From patchwork Fri Jun 16 12:57:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Borisov X-Patchwork-Id: 109121 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp1334590vqr; Fri, 16 Jun 2023 06:15:08 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4nwt+Z4/HxQ6/cBthGn3/V5jMbYuoDnJ+Zf+5Ft0PB2jQTrL+i5UK4jhj2en7fsJC5Mmqk X-Received: by 2002:a05:6a20:734c:b0:10b:b25d:3a9a with SMTP id v12-20020a056a20734c00b0010bb25d3a9amr2947147pzc.3.1686921308468; Fri, 16 Jun 2023 06:15:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686921308; cv=none; d=google.com; s=arc-20160816; b=saGLzubjvy8k1l/VubLko04cHLjuzx7SAtrRz86ZUkdXJU9WhRKrnTx3wOkH28TZ/h BYnFdcalNGwu6e370w5JjSYqJRYQ9xxIp1D6wmh/Ie5rbD1M1O6YgjSy1CZBI8cv3Oga N9TEje0jzais+BAoGx/e/EtgTuhfGxtBuCpk7rFyGzQtxwRJunMg5lJc8kB1eCw2/e7Y /f5/6HpXm9q7Jem4d/RQ/6Ws5zWGCKH9a+BLcNQpQGeUXmOl6/6W2UeQTeLXfAaJi2UQ hWfADhWrtOdMEYTYDrexMnfiq4noszLeZTc/eQV0numx6oZibmMlIQefVg/8wB0ygjJ6 oEJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=HnsyB1P/ICCV757zk+6euS2EyB47mj2mUlXSxGGY818=; b=fmD+Iew9cILLkOOtliAYNa5ngub7/+5tLwBMourLDcAg+xWXHL1tpltUDgfc/nCJ6U AOihFDgMAF1IjeRs5NBvAcPslW1IIR55U5RsMB+Z9AP1MVdrYpZqh/cNUmCQNIywQXLK FlYe7kXkL02FYvLXr78wwOBkZIzHR5aXk3VUm2fIXJ+lJPNTLYJqp2vIxtdHyMJRrhxW 3aVKUELqsrTMCmrcFU6yFAKU6/eqsy0wqmzVrMnpa0cqNeZKDKR+1EdaPBw+Wgp38idS khAwIhqf2WcQIUlAcfi5DOgqBAAfFXmh7QaoRuo7l9Plm/Hulm1tWGbQcQ+CHNVW53d/ 5LtA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=mMPwEUKU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c4-20020a633504000000b005533db5fbacsi1828696pga.451.2023.06.16.06.14.52; Fri, 16 Jun 2023 06:15:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=mMPwEUKU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244578AbjFPM5z (ORCPT + 99 others); Fri, 16 Jun 2023 08:57:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48988 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345507AbjFPM5x (ORCPT ); Fri, 16 Jun 2023 08:57:53 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0F8CA2133 for ; Fri, 16 Jun 2023 05:57:52 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id B940021A25; Fri, 16 Jun 2023 12:57:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1686920270; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HnsyB1P/ICCV757zk+6euS2EyB47mj2mUlXSxGGY818=; b=mMPwEUKUKo16qmq3bYFPzOSUdQDMHVtJnDG4oUlBcIDYN5D9EYrvkj7rXVhdP38MCpsYCq zyVBtUn4Pg1OiWnq9gm8pBiZWhGvIe3zPghHk+GwSkuSX8/uw39dIvAjzaoDB548mLqFyX F9SDZW2pRXcyCUwNhIpEtBaHYj3vURg= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 62D221330B; Fri, 16 Jun 2023 12:57:50 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id gNN4FU5cjGTjNwAAMHmgww (envelope-from ); Fri, 16 Jun 2023 12:57:50 +0000 From: Nikolay Borisov To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz, Nikolay Borisov Subject: [PATCH v3 1/5] x86: Make IA32_EMULATION boot time configurable Date: Fri, 16 Jun 2023 15:57:26 +0300 Message-Id: <20230616125730.1164989-2-nik.borisov@suse.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230616125730.1164989-1-nik.borisov@suse.com> References: <20230616125730.1164989-1-nik.borisov@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768865198105796379?= X-GMAIL-MSGID: =?utf-8?q?1768865198105796379?