From patchwork Fri Jun  9 11:13:08 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nikolay Borisov <nik.borisov@suse.com>
X-Patchwork-Id: 105562
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp884018vqr;
        Fri, 9 Jun 2023 04:48:09 -0700 (PDT)
X-Google-Smtp-Source: 
 ACHHUZ44dQrnNVBkav83VxFCm1+SWW7D6OJi7j6OTagulNKVeK3bSK+tItq5YU6E8QX187uMOio1
X-Received: by 2002:a17:902:d2c8:b0:1b1:94a8:ab2d with SMTP id
 n8-20020a170902d2c800b001b194a8ab2dmr1838734plc.29.1686311289228;
        Fri, 09 Jun 2023 04:48:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686311289; cv=none;
        d=google.com; s=arc-20160816;
        b=WqgjVxQORoDOU43K1+tQdbucx49yp/H/GZxSWiCFbLYtavsC8yptkU+j/TUgutD9WB
         EavEHq3Gb58MmCsRxi8299vCCoHGFvCK394TOCTTrxqVsnXhVoe2tiOGIQ9X2+GFMDgB
         +G/CGmOhq7173msv/mXXmgOGAiBAZPV2UNK2dDhSUHmMRjXBEoplobWeLUSnve7zMVnf
         wB9SvRmArU/hS9lE6kSyqZzl6/e45U/CnmNBBNQLzt6+IQTTXrjWnBgG8SWBAqJ5CRtJ
         +/Agy/tHaZLYVycz2/2Cf5dxC96wBT68dgdRJPGNKZvTFhdzh/CsP/a/uaZ6yExicNbO
         cIhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=ecoq/MeSTUdA9EHpJzCSHxssfrpaWGQ/APku+m/fpZA=;
        b=UM3OxuXYRE95c9I3r/GkZVHsdYdYzdLfdyWgiO87jGC44oMr4PVOHs5/Cw4vLswb+4
         4THvwrLmQJDrC7zVuaPdz/Go/dq87+YH0EMwanll7OS3smms/nTR3rt/yDQXOAwcua+/
         jrrnLmYAHuXl1jwNthcnmkzDtScOk+acCF8ifEmwDouSqfb7sqzIVmOrBUZidrrjwRkX
         fE9csSXSQqJzGhI5wlTQ9kq7bhTssnYH2jgCm4DWu8IRYPXEPJHcqBV08w3FDAh0Q17p
         D+rUg60Ry5iOSmm3+zbVooOaFDjY+4YdI1LOOTNxWUSC/qZtpZu0m0VfSXOz5VMAqNTG
         Uc/A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=DTuVqxzM;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 li8-20020a170903294800b0019c93e0dce0si2577476plb.254.2023.06.09.04.47.56;
        Fri, 09 Jun 2023 04:48:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=DTuVqxzM;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238990AbjFILNV (ORCPT <rfc822;liningstudo@gmail.com>
        + 99 others); Fri, 9 Jun 2023 07:13:21 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57036 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238861AbjFILNR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Jun 2023 07:13:17 -0400
Received: from smtp-out1.suse.de (smtp-out1.suse.de
 [IPv6:2001:67c:2178:6::1c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8ADA01FF3
        for <linux-kernel@vger.kernel.org>;
 Fri,  9 Jun 2023 04:13:16 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest
 SHA512)
        (No client certificate requested)
        by smtp-out1.suse.de (Postfix) with ESMTPS id 3BBEC21A16;
        Fri,  9 Jun 2023 11:13:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
        t=1686309195;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=ecoq/MeSTUdA9EHpJzCSHxssfrpaWGQ/APku+m/fpZA=;
        b=DTuVqxzMbPp0jvWo/EQZo+YOwoS2sLnSLXu2c3YigVj41K9ewnilOGCS46mjfhWGY4TFz/
        j71rmdWB6fMiPW/WTvPsJuxwHvT/r758wfvAqxrjGgfXnU9WbYJJ4Zm6t5IBw382/oBfSc
        338bCt/HcpI3g0TU1WFuhY0FTrGN6jk=
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest
 SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id DBADB139C8;
        Fri,  9 Jun 2023 11:13:14 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id KDnuMkoJg2ReIwAAMHmgww
        (envelope-from <nik.borisov@suse.com>);
 Fri, 09 Jun 2023 11:13:14 +0000
From: Nikolay Borisov <nik.borisov@suse.com>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz,
        Nikolay Borisov <nik.borisov@suse.com>
Subject: [PATCH v2 1/4] x86: Introduce CONFIG_IA32_EMULATION_DEFAULT_DISABLED
 Kconfig option
Date: Fri,  9 Jun 2023 14:13:08 +0300
Message-Id: <20230609111311.4110901-2-nik.borisov@suse.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230609111311.4110901-1-nik.borisov@suse.com>
References: <20230609111311.4110901-1-nik.borisov@suse.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1768225546393181347?=
X-GMAIL-MSGID: =?utf-8?q?1768225546393181347?=

