From patchwork Fri Jun 23 11:14:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Borisov X-Patchwork-Id: 112085 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp5699796vqr; Fri, 23 Jun 2023 04:30:43 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6+jE9WpEdvmbXun4jPYNgAPHCzFdfJfbQifA9Duk6969J070FNEeFa1lUjTI9K3Pdb03Vq X-Received: by 2002:a17:90a:190f:b0:258:9995:91cb with SMTP id 15-20020a17090a190f00b00258999591cbmr17698234pjg.49.1687519842833; Fri, 23 Jun 2023 04:30:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687519842; cv=none; d=google.com; s=arc-20160816; b=L6csEpvGidVOj0n4AVVj+EtgWlZwvEdwp3P2Oun3dPlFtgSrohduIIB1+FBpSXvb1W qrR4lqbvzCPW55rlNKmEvgKbGAyQ4BHCKpeadNTYxT+2fvw9/6Yc8KGddQtdgptzaPDh TqTCm1CjPT3CfsKwmZyIGh5k1g6HY77YtTLLUgrKzvFL4TzNf82GcQPswC/LksdZ4YtT LUxgA6VMedOMUJeAwP+IKnSOV88gNm7bPK4dpJhx9p7QwijguCPPe7xquZ9B947NOjyp ESFlMq7CPxwjdmwtj0rElJkLV18jiIKSBEajP0OaC2xllKOqmg44KVtEe6VzT6OAuNh/ z83g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=aLQna3YJFjX1iJFd+SNHQelZENitCxnrAQsbOG2qcHg=; fh=rtBECNvN9mDo2k3LELlFgZueR3nwOrhL5NAJRC20j7A=; b=dxKUrjALye5Ih6LhGMX1Er19DOlApgeK3J2OgYQBZSyD+Zo4JjzUjKd7k0XXYgoLP/ EO9+g4j4HQ4So+/e2YFLQowGrR0yuYMF9VWrkClulIzWv0XrNfaNyg/0Hx5vqj96hKpx gCcWCbjFTpaV+ZlU2vV6+UCNQcyQfx1zcVpsJk4dk/OO54r2jstsxpJWzDipcPprjgOw JkoN4VQYqFX6pg8I3+ixdw4e21Q1hQfVjEO1axd7/l+zcVCJEAXhjyoT3WOBMxrbyE2V 6GeHZZZfBquj5Gj9g0TNlpXzFhz2XCMiORhIG/2r8/RQvhRW2gn9Q2ext8zYDPBhMsCa 8z3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=u7iPIm86; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 8-20020a17090a19c800b0025ec19d478bsi1699722pjj.139.2023.06.23.04.30.30; Fri, 23 Jun 2023 04:30:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=u7iPIm86; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231933AbjFWLOc (ORCPT + 99 others); Fri, 23 Jun 2023 07:14:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231770AbjFWLOS (ORCPT ); Fri, 23 Jun 2023 07:14:18 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 341B310A for ; Fri, 23 Jun 2023 04:14:17 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id DEB8A1F460; Fri, 23 Jun 2023 11:14:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1687518855; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aLQna3YJFjX1iJFd+SNHQelZENitCxnrAQsbOG2qcHg=; b=u7iPIm86sgf6oSpl6ZWKQB17ZciWaoZGOhEehOF/CjUorTnknsj2+Hs77nHqnF23PvNjO3 +EuvqLgbfH5xFjccrouWQcgTrxeYK2y9K9jwUSvVLWZUHOs0A+Oy42tMBhgIDUZtX/JZbS voyvodtBDl5QUT6m1cxI0FN4zIjUNrw= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 887BF1331F; Fri, 23 Jun 2023 11:14:15 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id EP+fHod+lWTcFAAAMHmgww (envelope-from ); Fri, 23 Jun 2023 11:14:15 +0000 From: Nikolay Borisov To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, mohocko@suse.com, jslaby@suse.cz, Nikolay Borisov Subject: [PATCH v4 5/6] x86/entry: Make IA32 syscalls' availability depend on ia32_enabled() Date: Fri, 23 Jun 2023 14:14:08 +0300 Message-Id: <20230623111409.3047467-6-nik.borisov@suse.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230623111409.3047467-1-nik.borisov@suse.com> References: <20230623111409.3047467-1-nik.borisov@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1769492806651924188?= X-GMAIL-MSGID: =?utf-8?q?1769492806651924188?