_X86_64 +# define __sys_instr "syscall" +# define __sys_clobber "rcx", "r11", "memory" +# define __sys_nr(x,y) __NR_ ## x +# define __sys_reg1 "rdi" +# define __sys_reg2 "rsi" +# define __sys_reg3 "rdx" +# define __sys_reg4 "r10" +# define __sys_reg5 "r8" +#else +# define __sys_instr "call __kernel_vsyscall" +# define __sys_clobber "memory" +# define __sys_nr(x,y) __NR_ ## x ## y +# define __sys_reg1 "ebx" +# define __sys_reg2 "ecx" +# define __sys_reg3 "edx" +# define __sys_reg4 "esi" +# define __sys_reg5 "edi" +#endif + +/* + * Example usage: + * + * result =3D VDSO_SYSCALL3(foo,64,x,y,z); + * + * ... calls foo(x,y,z) on 64 bits, and foo64(x,y,z) on 32 bits. + * + * VDSO_SYSCALL6() is currently missing, because it would require + * special handling for %ebp on 32 bits when the vdso is compiled with + * frame pointers enabled (the default on 32 bits.) Add it as a special + * case when and if it becomes necessary. + */ +#define _VDSO_SYSCALL(name,suf32,...) \ + ({ \ + long _sys_num_ret =3D __sys_nr(name,suf32); \ + asm_inline volatile( \ + __sys_instr \ + : "+a" (_sys_num_ret) \ + : __VA_ARGS__ \ + : __sys_clobber); \ + _sys_num_ret; \ + }) + +#define VDSO_SYSCALL0(name,suf32) \ + _VDSO_SYSCALL(name,suf32) +#define VDSO_SYSCALL1(name,suf32,a1) \ + ({ \ + register long _sys_arg1 asm(__sys_reg1) =3D (long)(a1); \ + _VDSO_SYSCALL(name,suf32, \ + "r" (_sys_arg1)); \ + }) +#define VDSO_SYSCALL2(name,suf32,a1,a2) \ + ({ \ + register long _sys_arg1 asm(__sys_reg1) =3D (long)(a1); \ + register long _sys_arg2 asm(__sys_reg2) =3D (long)(a2); \ + _VDSO_SYSCALL(name,suf32, \ + "r" (_sys_arg1), "r" (_sys_arg2)); \ + }) +#define VDSO_SYSCALL3(name,suf32,a1,a2,a3) \ + ({ \ + register long _sys_arg1 asm(__sys_reg1) =3D (long)(a1); \ + register long _sys_arg2 asm(__sys_reg2) =3D (long)(a2); \ + register long _sys_arg3 asm(__sys_reg3) =3D (long)(a3); \ + _VDSO_SYSCALL(name,suf32, \ + "r" (_sys_arg1), "r" (_sys_arg2), \ + "r" (_sys_arg3)); \ + }) +#define VDSO_SYSCALL4(name,suf32,a1,a2,a3,a4) \ + ({ \ + register long _sys_arg1 asm(__sys_reg1) =3D (long)(a1); \ + register long _sys_arg2 asm(__sys_reg2) =3D (long)(a2); \ + register long _sys_arg3 asm(__sys_reg3) =3D (long)(a3); \ + register long _sys_arg4 asm(__sys_reg4) =3D (long)(a4); \ + _VDSO_SYSCALL(name,suf32, \ + "r" (_sys_arg1), "r" (_sys_arg2), \ + "r" (_sys_arg3), "r" (_sys_arg4)); \ + }) +#define VDSO_SYSCALL5(name,suf32,a1,a2,a3,a4,a5) \ + ({ \ + register long _sys_arg1 asm(__sys_reg1) =3D (long)(a1); \ + register long _sys_arg2 asm(__sys_reg2) =3D (long)(a2); \ + register long _sys_arg3 asm(__sys_reg3) =3D (long)(a3); \ + register long _sys_arg4 asm(__sys_reg4) =3D (long)(a4); \ + register long _sys_arg5 asm(__sys_reg5) =3D (long)(a5); \ + _VDSO_SYSCALL(name,suf32, \ + "r" (_sys_arg1), "r" (_sys_arg2), \ + "r" (_sys_arg3), "r" (_sys_arg4), \ + "r" (_sys_arg5)); \ + }) + +#endif /* X86_VDSO_SYS_CALL_H */ --=20 2.52.0 From nobody Thu Dec 18 23:26:03 2025 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1B394318149; Tue, 16 Dec 2025 