Distributions would like to reduce their attack surface as much as
possible but at the same time they have to cater to a wide variety of
legacy software. One such avenue where distros have to strike a balance
is the support for 32bit syscalls on a 64bit kernel. Ideally
distributions would have a way to set that policy in their kernel config
files and at the same time users should also have the ability to
override this decision. Introduce such mechanism in the face of
CONFIG_IA32_EMULATION_DEFAULT_DISABLED compile time option, which
defaults to 'N' i.e retains current behavio in case
CONFIG_IA32_EMULATION is enabled. If, however, a distributor would like
to change this policy they can do so via the newly introduced
CONFIG_IA32_EMULATION_DEFAULT_DISABLED. As a final note allow users to
override the decision via the ia32_mode boot time parameter.

Signed-off-by: Nikolay Borisov <nik.borisov@suse.com>
---
 Documentation/admin-guide/kernel-parameters.txt |  4 ++++
 arch/x86/Kconfig                                |  5 +++++
 arch/x86/entry/common.c                         | 16 ++++++++++++++++
 arch/x86/include/asm/traps.h                    |  4 ++++
 4 files changed, 29 insertions(+)

--
2.34.1

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 9e5bab29685f..7c01ab8bcd56 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1865,6 +1865,10 @@
 			 0 -- machine default
 			 1 -- force brightness inversion

+	ia32_mode=		[X86-64]
+			Format: ia32_mode=disabled, ia32_mode=enabled
+			Allows to override the compile-time IA32_EMULATION option at boot time
+
 	icn=		[HW,ISDN]
 			Format: <io>[,<membase>[,<icn_id>[,<icn_id2>]]]

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 53bab123a8ee..9c32fd720701 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -3038,6 +3038,11 @@ config IA32_EMULATION
 	  64-bit kernel. You should likely turn this on, unless you're
 	  100% sure that you don't have any 32-bit programs left.

+config IA32_EMULATION_DEFAULT_DISABLED
+	bool "IA32 Emulation default disabled"
+	default n
+	depends on IA32_EMULATION
+
 config X86_X32_ABI
 	bool "x32 ABI for 64-bit mode"
 	depends on X86_64
diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
index 6c2826417b33..6da89575e03e 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -19,6 +19,7 @@
 #include <linux/nospec.h>
 #include <linux/syscalls.h>
 #include <linux/uaccess.h>
+#include <linux/init.h>

 #ifdef CONFIG_XEN_PV
 #include <xen/xen-ops.h>
@@ -96,6 +97,21 @@ static __always_inline int syscall_32_enter(struct pt_regs *regs)
 	return (int)regs->orig_ax;
 }

+#ifdef CONFIG_IA32_EMULATION
+bool ia32_disabled = IS_ENABLED(CONFIG_IA32_EMULATION_DEFAULT_DISABLED);
+
+static int ia32_mode_override_cmdline(char *arg)
+{
+	if (!strcmp(arg, "disabled"))
+		ia32_disabled = true;
+	else if (!strcmp(arg, "enabled"))
+		ia32_disabled = false;
+
+	return 1;
+}
+__setup("ia32_mode=", ia32_mode_override_cmdline);
+#endif
+
 /*
  * Invoke a 32-bit syscall.  Called with IRQs on in CONTEXT_KERNEL.
  */
diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h
index 47ecfff2c83d..dd93aac3718b 100644
--- a/arch/x86/include/asm/traps.h
+++ b/arch/x86/include/asm/traps.h
@@ -20,6 +20,10 @@ asmlinkage __visible noinstr struct pt_regs *vc_switch_off_ist(struct pt_regs *e

 extern bool ibt_selftest(void);