= Distributions would like to reduce their attack surface as much as possible but at the same time they'd want to retain flexibility to cater to a variety of legacy software. One such avenue where a balance has to be struck is in supporting 32bit syscalls/processes on 64bit kernels. Ideally it should be possible for the distribution to set their own policy and give users the ability to override those policies as appropriate. In order to support this usecase, introduce CONFIG_IA32_EMULATION_DEFAULT_DISABLED compile time option, which controls whether 32bit processes/syscalls should be allowed or not. This allows distributions to set their preferred default behavior in their kernel configs. On the other hand, in order to allow users to override the distro's policy, introduce the 'ia32_mode' parameter which allows overriding CONFIG_IA32_EMULATION_DEFAULT_DISABLED state at boot time. Signed-off-by: Nikolay Borisov --- Documentation/admin-guide/kernel-parameters.txt | 5 +++++ arch/x86/Kconfig | 9 +++++++++ arch/x86/entry/common.c | 16 ++++++++++++++++ arch/x86/include/asm/ia32.h | 16 +++++++++++++++- 4 files changed, 45 insertions(+), 1 deletion(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 9e5bab29685f..59b1e86ecd9d 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -1865,6 +1865,11 @@ 0 -- machine default 1 -- force brightness inversion + ia32_mode= [X86-64] + Format: ia32_mode=disabled, ia32_mode=enabled + Allows overriding the compile-time state of + IA32_EMULATION_DEFAULT_DISABLED at boot time + icn= [HW,ISDN] Format: [,[,[,]]] diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 53bab123a8ee..8bec431c97ce 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -3038,6 +3038,15 @@ config IA32_EMULATION 64-bit kernel. You should likely turn this on, unless you're 100% sure that you don't have any 32-bit programs left. +config IA32_EMULATION_DEFAULT_DISABLED + bool "IA32 emulation disabled by default" + default n + depends on IA32_EMULATION + help + Make IA32 emulation disabled by default. This prevents loading 32bit + processes and access to 32bit syscalls. If unsure, leave it to its + default value. + config X86_X32_ABI bool "x32 ABI for 64-bit mode" depends on X86_64 diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c index 6c2826417b33..35bacf2f8be5 100644 --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c @@ -19,6 +19,7 @@ #include #include #include +#include #ifdef CONFIG_XEN_PV #include @@ -96,6 +97,21 @@ static __always_inline int syscall_32_enter(struct pt_regs *regs) return (int)regs->orig_ax; } +#ifdef CONFIG_IA32_EMULATION +bool __ia32_enabled = !IS_ENABLED(CONFIG_IA32_EMULATION_DEFAULT_DISABLED); + +static int ia32_mode_override_cmdline(char *arg) +{ + if (!strcmp(arg, "disabled")) + __ia32_enabled = false; + else if (!strcmp(arg, "enabled")) + __ia32_enabled = true; + + return 1; +} +__setup("ia32_mode=", ia32_mode_override_cmdline); +#endif + /* * Invoke a 32-bit syscall. Called with IRQs on in CONTEXT_KERNEL. */ diff --git a/arch/x86/include/asm/ia32.h b/arch/x86/include/asm/ia32.h index fada857f0a1e..c35e4a6d3317 100644 --- a/arch/x86/include/asm/ia32.h +++ b/arch/x86/include/asm/ia32.h @@ -68,6 +68,20 @@ extern void ia32_pick_mmap_layout(struct mm_struct *mm); #endif -#endif /* CONFIG_IA32_EMULATION */ +extern bool __ia32_enabled; + +static inline bool