21:27:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920430; cv=none; b=bAWcTKAY+qrBPQ8gcuvrBxS+fupcp8dZRU+f6Jk9HLQri9W+tmEH+f5baqnH8fx1C9VJCtwldwaeVkBL7MXXsOgJACirhILmEwXSnaH+bNg0uWExGOqPVtA/rwtL2sf7OH1VGzrcZvQ5FJnF3aOWGOrYNuQfy15KNXIo1W2XEHg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920430; c=relaxed/simple; bh=5wKIhwGqeQgVmQqB/Ukp3tnIYHAYzZuRhVE7Ujlvjt0=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Fj/CVFc5/LObMkQgkf9KBgY+qlnu8ZDQujzvSP2VLkkPqImeJI53HZtDoNZf1xRwOc+yhIU5c8VoXBoC40QTTU9yiyU6Wq02mnUWnxPhXUtrkKXB4/HqZ3sP81NPIhrxOkIpbjBjTBlF6/NxlzZHRUwkQIEKvg9ujBBfW2B00GQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=xFYk0zw0; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="xFYk0zw0" Received: from mail.zytor.com (c-76-133-66-138.hsd1.ca.comcast.net [76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 5BGLQC282563820 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 16 Dec 2025 13:26:30 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 5BGLQC282563820 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025112201; t=1765920391; bh=XZJ8tAuCLXRb63lalw0MrBdPq41wQB+L/BAms3K0dhs=; h=From:To:Subject:Date:In-Reply-To:References:From; b=xFYk0zw0ABhDZ/+NSSSRU+kjcZ2gGSmq4968oRbotr8DasKHhUx1jM7MT2dk++2M2 7TuCQ31r/TzRz+h4P1lARDpFsex13YxIg9gPMdvDX1VaxrMIYhFhHlKh1dLx5A0Z6m 45lK0+yc2Q+VMkddmfwfx7I1v2s1CXTfCrhHLK/b1JAvJBl9pu2kt5sPC/ALkIjuwi oSwUlJun3dHTyK7ggnDEbCiJEGF5YKia7wuSKeLM+ZchRNfJl3+Nx36eonC18VDuAP hifWqzAc0efJp/pcsceHRx6RNSHB58X6DPaQdhuxP2YXjN7qcSAQy6XPd9HoX4pq93 pqXZG5STlR9Ig== From: "H. Peter Anvin" To: "H. Peter Anvin" , "Jason A. Donenfeld" , "Peter Zijlstra (Intel)" , "Theodore Ts'o" , =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= , Xin Li , Andrew Cooper , Andy Lutomirski , Ard Biesheuvel , Borislav Petkov , Brian Gerst , Dave Hansen , Ingo Molnar , James Morse , Jarkko Sakkinen , Josh Poimboeuf , Kees Cook , Nam Cao , Oleg Nesterov , Perry Yuan , Thomas Gleixner , Thomas Huth , Uros Bizjak , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-sgx@vger.kernel.org, x86@kernel.org Subject: [PATCH v4 09/10] x86/cpufeature: replace X86_FEATURE_SYSENTER32 with X86_FEATURE_SYSFAST32 Date: Tue, 16 Dec 2025 13:26:03 -0800 Message-ID: <20251216212606.1325678-10-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216212606.1325678-1-hpa@zytor.com> References: <20251216212606.1325678-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In most cases, the use of "fast 32-bit system call" depends either on X86_FEATURE_SEP or X86_FEATURE_SYSENTER32 || X86_FEATURE_SYSCALL32. However, nearly all the logic for both is identical. Define X86_FEATURE_SYSFAST32 which indicates that *either* SYSENTER32 or SYSCALL32 should be used, for either 32- or 64-bit kernels. This defaults to SYSENTER; use SYSCALL if the SYSCALL32 bit is also set. As this removes ALL existing uses of X86_FEATURE_SYSENTER32, which is a kernel-only synthetic feature bit, simply remove it and replace it with X86_FEATURE_SYSFAST32. This leaves an unused alternative for a true 32-bit kernel, but that should really not matter in any way. The clearing of X86_FEATURE_SYSCALL32 can be removed once the patches for automatically clearing disabled features has been merged. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/Kconfig.cpufeatures | 8 +++++++ arch/x86/entry/vdso/vdso32/system_call.S | 8 ++----- arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/kernel/cpu/centaur.c | 3 --- arch/x86/kernel/cpu/common.c | 8 +++++++ arch/x86/kernel/cpu/intel.c | 4 +--- arch/x86/kernel/cpu/zhaoxin.c | 4 +--- arch/x86/kernel/fred.c | 2 +- arch/x86/xen/setup.c | 28 +++++++++++++++--------- arch/x86/xen/smp_pv.c | 5 ++--- arch/x86/xen/xen-ops.h | 1 - 11 files changed, 42 insertions(+), 31 deletions(-) diff --git a/arch/x86/Kconfig.cpufeatures b/arch/x86/Kconfig.cpufeatures index 733d5aff2456..423ac795baa7 100644 --- a/arch/x86/Kconfig.cpufeatures +++ b/arch/x86/Kconfig.cpufeatures @@ -56,6 +56,10 @@ config X86_REQUIRED_FEATURE_MOVBE def_bool y depends on MATOM =20 +config X86_REQUIRED_FEATURE_SYSFAST32 + def_bool y + depends on X86_64 && !X86_FRED + config X86_REQUIRED_FEATURE_CPUID def_bool y depends on X86_64 @@ -120,6 +124,10 @@ config X86_DISABLED_FEATURE_CENTAUR_MCR def_bool y depends on X86_64 =20 +config X86_DISABLED_FEATURE_SYSCALL32 + def_bool y + depends on !X86_64 + config X86_DISABLED_FEATURE_PCID def_bool y depends on !X86_64 diff --git a/arch/x86/entry/vdso/vdso32/system_call.S b/arch/x86/entry/vdso= /vdso32/system_call.S index 2a15634bbe75..7b1c0f16e511 100644 --- a/arch/x86/entry/vdso/vdso32/system_call.S +++ b/arch/x86/entry/vdso/vdso32/system_call.S @@ -52,13 +52,9 @@ __kernel_vsyscall: #define SYSENTER_SEQUENCE "movl %esp, %ebp; sysenter" #define SYSCALL_SEQUENCE "movl %ecx, %ebp; syscall" =20 -#ifdef BUILD_VDSO32_64 /* If SYSENTER (Intel) or SYSCALL32 (AMD) is available, use it. */ - ALTERNATIVE_2 "", SYSENTER_SEQUENCE, X86_FEATURE_SYSENTER32, \ - SYSCALL_SEQUENCE, X86_FEATURE_SYSCALL32 -#else - ALTERNATIVE "", SYSENTER_SEQUENCE, X86_FEATURE_SEP -#endif + ALTERNATIVE_2 "", SYSENTER_SEQUENCE, X86_FEATURE_SYSFAST32, \ + SYSCALL_SEQUENCE, X86_FEATURE_SYSCALL32 =20 /* Enter using int $0x80 */ int $0x80 diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index c3b53beb1300..63b0f9aa9b3e 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -84,7 +84,7 @@ #define X86_FEATURE_PEBS ( 3*32+12) /* "pebs" Precise-Event Based Samplin= g */ #define X86_FEATURE_BTS ( 3*32+13) /* "bts" Branch Trace Store */ #define X86_FEATURE_SYSCALL32 ( 3*32+14) /* syscall in IA32 userspace */ -#define X86_FEATURE_SYSENTER32 ( 3*32+15) /* sysenter in IA32 userspace */ +#define X86_FEATURE_SYSFAST32 ( 3*32+15) /* sysenter/syscall in IA32 user= space */ #define X86_FEATURE_REP_GOOD ( 3*32+16) /* "rep_good" REP microcode works= well */ #define X86_FEATURE_AMD_LBR_V2 ( 3*32+17) /* "amd_lbr_v2" AMD Last Branch= Record Extension Version 2 */ #define X86_FEATURE_CLEAR_CPU_BUF ( 3*32+18) /* Clear CPU buffers using VE= RW */ diff --git a/arch/x86/kernel/cpu/centaur.c b/arch/x86/kernel/cpu/centaur.c index a3b55db35c96..9833f837141c 100644 --- a/arch/x86/kernel/cpu/centaur.c +++ b/arch/x86/kernel/cpu/centaur.c @@ -102,9 +102,6 @@ static void early_init_centaur(struct cpuinfo_x86 *c) (c->x86 >=3D 7)) set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC); =20 -#ifdef CONFIG_X86_64 - set_cpu_cap(c, X86_FEATURE_SYSENTER32); -#endif if (c->x86_power & (1 << 8)) { set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC); set_cpu_cap(c, X86_FEATURE_NONSTOP_TSC); diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index e7ab22fce3b5..1c3261cae40c 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1068,6 +1068,9 @@ void get_cpu_cap(struct cpuinfo_x86 *c) init_scattered_cpuid_features(c); init_speculation_control(c); =20 + if (IS_ENABLED(CONFIG_X86_64) || cpu_has(c, X86_FEATURE_SEP)) + set_cpu_cap(c, X86_FEATURE_SYSFAST32); + /* * Clear/Set all flags overridden by options, after probe. * This needs to happen each time we re-probe, which may happen @@ -1813,6 +1816,11 @@ static void __init early_identify_cpu(struct cpuinfo= _x86 *c) * that it can't be enabled in 32-bit mode. */ setup_clear_cpu_cap(X86_FEATURE_PCID); + + /* + * Never use SYSCALL on a 32-bit kernel + */ + setup_clear_cpu_cap(X86_FEATURE_SYSCALL32); #endif =20 /* diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 98ae4c37c93e..646ff33c4651 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -236,9 +236,7 @@ static void early_init_intel(struct cpuinfo_x86 *c) clear_cpu_cap(c, X86_FEATURE_PSE); } =20 -#ifdef CONFIG_X86_64 - set_cpu_cap(c, X86_FEATURE_SYSENTER32); -#else +#ifndef CONFIG_X86_64 /* Netburst reports 64 bytes clflush size, but does IO in 128 bytes */ if (c->x86 =3D=3D 15 && c->x86_cache_alignment =3D=3D 64) c->x86_cache_alignment =3D 128; diff --git a/arch/x86/kernel/cpu/zhaoxin.c b/arch/x86/kernel/cpu/zhaoxin.c index 89b1c8a70fe8..031379b7d4fa 100644 --- a/arch/x86/kernel/cpu/zhaoxin.c +++ b/arch/x86/kernel/cpu/zhaoxin.c @@ -59,9 +59,7 @@ static void early_init_zhaoxin(struct cpuinfo_x86 *c) { if (c->x86 >=3D 0x6) set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC); -#ifdef CONFIG_X86_64 - set_cpu_cap(c, X86_FEATURE_SYSENTER32); -#endif + if (c->x86_power & (1 << 8)) { set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC); set_cpu_cap(c, X86_FEATURE_NONSTOP_TSC); diff --git a/arch/x86/kernel/fred.c b/arch/x86/kernel/fred.c index 816187da3a47..e736b19e18de 100644 --- a/arch/x86/kernel/fred.c +++ b/arch/x86/kernel/fred.c @@ -68,7 +68,7 @@ void cpu_init_fred_exceptions(void) idt_invalidate(); =20 /* Use int $0x80 for 32-bit system calls in FRED mode */ - setup_clear_cpu_cap(X86_FEATURE_SYSENTER32); + setup_clear_cpu_cap(X86_FEATURE_SYSFAST32); setup_clear_cpu_cap(X86_FEATURE_SYSCALL32); } =20 diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c index 3823e52aef52..ac8021c3a997 100644 --- a/arch/x86/xen/setup.c +++ b/arch/x86/xen/setup.c @@ -990,13 +990,6 @@ static int register_callback(unsigned type, const void= *func) return HYPERVISOR_callback_op(CALLBACKOP_register, &callback); } =20 -void xen_enable_sysenter(void) -{ - if (cpu_feature_enabled(X86_FEATURE_SYSENTER32) && - register_callback(CALLBACKTYPE_sysenter, xen_entry_SYSENTER_compat)) - setup_clear_cpu_cap(X86_FEATURE_SYSENTER32); -} - void xen_enable_syscall(void) { int ret; @@ -1008,11 +1001,27 @@ void xen_enable_syscall(void) mechanism for syscalls. */ } =20 - if (cpu_feature_enabled(X86_FEATURE_SYSCALL32) && - register_callback(CALLBACKTYPE_syscall32, xen_entry_SYSCALL_compat)) + if (!cpu_feature_enabled(X86_FEATURE_SYSFAST32)) + return; + + if (cpu_feature_enabled(X86_FEATURE_SYSCALL32)) { + /* Use SYSCALL32 */ + ret =3D register_callback(CALLBACKTYPE_syscall32, + xen_entry_SYSCALL_compat); + + } else { + /* Use SYSENTER32 */ + ret =3D register_callback(CALLBACKTYPE_sysenter, + xen_entry_SYSENTER_compat); + } + + if (ret) { setup_clear_cpu_cap(X86_FEATURE_SYSCALL32); + setup_clear_cpu_cap(X86_FEATURE_SYSFAST32); + } } =20 + static void __init xen_pvmmu_arch_setup(void) { HYPERVISOR_vm_assist(VMASST_CMD_enable, VMASST_TYPE_writable_pagetables); @@ -1022,7 +1031,6 @@ static void __init xen_pvmmu_arch_setup(void) register_callback(CALLBACKTYPE_failsafe, xen_failsafe_callback)) BUG(); =20 - xen_enable_sysenter(); xen_enable_syscall(); } =20 diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c index 9bb8ff8bff30..c40f326f0c3a 100644 --- a/arch/x86/xen/smp_pv.c +++ b/arch/x86/xen/smp_pv.c @@ -65,10 +65,9 @@ static void cpu_bringup(void) touch_softlockup_watchdog(); =20 /* PVH runs in ring 0 and allows us to do native syscalls. Yay! */ - if (!xen_feature(XENFEAT_supervisor_mode_kernel)) { - xen_enable_sysenter(); + if (!xen_feature(XENFEAT_supervisor_mode_kernel)) xen_enable_syscall(); - } + cpu =3D smp_processor_id(); identify_secondary_cpu(cpu); set_cpu_sibling_map(cpu); diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h index 090349baec09..f6c331b20fad 100644 --- a/arch/x86/xen/xen-ops.h +++ b/arch/x86/xen/xen-ops.h @@ -60,7 +60,6 @@ phys_addr_t __init xen_find_free_area(phys_addr_t size); char * __init xen_memory_setup(void); void __init xen_arch_setup(void); void xen_banner(void); -void xen_enable_sysenter(void); void xen_enable_syscall(void); void xen_vcpu_restore(void); =20 --=20 2.52.0 From nobody Thu Dec 18 23:26:03 2025 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CCFBA3148B7; Tue, 16 Dec 2025 21:27:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920430; cv=none; b=avDt048JVLuToTZsVzcf3xInPhpdmLBKnpxE4s1xsJoKIAlImVbmtJ9UX7sp9zXMxLmo+2SUyCqGN+w6qgLahE9STbGdfVj96YWd2uBADTY3F3bJRSUb78wfP40IfItKXHC6FfWiNpbc37h0I/o065JcJuwgCXemN9GyaNPiww4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765920430; c=relaxed/simple; bh=bm0ETi1lEfJugXlUqeKXLYbeX18g5ZvBJJ82wPj/qFo=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lTPuKSivDx/Za2/9nlpvBUebEzNq+0ZnElbCLhkECCv+E1StpBO2YmPAntZMc6yJlDPT1YccaS0engOKYb6ZRrQvPZq+FezckHohomdFnAKPDJwhCm+lT9/XyZ+YPWG3sF72gFvWoFef8+jNNtX4wLAjzDnT/AjXViHeqf3wJ20= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=K8WR0xCy; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="K8WR0xCy" Received: from mail.zytor.com (c-76-133-66-138.hsd1.ca.comcast.net [76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.18.1/8.17.1) with ESMTPSA id 5BGLQC292563820 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 16 Dec 2025 13:26:32 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 5BGLQC292563820 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2025112201; t=1765920393; bh=fg+x4l4yBVX9RQI2ybe3EpOM6reoeao/7cwqkI1TOyQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=K8WR0xCyMau+WQ6iLmi1GqIknwCQ3rJDQ1NBQ1pylo0Vo9Grp4bV7c6kR+/d9fEU9 9CkNuNdA5rJuHmVT0uLlYGyt52MHmGMWi01PultxzdvLGYHs2w7r87OBUkBrtUE0F0 Szl34LVPb+wJbKNwo/bDqwT3i3i/tEUS87g5tIuXYFy7Ai5ObooY412PnYdLEu0/sy J8/80FGgsv+xe3wRVws4xdg6j1tivh48OqyL6RBpVtFUjjpt2XNT+8wDCfWWgNO0Bd +RQA1WlUPULSR+UL/y6MAeOV6lCAIRUBbog8HMg7tSWXsysHE0wY3CrpvHmkd8tw9i blvkPnFT2LtiQ== From: "H. Peter Anvin" To: "H. Peter Anvin" , "Jason A. Donenfeld" , "Peter Zijlstra (Intel)" , "Theodore Ts'o" , =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= , Xin Li , Andrew Cooper , Andy Lutomirski , Ard Biesheuvel , Borislav Petkov , Brian Gerst , Dave Hansen , Ingo Molnar , James Morse , Jarkko Sakkinen , Josh Poimboeuf , Kees Cook , Nam Cao , Oleg Nesterov , Perry Yuan , Thomas Gleixner , Thomas Huth , Uros Bizjak , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-sgx@vger.kernel.org, x86@kernel.org Subject: [PATCH v4 10/10] x86/entry/vdso32: when using int $0x80, use it directly Date: Tue, 16 Dec 2025 13:26:04 -0800 Message-ID: <20251216212606.1325678-11-hpa@zytor.