+#ifdef CONFIG_IA32_EMULATION
+extern bool ia32_disabled;
+#endif
+
 #ifdef CONFIG_X86_F00F_BUG
 /* For handling the FOOF bug */
 void handle_invalid_op(struct pt_regs *regs);

From patchwork Fri Jun  9 11:13:09 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nikolay Borisov <nik.borisov@suse.com>
X-Patchwork-Id: 105563
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp884294vqr;
        Fri, 9 Jun 2023 04:48:37 -0700 (PDT)
X-Google-Smtp-Source: 
 ACHHUZ71t7VDbAK5opGNFfqb5pmXVCekU/GjFFZzmCYLKIPsgULWdsiUIKQoa5vFmekvUbIHlnD5
X-Received: by 2002:a05:6358:4e07:b0:129:cb51:7efe with SMTP id
 cf7-20020a0563584e0700b00129cb517efemr1077398rwb.14.1686311317662;
        Fri, 09 Jun 2023 04:48:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686311317; cv=none;
        d=google.com; s=arc-20160816;
        b=bplApN+vFfeu/QF77Prz/cAt6srjHjo7KRSYJzjJF6b5q92Tfc8nHfrMLIb44pxHPe
         FT5MLLj8PrvYEmY87FJ0cyECLlD/F0EZfZokITdR5h8t16+13JU9bx1SfYFuxB6LgWsl
         e+ZCJo42TIf4a5acccEBmB00PAnk6KbMSozU2KT63g6vrvIj0Wm7Kwyk/1qXfDwl5pkW
         d3xzx2bbMmkK8pmXiVJgjmKxhzIc7hZvCz4UbD8RP/2lgA40+33yfQ/xRlCVpnLfoW5Y
         MSvPx4OaB2BtB8NJqxpjYHla66UZSQBar/lm0kSpWJH7+goWmXWZm55NyMcxdf7Ounbr
         OnWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=7GTMhjbKkfMR0diFswT0M7pEjVhfOQYpv6YQslqR+6M=;
        b=cCIwBHMtTv+3YgVlv+ocmUSsIKUqBsRDVyGy12rzDcVrMbZo3uUwIXdl2w1ER+CKqf
         Cho+TEYGXeyQeUNQkSyg+LDH3QFbsLdkRlGZcRk7jptUm2lzwtCkVUeVY1cVisYS/tLz
         9aUZtO8jK9z3ERciYNVmM5EW6lBLltjK/LNyWYja/vNIDZUDZlHIp5IFx4X0qXzXZE1B
         1j64K91HBe0PE/H7y1436kqb7i/wrMO9cI1AeDuW41+4MsaNv1OYMpcGkGgAhwSNId5W
         H1t8/PXIvC+VJcGD6Lh6mlFhbd+4RC+JBHS4amSA5EtGcUOyMmYfX/vLKqC/tkbD4CXG
         Rc+A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=kymnpBYG;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 d2-20020a633602000000b0053efd751392si2486107pga.827.2023.06.09.04.48.24;
        Fri, 09 Jun 2023 04:48:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=kymnpBYG;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239223AbjFILNY (ORCPT <rfc822;liningstudo@gmail.com>
        + 99 others); Fri, 9 Jun 2023 07:13:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57044 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238948AbjFILNS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Jun 2023 07:13:18 -0400
Received: from smtp-out1.suse.de (smtp-out1.suse.de
 [IPv6:2001:67c:2178:6::1c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0417E210E
        for <linux-kernel@vger.kernel.org>;
 Fri,  9 Jun 2023 04:13:17 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest
 SHA512)
        (No client certificate requested)
        by smtp-out1.suse.de (Postfix) with ESMTPS id A476721A1B;
        Fri,  9 Jun 2023 11:13:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
        t=1686309195;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=7GTMhjbKkfMR0diFswT0M7pEjVhfOQYpv6YQslqR+6M=;
        b=kymnpBYGPFy89uI8Qf3O6etFmzQJob7m/mV8aFmzGVcrsZAQssq6bP9WrHbkxiiCsoQwXi
        GUvUOJ8cwgSvtfHH19j1APshDMvhRQwh1Veog34mfb7RWL2tTNZnwjAMe2xQ99/zw+1zCe
        loCXjPEuk8NJJIf2FxZJjMOZp6c3Yro=
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest
 SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 4EC41139C8;
        Fri,  9 Jun 2023 11:13:15 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id qDiMEEsJg2ReIwAAMHmgww
        (envelope-from <nik.borisov@suse.com>);
 Fri, 09 Jun 2023 11:13:15 +0000
From: Nikolay Borisov <nik.borisov@suse.com>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz,
        Nikolay Borisov <nik.borisov@suse.com>
Subject: [PATCH v2 2/4] x86/entry: Rename ignore_sysret and compile it
 unconditionally
Date: Fri,  9 Jun 2023 14:13:09 +0300
Message-Id: <20230609111311.4110901-3-nik.borisov@suse.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230609111311.4110901-1-nik.borisov@suse.com>
References: <20230609111311.4110901-1-nik.borisov@suse.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1768225576110996502?=
X-GMAIL-MSGID: =?utf-8?q?1768225576110996502?=

