From patchwork Thu Sep 14 11:27:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 139819 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp604451vqi; Thu, 14 Sep 2023 13:22:10 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHB9WoLF7yR8SCV0gsS2hpf8TL7CdOm5iEw/KO7hJR3pB1AJEzoIvaClIP9HTNIvdE1lGfF X-Received: by 2002:a05:6e02:1542:b0:34f:7779:df7f with SMTP id j2-20020a056e02154200b0034f7779df7fmr8033798ilu.0.1694722930328; Thu, 14 Sep 2023 13:22:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694722930; cv=none; d=google.com; s=arc-20160816; b=NmIGotbr9wnkmaNyPIaJNXYbs63YvMEWrSOsksBOenETLWo0o1sr0i5VLMYllfeo5q 3iOs0xg3p0MzHno2ymkJsKwzZKqqv2N/15rA4yHaQcAvY1ZVEoBkW35/oJI7djxnwZrD Qv0m9TdRflpkQhZhoLGX2/ocjXQSKwJHWIixGD8rVsDV8YzdjOWV/fK0mtBGqax1lo6j LGjxx1VfrbMzBsPgiEY3fL6tTkfEi4zdqdhZV4D8IoI1D9NM155fsaL1f9Kj83wU2zzk mhFhk0lM1oYnCBrmImviBVjGDQKc7sWB+kFzlhZuzV8l5dGhs7ZknJmvG1SIs+33Cxhk fRFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=/C2eIxHiduCk3JbLorX9Ji4Nx7NlYAdZ70IiuqCGjqY=; fh=n7fF7QC0RNRn6F3FQu0v+CrFD4hMTQOXYoV2ln8SMUQ=; b=J4ha3OXCrBkPm2kAyiZfO3hLs3On/sez7GcYF6f2Ye8Tp7O/HhV0ZDNRlFeat3BHi5 bjsFlZvnBCJyfcbD6/JA+GvqlKFF4TrFhz5E+J4XWzgh3xSEGqBh8Djhc9xrSvX8ea/9 jvlCWndrTp6rXnOvhSL280r3xCByQe+6JB1s/toEhI6W+7vJeRC+MPQUUE6gV/hhirzm 5M6uS6sNmp18KK5SiOuDPUBPim5nBEXOPet+dxQI9gYN/aG4ztCF6eUWt34QQ/kqvcuB CafXATIvnjMEeAU4/GoL2PuOEUHLikp9nj1ZhZdhNvV7Q2DyGhilvkNoczJ9af5L6Rxk ANMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=CEc+SNFo; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id z11-20020a6553cb000000b005774bb908d0si2034268pgr.132.2023.09.14.13.22.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 13:22:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=CEc+SNFo; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 2CA7982F08E7; Thu, 14 Sep 2023 04:27:14 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237318AbjINL1M (ORCPT + 35 others); Thu, 14 Sep 2023 07:27:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233175AbjINL1J (ORCPT ); Thu, 14 Sep 2023 07:27:09 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C496FCC7; Thu, 14 Sep 2023 04:27:04 -0700 (PDT) Date: Thu, 14 Sep 2023 11:27:02 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694690823; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/C2eIxHiduCk3JbLorX9Ji4Nx7NlYAdZ70IiuqCGjqY=; b=CEc+SNFo5GssH2ahZbc7JQM8ltbys7Q0AC2dx3xSkjLBc0jnSDZc1CHc34rA6V67SM0TPY UTsUQR36XrRpgrsgEjxFYYtd7YRS1GW5JpPaUpNzKhuW26ipWXR4KS1rnu4TOZ6iUWxSkr 5YwnsAkHGV9Sjjwh/DEbvpoO049Aox8tsKW1DOFYw0evpIiV8KxSMwUF8QqIPa16UMtJKk qNAV/kvfYC2yjJmEGQWFu7E22fKtSxIrqE2X7y7sV7QPVMQhQk78DSPNDAdxCbgrnsDjn8 9FgLKrzYrdKQ9UxYBjegmwrcsFeDCjnK+Ao/Lm+kRHfSVRFswbWf/1kgWMz9ZA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694690823; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/C2eIxHiduCk3JbLorX9Ji4Nx7NlYAdZ70IiuqCGjqY=; b=sfvGmLh/g1i6SrwMlEHAyiRU4bA4KQS74xX6H9Uj4qdOAo05PvXeYyjKY4cNUGUuhQRrQD Qhhe0uLWHdDvKHBA== From: "tip-bot2 for Nikolay Borisov" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/entry] x86/entry: Make IA32 syscalls' availability depend on ia32_enabled() Cc: Nikolay Borisov , Thomas Gleixner , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20230623111409.3047467-6-nik.borisov@suse.com> References: <20230623111409.3047467-6-nik.borisov@suse.com> MIME-Version: 1.0 Message-ID: <169469082265.27769.12116895179692059890.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 14 Sep 2023 04:27:14 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1769492806651924188 X-GMAIL-MSGID: 1777045791490950079 The following commit has been merged into the x86/entry branch of tip: Commit-ID: 61382281e9054df523d3f9cfdba2faff88955f97 Gitweb: https://git.kernel.org/tip/61382281e9054df523d3f9cfdba2faff88955f97 Author: Nikolay Borisov AuthorDate: Fri, 23 Jun 2023 14:14:08 +03:00 Committer: Thomas Gleixner CommitterDate: Thu, 14 Sep 2023 13:19:53 +02:00 x86/entry: Make IA32 syscalls' availability depend on ia32_enabled() Another major aspect of supporting running of 32bit processes is the ability to access 32bit syscalls. Such syscalls