From patchwork Wed Jun 7 07:29:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Borisov X-Patchwork-Id: 104321 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp83840vqr; Wed, 7 Jun 2023 00:56:59 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5uYHTBqqdDboAkuXBf2Bq4wrY9+trP1dRVjlYazVGP8kznbjBA23yhZgQYl5y7x0XaUsuV X-Received: by 2002:a17:90a:190d:b0:259:c18f:ec81 with SMTP id 13-20020a17090a190d00b00259c18fec81mr1054659pjg.11.1686124619674; Wed, 07 Jun 2023 00:56:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686124619; cv=none; d=google.com; s=arc-20160816; b=CMUg5+rROnTelPtw76v8VEzY/yfWXKVfJd+z7aflwtgLTOIPe1UlskvuR7vaRykjeJ 7p3YHsQBiDUv1M7TF7yStNDyLZtvSTqQUL+4lpdqDvjN3jDV++Kn4xO7Lod7D4bYj/ha no/HLZSGAqYqrGrG4+6Q8QJc/7qmoioXw2RH9cK3OuugzKw5m9SHl4yznJaIbOwgYOhD GzOyYTUNkUEtCjACzOqzZah/y3eTp6KnxO5PYLSRm6hy4r/g0wMOeTBWZLaSmOSiTNV/ JdDodkxw1cA2e2D/e39cLD3ZiB7SqHo+ArZEosAem2Stxw42jtpxGSPzwl8ogq75rf2t EW+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=vqq6UhRIP8V5iprW/mRk4CtPTff+2A8nkYP1uvN5Ufk=; b=ObZ+CjxNAcWFYuX83cbw3mJxsRug/3FC0MaXz7UjciWN5H4BXQ6frK3Pqb1cqbfmIx FpT5a1nwCCcXQYqNy29vuPUJkwCFk0u32aluNHSIdIcgSBv+6NgV+KpzP6jhFCkBVWOz 4/EML93kAEWLsZiXH39dqolz1vv0vxM2YsQqfiWYmMqs3NoR3pCsU9cpAGjI5nsNv6Ck LU26qoajch3AeJis1NhEEMsRIKwWxoH9rieC31fz9SvfGnMqKPKjAbqQ6FVQmxZeRquP mm4gDPpUteN172HWU0XMMqW/IPqONG3cHNmpztrIUTUUu8hPF8UyVyuoJCEiDLwmahJk b/6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=J13oiSBu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x5-20020a17090ab00500b00259b2f52633si728434pjq.166.2023.06.07.00.56.44; Wed, 07 Jun 2023 00:56:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=J13oiSBu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237719AbjFGHfv (ORCPT + 99 others); Wed, 7 Jun 2023 03:35:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33554 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238440AbjFGHe3 (ORCPT ); Wed, 7 Jun 2023 03:34:29 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AEAF1732 for ; Wed, 7 Jun 2023 00:29:43 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id E50891FDAA; Wed, 7 Jun 2023 07:29:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1686122981; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vqq6UhRIP8V5iprW/mRk4CtPTff+2A8nkYP1uvN5Ufk=; b=J13oiSBuySdL0XZnaC2j/NGbglep5cLPbEzW87z2t/fZFd51RaIx3uI+TXjdOTeSMDMfkM 01TXfZY3GqA4y3OSrSQBSxasos2+p5lA0FEwiqyfEJSi6d33N+aUp6T2mWKP47KUUDcgYn LnqFergeIjaZdQpGuBy2+I8vWFY55mg= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 96ECC13776; Wed, 7 Jun 2023 07:29:41 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id kJ9OIuUxgGSUIQAAMHmgww (envelope-from ); Wed, 07 Jun 2023 07:29:41 +0000 From: Nikolay Borisov To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz, Nikolay Borisov Subject: [PATCH 1/3] x86: Introduce ia32_disabled boot parameter Date: Wed, 7 Jun 2023 10:29:34 +0300 Message-Id: <20230607072936.3766231-2-nik.borisov@suse.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607072936.3766231-1-nik.borisov@suse.com> References: <20230607072936.3766231-1-nik.borisov@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768029809206699837?= X-GMAIL-MSGID: =?utf-8?q?1768029809206699837?