Give ignore_sysret a more descriptive name as it's actually used to make
32bit syscalls a noop and return ENOSYS, rather than doing anything
special to sysret. While at it also compile the function unconditinally
as this is going to be used in the patch disabling ia32 syscalls due to
'ia32_disabled' parameter.

Signed-off-by: Nikolay Borisov <nik.borisov@suse.com>
---
 arch/x86/entry/entry_64.S        | 6 ++----
 arch/x86/include/asm/processor.h | 2 +-
 arch/x86/kernel/cpu/common.c     | 2 +-
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index f31e286c2977..7068af44008a 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -1514,18 +1514,16 @@ SYM_CODE_START(asm_exc_nmi)
 	iretq
 SYM_CODE_END(asm_exc_nmi)
 
-#ifndef CONFIG_IA32_EMULATION
 /*
  * This handles SYSCALL from 32-bit code.  There is no way to program
  * MSRs to fully disable 32-bit SYSCALL.
  */
-SYM_CODE_START(ignore_sysret)
+SYM_CODE_START(entry_SYSCALL32_ignore)
 	UNWIND_HINT_END_OF_STACK
 	ENDBR
 	mov	$-ENOSYS, %eax
 	sysretl
-SYM_CODE_END(ignore_sysret)
-#endif
+SYM_CODE_END(entry_SYSCALL32_ignore)
 
 .pushsection .text, "ax"
 	__FUNC_ALIGN
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index a1e4fa58b357..61c10b4e3e35 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -399,7 +399,7 @@ static inline unsigned long cpu_kernelmode_gs_base(int cpu)
 	return (unsigned long)per_cpu(fixed_percpu_data.gs_base, cpu);
 }
 
-extern asmlinkage void ignore_sysret(void);
+extern asmlinkage void entry_SYSCALL32_ignore(void);
 
 /* Save actual FS/GS selectors and bases to current->thread */
 void current_save_fsgs(void);
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 80710a68ef7d..b20774181e1a 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -2066,7 +2066,7 @@ void syscall_init(void)
 		    (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1));
 	wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat);
 #else
-	wrmsrl_cstar((unsigned long)ignore_sysret);
+	wrmsrl_cstar((unsigned long)entry_SYSCALL32_ignore);
 	wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG);
 	wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL);
 	wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL);