ia32_enabled(void) +{ + return __ia32_enabled; +} + +#else /* CONFIG_IA32_EMULATION */ + +static inline bool ia32_enabled(void) +{ + return IS_ENABLED(CONFIG_X86_32); +} + +#endif #endif /* _ASM_X86_IA32_H */ From patchwork Fri Jun 16 12:57:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Borisov X-Patchwork-Id: 109122 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp1334667vqr; Fri, 16 Jun 2023 06:15:13 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6PdEgCj6BQghOku98PVEiIIB0GJR7uLtwCWlLH2nkMnzYNHzmThESDQd6AtzA+e/e3kDJ4 X-Received: by 2002:a05:6a00:10d4:b0:663:18c:a176 with SMTP id d20-20020a056a0010d400b00663018ca176mr1771822pfu.32.1686921312718; Fri, 16 Jun 2023 06:15:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686921312; cv=none; d=google.com; s=arc-20160816; b=a65Xf/oabVp4Gkljg8KP+WUMRQNO3E7XzZseDTkJeMFpHDVVJG+umghz2iD3xitP3T TR8NwRzwMmtrdRXeH+xIM56g+o0idQqDePXJkzzlHQpEFj4dlDXPHuyYv1h+W8sZOEz3 /XY2V/cyOnqBiXLUwkcn+7xHyV/XM1+mlWDYivQX/KtM+sFZvBLxEHTiqJLQOHXBN1ao NmMSM4F4XuW686RXGBQdjqQuF2H8pVvR0C0vou3AN5nT3/u4fpD5pbmdRJuU/cLhetoX 7iRB+HGnVCCOKCJvKU45zfRWu2QfG00RiaKUdRBV2ydVcr8monM8p9FMfzS7MHDzOI5h fv4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=UjZMXe7XUwr7XJBQb9D0eQ2WRPP3zvIKg1MTtxvQAMk=; b=xE5P5qVEUojvLkUEFySfh1jCwAWcY7rcfdLe02rW64fz43bWxTtr/ew1OdxTEECtpG K8h8ek67AhrlglhOv+PX/I7g/wXycCDMWtvifJTodM+FYraLj94EtKvldNyJLqDNK2pJ V09rEDi4EsWf2Px7GghWoqqdb9hZI9y7SBgaqcHRSyWYHmU0RKYLhH/jNeBy5l+/p/68 PaxoajRGIAvNr2i8QfPzPg0g5xuJc2uEAMvG/5/k7WTeSGDkkXsOvKAlBij1/NlmtjWx QbVN08EftfWyROl4k+u486unRScAvU9r4H/tXmOyDIxEBU4Wh8i/JwGXRiV5ai8JvKIf Y6Mw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=rb5KhNTx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x26-20020aa7941a000000b006536902d31fsi15189800pfo.185.2023.06.16.06.14.59; Fri, 16 Jun 2023 06:15:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=rb5KhNTx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345536AbjFPM6C (ORCPT + 99 others); Fri, 16 Jun 2023 08:58:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49002 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345509AbjFPM5x (ORCPT ); Fri, 16 Jun 2023 08:57:53 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7DD1C26BA for ; Fri, 16 Jun 2023 05:57:52 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 3C05E22052; Fri, 16 Jun 2023 12:57:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1686920271; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UjZMXe7XUwr7XJBQb9D0eQ2WRPP3zvIKg1MTtxvQAMk=; b=rb5KhNTxBde2R2mBz/01edW3FHloIJGcvecNUE4im6kB3saGCS1WGLr4MZDhvWU56ERYig L/J7EWs0r1XiP80fUfrzEpfFRH7O5/iqcnPvGYw6ckc8vO4tyWmmxOs0G+AQSFS1fJez6U 6J0+5h3ItST2hK5GkOni2nShFJFr5FY= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id CB3E51330B; Fri, 16 Jun 2023 12:57:50 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 2AbZLk5cjGTjNwAAMHmgww (envelope-from ); Fri, 16 Jun 2023 12:57:50 +0000 From: Nikolay Borisov To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz, Nikolay Borisov Subject: [PATCH v3 2/5] x86/entry: Rename ignore_sysret Date: Fri, 16 Jun 2023 15:57:27 +0300 Message-Id: <20230616125730.1164989-3-nik.borisov@suse.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230616125730.1164989-1-nik.borisov@suse.com> References: <20230616125730.1164989-1-nik.borisov@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768865202439309820?