= Distributions would like to reduce their attack surface as much as possible but at the same time they have to cater to a wide variety of legacy software. One such avenue where distros have to strike a balance is the support for 32bit syscalls on a 64bit kernel. Ideally we'd have the ability to disable the the compat support at boot time. This would allow the decision whether it should be disabled/enabled can be delegated to system administrators. This patch simply introduces ia32_disable boot parameter which aims at disabling 32 bit process support even if CONFIG_IA32_EMULATION has been selected at build time. Signed-off-by: Nikolay Borisov --- arch/x86/entry/common.c | 12 ++++++++++++ arch/x86/include/asm/traps.h | 4 ++++ 2 files changed, 16 insertions(+) diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c index 6c2826417b33..817518768ba2 100644 --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c @@ -19,6 +19,7 @@ #include #include #include +#include #ifdef CONFIG_XEN_PV #include @@ -96,6 +97,17 @@ static __always_inline int syscall_32_enter(struct pt_regs *regs) return (int)regs->orig_ax; } +#ifdef CONFIG_IA32_EMULATION +bool ia32_disabled = false; + +static int ia32_disabled_cmdline(char *arg) +{ + ia32_disabled = true; + return 1; +} +__setup("ia32_disabled", ia32_disabled_cmdline); +#endif + /* * Invoke a 32-bit syscall. Called with IRQs on in CONTEXT_KERNEL. */ diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h index 47ecfff2c83d..dd93aac3718b 100644 --- a/arch/x86/include/asm/traps.h +++ b/arch/x86/include/asm/traps.h @@ -20,6 +20,10 @@ asmlinkage __visible noinstr struct pt_regs *vc_switch_off_ist(struct pt_regs *e extern bool ibt_selftest(void); +#ifdef CONFIG_IA32_EMULATION +extern bool ia32_disabled; +#endif + #ifdef CONFIG_X86_F00F_BUG /* For handling the FOOF bug */ void handle_invalid_op(struct pt_regs *regs); From patchwork Wed Jun 7 07:29:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Borisov X-Patchwork-Id: 104318 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp82524vqr; Wed, 7 Jun 2023 00:53:30 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5VxHh2BjfQQMxbYcKOtM6P7lx0d3E8G9BceGYPei4Zn378Tcs60rYtOKMScTR6XqERdoG1 X-Received: by 2002:a05:6808:601:b0:398:ad87:2dab with SMTP id y1-20020a056808060100b00398ad872dabmr5248891oih.5.1686124410598; Wed, 07 Jun 2023 00:53:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686124410; cv=none; d=google.com; s=arc-20160816; b=cb1y7FDQKiBhcUzbridjAYAq5QYeIPPFDqNIQNsizuxLckWwntSBdrNi6lKhJ/oCLM 5z6FjYQBQb4LP2zFj4ybBJZx+EKenvUNJ/dIjUunaXX910NybKStVrYDD1wzSn+l77uV CcjBQDSeN9sTqDN1LtFyzYmgpJBK8tZ9EjmXk2f5toOgLr1clYKcgqmeDmDRzv/yQQpy 1A+tQqpJ5HVbhGwKHq4EwEuujURY96ETVe+zIh6ngoJa0JgnRt/nbJ4g1XxRvzamivO3 7FdJR9QBt9SEECuVM8IuUS4SAeo0S9tsN0udalDpn65Hf5otjWod4lLxyyQDhPe9M3X7 EerA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Fgln+qtfcOS9OaYmx79Yvw6h1nzJ4Orl6OHLx73NA9A=; b=TfgY/HUnIcohpq3LLYBKDJ8iBFqcm6ciq0YVniCNpQTKbp6UQRGJmp0rNcoG7VJOxg u90SyAVsPPVZ5vOZlak/2iTh4eJyXB53+OVpFTpa1i1HIQ362jEXmKrBY1aZaOkhqJKc z/SETPPJwIzhyU2vmiB42i71qhjNxqfC4gCzMoCxNoehv4dkaTq9eGSdMJl2X91g5eof LAqBg+rgX4VDn7AERhUELvjVP8KkXXdHNHkXaRZT5xSweNG3l/ldppyNzQtXmNGGTGXB qQyhxsNkVoMSUQ4tXJAn3NCfOJ6UgRZc1HVNTsdJs7hIkFoInn/860NZT+vqygW9LqaO KKFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=QLIX0oZ2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nn6-20020a17090b38c600b00257a8dc0348si774401pjb.75.2023.06.07.00.53.16; Wed, 07 Jun 2023 00:53:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=QLIX0oZ2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239221AbjFGHgB (ORCPT + 99 others); Wed, 7 Jun 2023 03:36:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33560 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239137AbjFGHea (ORCPT ); Wed, 7 Jun 2023 03:34:30 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B6B4B1BE6 for ; Wed, 7 Jun 2023 00:29:43 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 50D1F1FDAB; Wed, 7 Jun 2023 07:29:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1686122982; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Fgln+qtfcOS9OaYmx79Yvw6h1nzJ4Orl6OHLx73NA9A=; b=QLIX0oZ2VqwvpnaHV3gS3aOGFzS/bYa/3bWLdKLxrfCbtNFSX6BA72rcW/4uanPoHK5DWL pIsghoCb+dq8MSnnEjb/LRbiCSVFXRTrs/SouG6t9hwtOgje6kOn9cIr7qJ+Nd6zd/Ctqq L8HY0N7nrYcsReRVMz1Xn65wbOFm/4U= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 0168413776; Wed, 7 Jun 2023 07:29:41 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id AF1QOeUxgGSUIQAAMHmgww (envelope-from ); Wed, 07 Jun 2023 07:29:41 +0000 From: Nikolay Borisov To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz, Nikolay Borisov Subject: [PATCH 2/3] x86/entry: Disable IA32 syscalls in the presence of ia32_disabled Date: Wed, 7 Jun 2023 10:29:35 +0300 Message-Id: <20230607072936.3766231-3-nik.borisov@suse.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607072936.3766231-1-nik.borisov@suse.com> References: <20230607072936.3766231-1-nik.borisov@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768029589749258549?= X-GMAIL-MSGID: =?utf-8?q?1768029589749258549?= First stage of disabling ia32 compat layer is to disable 32bit syscall entry points. Legacy int 0x80 vector is disabled by setting its gate descriptor to "not present" and the sysenter vector is disabled by re-using the existing code in case IA32_EMULATION is disabled. Signed-off-by: Nikolay Borisov --- arch/x86/entry/entry_64.S | 2 -- arch/x86/include/asm/desc.h | 5 +++++ arch/x86/kernel/cpu/common.c | 29 ++++++++++++++++++----------- 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index f31e286c2977..5e0e8a5e05ca 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -1514,7 +1514,6 @@ SYM_CODE_START(asm_exc_nmi) iretq SYM_CODE_END(asm_exc_nmi) -#ifndef CONFIG_IA32_EMULATION /* * This handles SYSCALL from 32-bit code. There is no way to program * MSRs to fully disable 32-bit SYSCALL. @@ -1525,7 +1524,6 @@ SYM_CODE_START(ignore_sysret) mov $-ENOSYS, %eax sysretl SYM_CODE_END(ignore_sysret) -#endif .pushsection .text, "ax" __FUNC_ALIGN diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h index ab97b22ac04a..618b428586d1 100644 --- a/arch/x86/include/asm/desc.h +++ b/arch/x86/include/asm/desc.h @@ -8,6 +8,7 @@ #include #include #include +#include #include #include @@ -429,6 +430,10 @@ static inline void idt_init_desc(gate_desc *gate, const struct idt_data *d) gate->offset_high = (u32) (addr >> 32); gate->reserved = 0; #endif +#ifdef CONFIG_IA32_EMULATION + if (ia32_disabled && d->vector == IA32_SYSCALL_VECTOR) + gate->bits.p = 0; +#endif } extern unsigned long