From patchwork Fri Jun  9 11:13:10 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nikolay Borisov <nik.borisov@suse.com>
X-Patchwork-Id: 105558
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp872084vqr;
        Fri, 9 Jun 2023 04:25:00 -0700 (PDT)
X-Google-Smtp-Source: 
 ACHHUZ55RP76cCFWW38Z/5Gzeftr7TEjugiKl+6ypWz85drC29ob7CH5KaL2fjtEyFiuder++umJ
X-Received: by 2002:a05:6a20:918f:b0:10f:f672:6e88 with SMTP id
 v15-20020a056a20918f00b0010ff6726e88mr696302pzd.4.1686309900435;
        Fri, 09 Jun 2023 04:25:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686309900; cv=none;
        d=google.com; s=arc-20160816;
        b=DqOB45nP3tZEHiNB6LW1Ar4SrcO6bCKE7syFb6S5+xvGerZjwZ9sNTMdud+Z6SFBWL
         vSmuzjo2hAEQSVdfKS6M+dMEMrkjNXLsMAJae3cM7kKGHkgBn3Qgk2CWesF+EqyT9RbR
         JWTiLNIedFdKyVcytMr50q5N9StL89fk7r3GKse/NgQi+qZ8OPrsFbaiXy+fhGkAeSXl
         ROsdjQPoMBRsVK8NHnZlyIStajseuDmRrLKcJ2xTMq0qNlNloxxrEyMTObAnvDSIr9Zh
         jAkgzqe2DsVmyIdzOArBDlZ/MjW9rr8Bk/+8h9ujf+7Fu9NTDmLu3Rib0UUckSDIasSr
         ilhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=8Bsnn3ZvwL3jkB5fYcFeMyxQu6CGb7wI0Eum5AnPafo=;
        b=kWkXegdyFoJSEBucq+8jOPAXDhK7MUayCgqGpkYiGx8SNlOCHlWZRh2Zv7sK43y/sO
         NywwmfrR1EfJ6hGZRAldcvk/0HzJQI3SNtselu475hCl9nhrApOCTNZROnBglTdDlhMu
         T8na5vL/Ns4xzDhHw7jMHHOi1iTASj4PACkYC/bIgndi0/Y6y/0vKW+cBcum2r/1qf/+
         hKTV8V6R9jS04oPAfGneHoPRIGwGkA8eMrUiOu5MqHAiky7Qyj2OfKoFeteFPDFB00Ud
         TR/ZnIPmfKlJVarAM72DmtkY9kh2lXjgcm6jEUvBW7PeiQPwR/W1L1Lf4qJFXWw7jWOP
         Dwmw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b="OX/qyPwN";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 n7-20020a170902e54700b001adf26a9390si2697816plf.191.2023.06.09.04.24.44;
        Fri, 09 Jun 2023 04:25:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b="OX/qyPwN";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239266AbjFILNb (ORCPT <rfc822;liningstudo@gmail.com>
        + 99 others); Fri, 9 Jun 2023 07:13:31 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57048 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238991AbjFILNS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Jun 2023 07:13:18 -0400
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6083F2113
        for <linux-kernel@vger.kernel.org>;
 Fri,  9 Jun 2023 04:13:17 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest
 SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id 19A471FDF2;
        Fri,  9 Jun 2023 11:13:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
        t=1686309196;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=8Bsnn3ZvwL3jkB5fYcFeMyxQu6CGb7wI0Eum5AnPafo=;
        b=OX/qyPwNWV6gO9OKITAPQ6wDiGhtagZFt2q2cnd2SnjCyQCU9/Mvy8PtfVp24tPkRlgJyl
        hFx+AWKfEROmKYu+Fxsa9plDRjd+O6JGg6bX/ZWk/FGek0TVSAhezsY+V+dvu2kyQuLoqe
        U0Qgt4ywpIUxQgS06NbhNoCWHV6kMJo=
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest
 SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id B7508139C8;
        Fri,  9 Jun 2023 11:13:15 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id GHgTKksJg2ReIwAAMHmgww
        (envelope-from <nik.borisov@suse.com>);
 Fri, 09 Jun 2023 11:13:15 +0000
From: Nikolay Borisov <nik.borisov@suse.com>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz,
        Nikolay Borisov <nik.borisov@suse.com>
Subject: [PATCH v2 3/4] x86/entry: Disable IA32 syscall if ia32_disabled is
 true
Date: Fri,  9 Jun 2023 14:13:10 +0300
Message-Id: <20230609111311.4110901-4-nik.borisov@suse.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230609111311.4110901-1-nik.borisov@suse.com>
References: <20230609111311.4110901-1-nik.borisov@suse.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1768224090526496113?=
X-GMAIL-MSGID: =?utf-8?q?1768224090526496113?=

First stage of disabling ia32 compat layer is to disable 32bit syscall
entry points. Legacy int 0x80 vector is disabled by zeroing out its gate
descriptor in the idt and the sysenter vector is disabled by re-using
the existing code in case IA32_EMULATION is disabled.