= X-GMAIL-MSGID: =?utf-8?q?1768865202439309820?= Give ignore_sysret() a more descriptive name as it's actually used to make 32bit syscalls return ENOSYS, rather than doing anything specific with regards to sysret. Signed-off-by: Nikolay Borisov --- arch/x86/entry/entry_64.S | 4 ++-- arch/x86/include/asm/processor.h | 2 +- arch/x86/kernel/cpu/common.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index f31e286c2977..ccce0ccd8589 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -1519,12 +1519,12 @@ SYM_CODE_END(asm_exc_nmi) * This handles SYSCALL from 32-bit code. There is no way to program * MSRs to fully disable 32-bit SYSCALL. */ -SYM_CODE_START(ignore_sysret) +SYM_CODE_START(entry_SYSCALL32_ignore) UNWIND_HINT_END_OF_STACK ENDBR mov $-ENOSYS, %eax sysretl -SYM_CODE_END(ignore_sysret) +SYM_CODE_END(entry_SYSCALL32_ignore) #endif .pushsection .text, "ax" diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index a1e4fa58b357..61c10b4e3e35 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -399,7 +399,7 @@ static inline unsigned long cpu_kernelmode_gs_base(int cpu) return (unsigned long)per_cpu(fixed_percpu_data.gs_base, cpu); } -extern asmlinkage void ignore_sysret(void); +extern asmlinkage void entry_SYSCALL32_ignore(void); /* Save actual FS/GS selectors and bases to current->thread */ void current_save_fsgs(void); diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 80710a68ef7d..b20774181e1a 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2066,7 +2066,7 @@ void syscall_init(void) (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1)); wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat); #else - wrmsrl_cstar((unsigned long)ignore_sysret); + wrmsrl_cstar((unsigned long)entry_SYSCALL32_ignore); wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG); wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL); wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL); From patchwork Fri Jun 16 12:57:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Borisov X-Patchwork-Id: 109127 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp1347884vqr; Fri, 16 Jun 2023 06:34:24 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4rbef3EAsyNdpXE9z/+dgn32pDkagGqY+KEFmxVCgsvyNrp4KvMnAn9akbUg4d+OQhMZHt X-Received: by 2002:a05:6a00:1a4e:b0:653:a90e:b63e with SMTP id h14-20020a056a001a4e00b00653a90eb63emr2156839pfv.21.1686922463499; Fri, 16 Jun 2023 06:34:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686922463; cv=none; d=google.com; s=arc-20160816; b=zWEBRQ9PdqOiXI/YwTg5esCjorSKbYutZGpFuOnwutE0cSoPyeBfUcYx3i1jpunB1Y BuU1QmEmPwgiprr3SILjNJryzoil4Gys+gLUyHZHrhe0m3lgZlK0/qf3iJJ0a+HNw2ft KsymvBkiQTwom339RYE+Ha/KbKuzUmGYGHU6YuqnFZGWhpOUyht7F/Fu9GHRtt+YCM5s wpqysUGDrN7p5mO9IAYli8Cnf9RWTsHyyj+Z8dm5AURKRJoLiTYL+dBNno5aWV5nfjfV RUenCKu0VDgoOmv/Bd7ihEdDQR1uzCu1vKt953dZBtjeZbzlUgd90r4KNG9a01HP1OlZ 7ewA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=SoXFQh+RzasTMouNeEc9Sv2mkn82qFE8WfTasNo7vBE=; b=lU4p/tZQGNreoO+ps8A8xGFTF4nx7r7h2HSdPyLeNEczGOYLIsVFQ5Glk5i+lb4EYg b0Z8J9x7Adv+KfgTxDd6bRhKkP/ixNHFycaQRLbxhn2FawgU+WaFlqSdZCODSSTMjBav Q1z5bJRoVMUx6oFm6gTd3BUgUAZLCx6xgzP07DpY9rTLVOM62GPn5dXmvdB8Zug8mMHH 