= Another major aspect of supporting running of 32bit processes is the ability to access 32bit syscalls. Such syscalls can be invoked by using the legacy int 0x80 handler and sysenter/syscall instructions. If IA32 emulation is disabled ensure that each of those 3 distinct mechanisms are also disabled. For int 0x80 a #GP exception would be generated since the respective descriptor is not going to be loaded at all. Invoking sysenter will also result in a #GP since IA32_SYSENTER_CS contains an invalid segment. Finally, syscall instruction cannot really be disabled so it's configured to execute a minimal handler. Signed-off-by: Nikolay Borisov --- arch/x86/include/asm/proto.h | 3 +++ arch/x86/kernel/cpu/common.c | 37 ++++++++++++++++++------------------ arch/x86/kernel/idt.c | 7 +++++++ 3 files changed, 29 insertions(+), 18 deletions(-) diff --git a/arch/x86/include/asm/proto.h b/arch/x86/include/asm/proto.h index 12ef86b19910..4d84122bd643 100644 --- a/arch/x86/include/asm/proto.h +++ b/arch/x86/include/asm/proto.h @@ -36,6 +36,9 @@ void entry_INT80_compat(void); #ifdef CONFIG_XEN_PV void xen_entry_INT80_compat(void); #endif +#else /* !CONFIG_IA32_EMULATION */ +#define entry_SYSCALL_compat NULL +#define entry_SYSENTER_compat NULL #endif void x86_configure_nx(void); diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index b20774181e1a..aafb83d1b3a7 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -59,6 +59,7 @@ #include #include #include +#include #include #include #include @@ -2053,24 +2054,24 @@ void syscall_init(void) wrmsr(MSR_STAR, 0, (__USER32_CS << 16) | __KERNEL_CS); wrmsrl(MSR_LSTAR, (unsigned long)entry_SYSCALL_64); -#ifdef CONFIG_IA32_EMULATION - wrmsrl_cstar((unsigned long)entry_SYSCALL_compat); - /* - * This only works on Intel CPUs. - * On AMD CPUs these MSRs are 32-bit, CPU truncates MSR_IA32_SYSENTER_EIP. - * This does not cause SYSENTER to jump to the wrong location, because - * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit). - */ - wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS); - wrmsrl_safe(MSR_IA32_SYSENTER_ESP, - (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1)); - wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat); -#else - wrmsrl_cstar((unsigned long)entry_SYSCALL32_ignore); - wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG); - wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL); - wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL); -#endif + if (ia32_enabled()) { + wrmsrl_cstar((unsigned long)entry_SYSCALL_compat); + /* + * This only works on Intel CPUs. + * On AMD CPUs these MSRs are 32-bit, CPU truncates MSR_IA32_SYSENTER_EIP. + * This does not cause SYSENTER to jump to the wrong location, because + * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit). + */ + wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS); + wrmsrl_safe(MSR_IA32_SYSENTER_ESP, + (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1)); + wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat); + } else { + wrmsrl_cstar((unsigned long)entry_SYSCALL32_ignore); + wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG); + wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL); + wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL); + } /* * Flags to clear on syscall; clear as much as possible diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c index a58c6bc1cd68..41f88da58502 100644 --- a/arch/x86/kernel/idt.c +++ b/arch/x86/kernel/idt.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #define DPL0 0x0 @@ -116,6 +117,9 @@ static const __initconst struct idt_data def_idts[] = { #endif SYSG(X86_TRAP_OF, asm_exc_overflow), +}; + +static const struct idt_data ia32_idt[] __initconst = { #if defined(CONFIG_IA32_EMULATION) SYSG(IA32_SYSCALL_VECTOR, entry_INT80_compat), #elif defined(CONFIG_X86_32) @@ -226,6 +230,9 @@ void __init idt_setup_early_traps(void) void __init idt_setup_traps(void) { idt_setup_from_table(idt_table, def_idts, ARRAY_SIZE(def_idts), true); + + if (ia32_enabled()) + idt_setup_from_table(idt_table, ia32_idt, ARRAY_SIZE(ia32_idt), true); } #ifdef CONFIG_X86_64