Signed-off-by: Nikolay Borisov <nik.borisov@suse.com>
---
 arch/x86/include/asm/desc.h  |  1 +
 arch/x86/kernel/cpu/common.c | 37 ++++++++++++++++++------------------
 arch/x86/kernel/idt.c        |  7 +++++++
 3 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
index ab97b22ac04a..1182a5b10be9 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -8,6 +8,7 @@
 #include <asm/fixmap.h>
 #include <asm/irq_vectors.h>
 #include <asm/cpu_entry_area.h>
+#include <asm/traps.h>
 
 #include <linux/debug_locks.h>
 #include <linux/smp.h>
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index b20774181e1a..3c4055184d0f 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -2053,24 +2053,25 @@ void syscall_init(void)
 	wrmsr(MSR_STAR, 0, (__USER32_CS << 16) | __KERNEL_CS);
 	wrmsrl(MSR_LSTAR, (unsigned long)entry_SYSCALL_64);
 
-#ifdef CONFIG_IA32_EMULATION
-	wrmsrl_cstar((unsigned long)entry_SYSCALL_compat);
-	/*
-	 * This only works on Intel CPUs.
-	 * On AMD CPUs these MSRs are 32-bit, CPU truncates MSR_IA32_SYSENTER_EIP.
-	 * This does not cause SYSENTER to jump to the wrong location, because
-	 * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit).
-	 */
-	wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS);
-	wrmsrl_safe(MSR_IA32_SYSENTER_ESP,
-		    (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1));
-	wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat);
-#else
-	wrmsrl_cstar((unsigned long)entry_SYSCALL32_ignore);
-	wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG);
-	wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL);
-	wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL);
-#endif
+	if ((IS_ENABLED(CONFIG_IA32_EMULATION) && ia32_disabled) ||
+	    !IS_ENABLED(CONFIG_IA32_EMULATION)) {
+		wrmsrl_cstar((unsigned long)entry_SYSCALL32_ignore);
+		wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG);
+		wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL);
+		wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL);
+	} else {
+		wrmsrl_cstar((unsigned long)entry_SYSCALL_compat);
+		/*
+		 * This only works on Intel CPUs.
+		 * On AMD CPUs these MSRs are 32-bit, CPU truncates MSR_IA32_SYSENTER_EIP.
+		 * This does not cause SYSENTER to jump to the wrong location, because
+		 * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit).
+		 */
+		wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS);
+		wrmsrl_safe(MSR_IA32_SYSENTER_ESP,
+			    (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1));
+		wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat);
+	}
 
 	/*
 	 * Flags to clear on syscall; clear as much as possible
diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c
index a58c6bc1cd68..d1f388ef2e66 100644
--- a/arch/x86/kernel/idt.c
+++ b/arch/x86/kernel/idt.c
@@ -226,6 +226,13 @@ void __init idt_setup_early_traps(void)
 void __init idt_setup_traps(void)
 {
 	idt_setup_from_table(idt_table, def_idts, ARRAY_SIZE(def_idts), true);
+
+	if (IS_ENABLED(CONFIG_IA32_EMULATION) && ia32_disabled) {
+		gate_desc null_desc = {};
+		write_idt_entry(idt_table, IA32_SYSCALL_VECTOR, &null_desc);
+		clear_bit(IA32_SYSCALL_VECTOR, system_vectors);
+	}
+
 }
 