9h9cs+QxUmu/TUZmWy5jRwU+heBVW2jOY9bd5Usvx48IUKjikrJWDtA9Gsqs4W8uFITI BwO03N82h+26ZIsekg5wOxvxB00TXZbWOb+mfz1f2fdvtVTsz+GDX10reVDdInKTt38f InsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=sDNCqdYQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h26-20020a63385a000000b005537c93c40asi1054807pgn.146.2023.06.16.06.34.08; Fri, 16 Jun 2023 06:34:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=sDNCqdYQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345540AbjFPM6H (ORCPT + 99 others); Fri, 16 Jun 2023 08:58:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345512AbjFPM5y (ORCPT ); Fri, 16 Jun 2023 08:57:54 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 016CE2713 for ; Fri, 16 Jun 2023 05:57:52 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 942E022057; Fri, 16 Jun 2023 12:57:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1686920271; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SoXFQh+RzasTMouNeEc9Sv2mkn82qFE8WfTasNo7vBE=; b=sDNCqdYQ9KuxM/AapNsR3qQipjbFj4+Pt0gEHCUgW8lqoS7iiEQEKbIKAbGsgA3Hrr5kDs HpEE9CHDy5K1UwzUvknprcAGsJtjWXq7JQXZ6W1IkYExK8Sd1je0HqrygxBMIJDNPYTLIy BQfj3R/F9fXwQPnQ42TQGoWUfhZ+1hM= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 3EBBE1391E; Fri, 16 Jun 2023 12:57:51 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id IL+0DE9cjGTjNwAAMHmgww (envelope-from ); Fri, 16 Jun 2023 12:57:51 +0000 From: Nikolay Borisov To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz, Nikolay Borisov Subject: [PATCH v3 3/5] x86/entry: Compile entry_SYSCALL32_ignore unconditionally Date: Fri, 16 Jun 2023 15:57:28 +0300 Message-Id: <20230616125730.1164989-4-nik.borisov@suse.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230616125730.1164989-1-nik.borisov@suse.com> References: <20230616125730.1164989-1-nik.borisov@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768866409132164694?= X-GMAIL-MSGID: =?utf-8?q?1768866409132164694?= In upcomiing patches entry_SYSCALL32_ignore() could be used even if CONFIG_IA32_EMULATION is selected but IA32 support is disabled either via CONFIG_IA32_EMULATION_DEFAULT_DISABLED or the runtime override.i Just compile it unconditionally. Signed-off-by: Nikolay Borisov --- arch/x86/entry/entry_64.S | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index ccce0ccd8589..7068af44008a 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -1514,7 +1514,6 @@ SYM_CODE_START(asm_exc_nmi) iretq SYM_CODE_END(asm_exc_nmi) -#ifndef CONFIG_IA32_EMULATION /* * This handles SYSCALL from 32-bit code. There is no way to program * MSRs to fully disable 32-bit SYSCALL. @@ -1525,7 +1524,6 @@ SYM_CODE_START(entry_SYSCALL32_ignore) mov $-ENOSYS, %eax sysretl SYM_CODE_END(entry_SYSCALL32_ignore) -#endif .pushsection .text, "ax" __FUNC_ALIGN From patchwork Fri Jun 16 12:57:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Borisov X-Patchwork-Id: 109120 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp1334570vqr; Fri, 16 Jun 2023 06:15:07 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ79WIWUfuhwbZV4Y3/FMkPoY8rzqE9ofXMDJVt0ubS2EPH03DCFon9Df/nMbQvrkUxHOGZX X-Received: by 2002:a05:6a20:3d93:b0:10b:78d6:a2c8 with SMTP id s19-20020a056a203d9300b0010b78d6a2c8mr2462524pzi.15.1686921307356; Fri, 16 Jun 2023 