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216212606.1325678-1-hpa@zytor.com> References: <20251216212606.1325678-1-hpa@zytor.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When neither sysenter32 nor syscall32 is available (on either FRED-capable 64-bit hardware or old 32-bit hardware), there is no reason to do a bunch of stack shuffling in __kernel_vsyscall. Unfortunately, just overwriting the initial "push" instructions will mess up the CFI annotations, so suffer the 3-byte NOP if not applicable. Similarly, inline the int $0x80 when doing inline system calls in the vdso instead of calling __kernel_vsyscall. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/entry/vdso/vdso32/system_call.S | 18 ++++++++++++++---- arch/x86/include/asm/vdso/sys_call.h | 4 +++- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/arch/x86/entry/vdso/vdso32/system_call.S b/arch/x86/entry/vdso= /vdso32/system_call.S index 7b1c0f16e511..9157cf9c5749 100644 --- a/arch/x86/entry/vdso/vdso32/system_call.S +++ b/arch/x86/entry/vdso/vdso32/system_call.S @@ -14,6 +14,18 @@ ALIGN __kernel_vsyscall: CFI_STARTPROC + + /* + * If using int $0x80, there is no reason to muck about with the + * stack here. Unfortunately just overwriting the push instructions + * would mess up the CFI annotations, but it is only a 3-byte + * NOP in that case. This could be avoided by patching the + * vdso symbol table (not the code) and entry point, but that + * would a fair bit of tooling work or by simply compiling + * two different vDSO images, but that doesn't seem worth it. + */ + ALTERNATIVE "int $0x80; ret", "", X86_FEATURE_SYSFAST32 + /* * Reshuffle regs so that all of any of the entry instructions * will preserve enough state. @@ -52,11 +64,9 @@ __kernel_vsyscall: #define SYSENTER_SEQUENCE "movl %esp, %ebp; sysenter" #define SYSCALL_SEQUENCE "movl %ecx, %ebp; syscall" =20 - /* If SYSENTER (Intel) or SYSCALL32 (AMD) is available, use it. */ - ALTERNATIVE_2 "", SYSENTER_SEQUENCE, X86_FEATURE_SYSFAST32, \ - SYSCALL_SEQUENCE, X86_FEATURE_SYSCALL32 + ALTERNATIVE SYSENTER_SEQUENCE, SYSCALL_SEQUENCE, X86_FEATURE_SYSCALL32 =20 - /* Enter using int $0x80 */ + /* Re-enter using int $0x80 */ int $0x80 SYM_INNER_LABEL(int80_landing_pad, SYM_L_GLOBAL) =20 diff --git a/arch/x86/include/asm/vdso/sys_call.h b/arch/x86/include/asm/vd= so/sys_call.h index dcfd17c6dd57..5806b1cd6aef 100644 --- a/arch/x86/include/asm/vdso/sys_call.h +++ b/arch/x86/include/asm/vdso/sys_call.h @@ -20,7 +20,9 @@ # define __sys_reg4 "r10" # define __sys_reg5 "r8" #else -# define __sys_instr "call __kernel_vsyscall" +# define __sys_instr ALTERNATIVE("ds;ds;ds;int $0x80", \ + "call __kernel_vsyscall", \ + X86_FEATURE_SYSFAST32) # define __sys_clobber "memory" # define __sys_nr(x,y) __NR_ ## x ## y # define __sys_reg1 "ebx" --=20 2.52.0