 #ifdef CONFIG_X86_64

From patchwork Fri Jun  9 11:13:11 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nikolay Borisov <nik.borisov@suse.com>
X-Patchwork-Id: 105559
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp873567vqr;
        Fri, 9 Jun 2023 04:28:00 -0700 (PDT)
X-Google-Smtp-Source: 
 ACHHUZ46I4ctBbtamp5tVP4cJwAIYMzZf8eIBvz3r8AalZA6VZXFBvfKgpYZoaANAX5y/EaGodRK
X-Received: by 2002:a17:902:b10d:b0:1b3:8aea:515c with SMTP id
 q13-20020a170902b10d00b001b38aea515cmr395973plr.54.1686310080352;
        Fri, 09 Jun 2023 04:28:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686310080; cv=none;
        d=google.com; s=arc-20160816;
        b=iUG9g1mSyx/q4ilx/UpLyIOVjDgExB5SPSYAhfoIFFb/oqqtQGd2duH+fkZ35Ojj/c
         9hbmuqDuP+0iMNm6GPl3kD0l2SVl6PtL6klKfMHWBb3WBPRwhe+E7vgUDRMlZdAcIspq
         3PvBTi+T0SOfxAHPiKTwwR97FSfI56ULyH5xcd5P88yLJc9I4ktHEjZ/Kc266PbA82zt
         AdTMSk7Y28A0Rtq6wdK4E9ye9MIqyvZ9w+fm0u2ZViCb6zluWsrSlxLyjK+petQlP6k7
         BgDeutM/P++04lRHZUffXnS+7ONnBTZMwBtRLVZF0FW67qJ5MeSxoD6T1/cU7mDEYYCG
         FixQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=HtizpSkxYlWAXraFNdbEL4Y1/gcbY1LlaDxMnphho2M=;
        b=nmdJ0Upm9EFvnhmK+GpU0RUCbNAN3yC+bDu9wVCLAI6mR2Kn46sjywaCuJtGWsWcxu
         IiUWkYUSerNj2XQ9jDpQBgCSr8rG2vD2AxOQ3zNUOy2CDZLrQP2/sUCiU6CY+lyRiYnq
         FeaQvKdNyBCOYuGI7Yrt6mjNaoGvK6NwlhabQwD/qFxWVsDAdkNYeyKd/PCNyl9ZcsNt
         gliO6uhqqHRmbvtZF9orZsLbZoqO6gJfJhhvIKVmTB9EmIBnoHHDm4njsStDl+FEQPri
         kgUK/FX4H32UoF/J2V0HiAKhgp+Uk79+292caWlJw1cK8YxWM5dFBok5hhDHo5k3p9BJ
         J+dQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=UfksIQJp;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 j8-20020a170902da8800b001b01fc73474si2590030plx.588.2023.06.09.04.27.45;
        Fri, 09 Jun 2023 04:28:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=UfksIQJp;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239330AbjFILN2 (ORCPT <rfc822;liningstudo@gmail.com>
        + 99 others); Fri, 9 Jun 2023 07:13:28 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57050 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239066AbjFILNS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Jun 2023 07:13:18 -0400
Received: from smtp-out2.suse.de (smtp-out2.suse.de
 [IPv6:2001:67c:2178:6::1d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D44D11FDC
        for <linux-kernel@vger.kernel.org>;
 Fri,  9 Jun 2023 04:13:17 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest
 SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id 7F7FA1FDF8;
        Fri,  9 Jun 2023 11:13:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
        t=1686309196;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=HtizpSkxYlWAXraFNdbEL4Y1/gcbY1LlaDxMnphho2M=;
        b=UfksIQJpywX61OplTPxdtEDNEBSpbS3sTOKsu5I1T09Sg+g+iZOZnic15IyTQ7jF02wqJk
        cAAUC0lHEDfDIMbPAsSptmzLjsj6Dep7T7jvofqOl+VMNFnCp2oHgBAm79TsGGQojOkRph
        pzQb8epcwfI04NZZLFJoct3BG1dBTzQ=
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest
 SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 2BBDA139C8;
        Fri,  9 Jun 2023 11:13:16 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id cAXTB0wJg2ReIwAAMHmgww
        (envelope-from <nik.borisov@suse.com>);
 Fri, 09 Jun 2023 11:13:16 +0000
From: Nikolay Borisov <nik.borisov@suse.com>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz,
        Nikolay Borisov <nik.borisov@suse.com>
Subject: [PATCH v2 4/4] x86: Disable laoding 32bit processes if ia32_disabled
 is true
Date: Fri,  9 Jun 2023 14:13:11 +0300
Message-Id: <20230609111311.4110901-5-nik.borisov@suse.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230609111311.4110901-1-nik.borisov@suse.com>
References: <20230609111311.4110901-1-nik.borisov@suse.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1768224278500984705?=
X-GMAIL-MSGID: =?utf-8?q?1768224278500984705?=

In addition to disabling 32bit syscall interface let's also disable the
ability to load 32bit compat processes.

Signed-off-by: Nikolay Borisov <nik.borisov@suse.com>
---
 arch/x86/include/asm/elf.h | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
index 18fd06f7936a..0fa49388ff16 100644
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -148,9 +148,16 @@ do {						\
 #define elf_check_arch(x)			\
 	((x)->e_machine == EM_X86_64)
 
+#ifdef CONFIG_IA32_EMULATION
+extern bool ia32_disabled;
 #define compat_elf_check_arch(x)					\
-	(elf_check_arch_ia32(x) ||					\
+	((elf_check_arch_ia32(x) && !ia32_disabled) ||			\
 	 (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64))
+#else
+#define compat_elf_check_arch(x)					\
+	(elf_check_arch_ia32(x) ||			\
+	 (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64))
+#endif
 
 static inline void elf_common_init(struct thread_struct *t,
 				   struct pt_regs *regs, const u16 ds)