06:15:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686921307; cv=none; d=google.com; s=arc-20160816; b=UunwWb96WqMlaLgPlqhqsobBBXJrchmWUYxoXY/B4U4yihbc10fwEpLiEzrUke4LFx SNOVr5gUHmYu5Ts/9CzMxMonb2x0zT9PYQLtqLMtZkc3DSKSXOl5H2IbzsEiqfnBRnhB +onyYjIXsxUZIH6MC8d7AAI8yO9PW23215E/cnlo+0KHjz8i/dylXTCLpgqB696g36vK iAGOm6DLP1fGHwRkLuTZXSycO96dzyjnJ/8OZDG1ZuQGmuNciX5AHJRYBNXkWOv6aqey Q612haWi6apA6ZKXv14a2VkMKAqvExL2Elva2bllpRUSXthXlLsENlKbc77eThufM6xA H5Rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=uebKOiOaouuF4hP+m2W8QMLwwo8lvdplmN5LTEefmQs=; b=xQZf0rFiEfqpIma3PQUS14xXS9cF5Of88vMVRVvWaBxrV9M6VSZPvts9iCevjj1OrZ RPOqB2TGtqxAHE+FCtI7SyuzPxISk3nFXwqyoa5M91jjj/7JweER1wG0TjWFYUAkfbAL g517fPVN/NSOOMt07wLhfQp1vEzGHiWG1ntf2hE3X4Oy//hTkzbB6OutdUkKIM9zeBVH Nx7NN/xT8+XGuqe/B/91D9EjgtQLRffibScgCVeAgEx/4edXDhCDdXTYEugGhGV6xd9k hs3kf8l+cCWx3gD/9drwdkDa7fhy93pMfGZGbqCfA6W2e67nU5ITv1kRH7XDLIeDIYUS KmDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=ApQssAVD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i12-20020a63a84c000000b0054392750edfsi3092249pgp.744.2023.06.16.06.14.54; Fri, 16 Jun 2023 06:15:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=ApQssAVD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345546AbjFPM6E (ORCPT + 99 others); Fri, 16 Jun 2023 08:58:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49018 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345513AbjFPM5y (ORCPT ); Fri, 16 Jun 2023 08:57:54 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 898F5358C for ; Fri, 16 Jun 2023 05:57:53 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 071211F8AC; Fri, 16 Jun 2023 12:57:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1686920272; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uebKOiOaouuF4hP+m2W8QMLwwo8lvdplmN5LTEefmQs=; b=ApQssAVDFiBkb791JaTp+XIxktjd23BYoBaEWhjnIkcR4UR6Ziljlnuq8PkAWp36ZWfp7h jRcdbUm7Ja7zjBEJRkdn4nGYBEExEXV4DKGne1uxAa6iUzNJXHCIvyNcaMiWdhX2FpuraS puIfvomTJiZ+hOjOPGeaATq5oWT8POs= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id A41371330B; Fri, 16 Jun 2023 12:57:51 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id aHRnJU9cjGTjNwAAMHmgww (envelope-from ); Fri, 16 Jun 2023 12:57:51 +0000 From: Nikolay Borisov To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz, Nikolay Borisov Subject: [PATCH v3 4/5] x86/elf: Make loading of 32bit processes depend on ia32_enabled() Date: Fri, 16 Jun 2023 15:57:29 +0300 Message-Id: <20230616125730.1164989-5-nik.borisov@suse.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230616125730.1164989-1-nik.borisov@suse.com> References: <20230616125730.1164989-1-nik.borisov@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768865196986460786?= X-GMAIL-MSGID: =?utf-8?q?1768865196986460786?= Major aspect of ia32 emulation is the ability to load 32bit processes. That's currently decided (among others) by compat_elf_check_arch(). Make this macro also consider the runtime state of ia32 emulation before allowing to load a 32bit process. Signed-off-by: Nikolay Borisov --- arch/x86/include/asm/elf.