system_vectors[]; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 80710a68ef7d..71f8b55f70c9 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2054,17 +2054,24 @@ void syscall_init(void) wrmsrl(MSR_LSTAR, (unsigned long)entry_SYSCALL_64); #ifdef CONFIG_IA32_EMULATION - wrmsrl_cstar((unsigned long)entry_SYSCALL_compat); - /* - * This only works on Intel CPUs. - * On AMD CPUs these MSRs are 32-bit, CPU truncates MSR_IA32_SYSENTER_EIP. - * This does not cause SYSENTER to jump to the wrong location, because - * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit). - */ - wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS); - wrmsrl_safe(MSR_IA32_SYSENTER_ESP, - (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1)); - wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat); + if (ia32_disabled) { + wrmsrl_cstar((unsigned long)ignore_sysret); + wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG); + wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL); + wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL); + } else { + wrmsrl_cstar((unsigned long)entry_SYSCALL_compat); + /* + * This only works on Intel CPUs. + * On AMD CPUs these MSRs are 32-bit, CPU truncates MSR_IA32_SYSENTER_EIP. + * This does not cause SYSENTER to jump to the wrong location, because + * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit). + */ + wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS); + wrmsrl_safe(MSR_IA32_SYSENTER_ESP, + (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1)); + wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat); + } #else wrmsrl_cstar((unsigned long)ignore_sysret); wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG); From patchwork Wed Jun 7 07:29:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Borisov X-Patchwork-Id: 104316 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp76611vqr; Wed, 7 Jun 2023 00:40:12 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5uop5kRscrpDBHpskw2IfhndqZaVnJ7pTJ2PHGZQr3wneDyVgRaGD7djUETYPUuI9M358q X-Received: by 2002:a05:6a00:2195:b0:639:a518:3842 with SMTP id h21-20020a056a00219500b00639a5183842mr5764306pfi.7.1686123612414; Wed, 07 Jun 2023 00:40:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686123612; cv=none; d=google.com; s=arc-20160816; b=Cj+SwvHSiuIousnCHzWYxQ1pMZAzRBEmfMMDwkNVwpLD2Blpg62bxDQ3Fhjyusmabk kShBUTHdWeYZgax4XsDka1guwRXjMptEpnQbwI9CqbSWro8NkgjfhWAFE0Negj/0RDvD Yy6vtCUt7Bqo+ucsmiHNewzNoYtfrKv2dEYT2f8BIQgzX7z8t2IhmDPjOJXeCtHXROum 1tUGuF5IzgDM6cIYU1mdEdz0JATRcVC7iySmlRXDr/i42zXw4Fg2sW/6Qv3aeJyTdzuQ mAQM57Y9WEjTFIZ7G8CSdI79naaQecyZJCPekObf42vDU2BwNvqoBcPoE59kJxij3ONX hTHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=y8Pjt8EA8tFinVOCzCHnLFdQUw7jcSWs6svSbR9DVSQ=; b=KTUZt+n/fCTJ90AskZhAa22hyvXvF4T5MHC1sVhdWpqM2BegSGi2h0o3gmV71QYkHU UA9ytXQf6PSTs7/iBTNcEb8Y5ep5mHWx34XgM+jQ9WbisZ8l91l7zj2FfInTfMclZ0GG ohq6P/U/YGVExlfHpLun2FFswdI1R3GDtYIRfDfPst1bDrWeR0l3Tzz0ir98hXbPBHw4 OUQsslPl9zQ8/IIh7ezyqgos9xxgjUo52asGVjolCfAXxK8Kzq8DqN4nRTGJSsj+kLl5 trDVawoPYqiiuWcnqUaHoW5eqDLI/0DL6961ag6aQksBFQA7JYNp0ysk9MS+ChTnlN0K MNfw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=tNQhbwuz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r14-20020aa7988e000000b0066172edecccsi1228434pfl.145.2023.06.07.00.39.58; Wed, 07 Jun 2023 