can be invoked by using the legacy int 0x80 handler and sysenter/syscall instructions. If IA32 emulation is disabled ensure that each of those 3 distinct mechanisms are also disabled. For int 0x80 a #GP exception would be generated since the respective descriptor is not going to be loaded at all. Invoking sysenter will also result in a #GP since IA32_SYSENTER_CS contains an invalid segment. Finally, syscall instruction cannot really be disabled so it's configured to execute a minimal handler. Signed-off-by: Nikolay Borisov Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/20230623111409.3047467-6-nik.borisov@suse.com --- arch/x86/include/asm/proto.h | 3 +++- arch/x86/kernel/cpu/common.c | 37 +++++++++++++++++------------------ arch/x86/kernel/idt.c | 7 +++++++- 3 files changed, 29 insertions(+), 18 deletions(-) diff --git a/arch/x86/include/asm/proto.h b/arch/x86/include/asm/proto.h index 12ef86b..4d84122 100644 --- a/arch/x86/include/asm/proto.h +++ b/arch/x86/include/asm/proto.h @@ -36,6 +36,9 @@ void entry_INT80_compat(void); #ifdef CONFIG_XEN_PV void xen_entry_INT80_compat(void); #endif +#else /* !CONFIG_IA32_EMULATION */ +#define entry_SYSCALL_compat NULL +#define entry_SYSENTER_compat NULL #endif void x86_configure_nx(void); diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index b3f8cba..afa755e 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -62,6 +62,7 @@ #include #include #include +#include #include #include #include @@ -2074,24 +2075,24 @@ void syscall_init(void) wrmsr(MSR_STAR, 0, (__USER32_CS << 16) | __KERNEL_CS); wrmsrl(MSR_LSTAR, (unsigned long)entry_SYSCALL_64); -#ifdef CONFIG_IA32_EMULATION - wrmsrl_cstar((unsigned long)entry_SYSCALL_compat); - /* - * This only works on Intel CPUs. - * On AMD CPUs these MSRs are 32-bit, CPU truncates MSR_IA32_SYSENTER_EIP. - * This does not cause SYSENTER to jump to the wrong location, because - * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit). - */ - wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS); - wrmsrl_safe(MSR_IA32_SYSENTER_ESP, - (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1)); - wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat); -#else - wrmsrl_cstar((unsigned long)entry_SYSCALL32_ignore); - wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG); - wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL); - wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL); -#endif + if (ia32_enabled()) { + wrmsrl_cstar((unsigned long)entry_SYSCALL_compat); + /* + * This only works on Intel CPUs. + * On AMD CPUs these MSRs are 32-bit, CPU truncates MSR_IA32_SYSENTER_EIP. + * This does not cause SYSENTER to jump to the wrong location, because + * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit). + */ + wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS); + wrmsrl_safe(MSR_IA32_SYSENTER_ESP, + (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1)); + wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat); + } else { + wrmsrl_cstar((unsigned long)entry_SYSCALL32_ignore); + wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG); + wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL); + wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL); + } /* * Flags to clear on syscall; clear as much as possible diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c index b786d48..8857abc 100644 --- a/arch/x86/kernel/idt.c +++ b/arch/x86/kernel/idt.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #define DPL0 0x0 @@ -116,6 +117,9 @@ static const __initconst struct idt_data def_idts[] = { #endif SYSG(X86_TRAP_OF, asm_exc_overflow), +}; + +static const struct idt_data ia32_idt[] __initconst = { #if defined(CONFIG_IA32_EMULATION) SYSG(IA32_SYSCALL_VECTOR, entry_INT80_compat), #elif defined(CONFIG_X86_32) @@ -225,6 +229,9 @@ void __init idt_setup_early_traps(void) void __init idt_setup_traps(void) { idt_setup_from_table(idt_table, def_idts, ARRAY_SIZE(def_idts), true); + + if (ia32_enabled()) + idt_setup_from_table(idt_table, ia32_idt, ARRAY_SIZE(ia32_idt), true); } #ifdef CONFIG_X86_64