00:40:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=tNQhbwuz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238879AbjFGHfy (ORCPT + 99 others); Wed, 7 Jun 2023 03:35:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33564 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239174AbjFGHeb (ORCPT ); Wed, 7 Jun 2023 03:34:31 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 144911BEF for ; Wed, 7 Jun 2023 00:29:44 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id B296B219EC; Wed, 7 Jun 2023 07:29:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1686122982; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=y8Pjt8EA8tFinVOCzCHnLFdQUw7jcSWs6svSbR9DVSQ=; b=tNQhbwuzxd5SYqDHVX1o1k0QPg1PyklcAk0KnWACq32tGICNwRNqxEcpfISX3DoiwspJma InYIIsN2JAZuvWOhF/lywInWaSzYm6Vlgg6fNqZxDHqt1tBGevmgEIzlefQ8vnHNXqlMvk RmV2oovEiZq5IZC61VRKr1+GcSKlyus= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 610D413776; Wed, 7 Jun 2023 07:29:42 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id OMwTFeYxgGSUIQAAMHmgww (envelope-from ); Wed, 07 Jun 2023 07:29:42 +0000 From: Nikolay Borisov To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz, Nikolay Borisov Subject: [PATCH 3/3] x86: Disable running 32bit processes if ia32_disabled is passed Date: Wed, 7 Jun 2023 10:29:36 +0300 Message-Id: <20230607072936.3766231-4-nik.borisov@suse.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230607072936.3766231-1-nik.borisov@suse.com> References: <20230607072936.3766231-1-nik.borisov@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768028753236071642?= X-GMAIL-MSGID: =?utf-8?q?1768028753236071642?= In addition to disabling 32bit syscall interface let's also disable the ability to run 32bit processes altogether. This is achieved by setting the GDT_ENTRY_DEFAULT_USER32_CS descriptor to not present which would cause 32 bit processes to trap with a #NP exception. Furthermore, forbid loading compat processes as well. Signed-off-by: Nikolay Borisov --- arch/x86/include/asm/elf.h | 5 +++-- arch/x86/kernel/cpu/common.c | 8 ++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h index 18fd06f7936a..406245bc0fb0 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h @@ -148,9 +148,10 @@ do { \ #define elf_check_arch(x) \ ((x)->e_machine == EM_X86_64) +extern bool ia32_disabled; #define compat_elf_check_arch(x) \ - (elf_check_arch_ia32(x) || \ - (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64)) + (!ia32_disabled && (elf_check_arch_ia32(x) || \ + (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64))) static inline void elf_common_init(struct thread_struct *t, struct pt_regs *regs, const u16 ds) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 71f8b55f70c9..ddc301c09419 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2359,6 +2359,11 @@ void microcode_check(struct cpuinfo_x86 *prev_info) } #endif +static void remove_user32cs_from_gdt(void * __unused) +{ + get_current_gdt_rw()[GDT_ENTRY_DEFAULT_USER32_CS].p = 0; +} + /* * Invoked from core CPU hotplug code after hotplug operations */ @@ -2368,4 +2373,7 @@ void arch_smt_update(void) cpu_bugs_smt_update(); /* Check whether IPI broadcasting can be enabled */ apic_smt_update(); + if (ia32_disabled) + on_each_cpu(remove_user32cs_from_gdt, NULL, 1); + }