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h index 18fd06f7936a..a0234dfd1031 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h @@ -7,6 +7,7 @@ */ #include +#include #include #include #include @@ -149,7 +150,7 @@ do { \ ((x)->e_machine == EM_X86_64) #define compat_elf_check_arch(x) \ - (elf_check_arch_ia32(x) || \ + ((elf_check_arch_ia32(x) && ia32_enabled()) || \ (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64)) static inline void elf_common_init(struct thread_struct *t, From patchwork Fri Jun 16 12:57:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Borisov X-Patchwork-Id: 109119 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp1334040vqr; Fri, 16 Jun 2023 06:14:20 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5UrQ03NLtIL3eS04jktYOJI0oTOWZlEFjgZoVIr6K55XpLB4+wsOEWnhPdLvnJb+kmzUjZ X-Received: by 2002:a05:6a20:958e:b0:112:bdd3:9b81 with SMTP id iu14-20020a056a20958e00b00112bdd39b81mr2092541pzb.15.1686921259757; Fri, 16 Jun 2023 06:14:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686921259; cv=none; d=google.com; s=arc-20160816; b=klwsQRKAkHP+N2yHsu31/PWeG78+35E5WwPJmFjBYaJjyA5Qbf6LHFCQDQI8ybjlG+ cm/UV2vBYTxVkO2gxT+sj905QrAQBN1ShXRkZvURpQ5MhkdB8GcrqE0yC3JciOu7H+kZ ihYuOp12VaXnVq4CYO1q0aZ7Q/DtyU4KOUGNy0j5u+vtqhL/sGsPT8ikT29bikSiUMp2 W6W8DA2xqdB42rHubW1se5pEK7YUpce983vE9kCTlH9oejIGEKb28dhbGWcem3ErMJZb 1JhPW1SrgWdtQTbG3+zQfTSjaQC0b+gSUqTCk6T7NufJPSimziXe+P1xP5P4d2GML6og iGdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=r5l0I7eBFBkp7pUTsqoXpH4MWyzhP0CIq3tLVPiIHsU=; b=dJHzatQBMP/pa9ONF/jRGjyP9aURpcsCGyyY0XUJPWwwSl+VKX3wxVwUavGGf+k0FC cSsnTbn2Sdds94hskcQ1VtccjCWs4aGzlLHSdyqadNKKMZkr4IAftdPq5iE0ZQ61aRG2 61rlU9uV7cKYWTyWNPAGGq5obJnKG/8XD/cN+OVCeCdHxF/ln4ufWNRwdHtRHH6FUV+E KWClYX21421UXXxXtjsNZPFbeY24iKchQx5Bq27OJMXT2MiQjkES26SNkX047IC8TT7/ co9tTDJvcH0v5Q8FRB0B1BNYkrulNpidrZ5a85CcU034aHuJ5XSBArc4g6MG02T6WfeK DAMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=cvjqFwbI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a73-20020a63904c000000b0055386e1eba2si130976pge.676.2023.06.16.06.14.04; Fri, 16 Jun 2023 06:14:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=cvjqFwbI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345582AbjFPM6L (ORCPT + 99 others); Fri, 16 Jun 2023 08:58:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49022 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345514AbjFPM5y (ORCPT ); Fri, 16 Jun 2023 08:57:54 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BADAD358E for ; Fri, 16 Jun 2023 05:57:53 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 6E7D31F8B2; Fri, 16 Jun 2023 12:57:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1686920272; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=r5l0I7eBFBkp7pUTsqoXpH4MWyzhP0CIq3tLVPiIHsU=; b=cvjqFwbIX1EbCJBxsJDSHICFEY49CCSjHjsusezFZX0nf8PgWIwcdUmwr8BkGMiI/8Z3Om GMYT8BXRO8KlstTDTqOECV2KYZWP0yN/rfJF07NP2ZIIqScSVeUss66l9S3qf/gGGNWS1q biozn1b7AL5yTmeST4U4XgBfxYF5DhA= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 19CBA1330B; Fri, 16 Jun 2023 12:57:52 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id kEWaA1BcjGTjNwAAMHmgww (envelope-from ); Fri, 16 Jun 2023 12:57:52 +0000 From: Nikolay Borisov To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz, Nikolay Borisov Subject: [PATCH v3 5/5] x86/entry: Make IA32 syscalls' availability depend on ia32_enabled() Date: Fri, 16 Jun 2023 15:57:30 +0300 Message-Id: <20230616125730.1164989-6-nik.borisov@suse.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230616125730.1164989-1-nik.borisov@suse.com> References: <20230616125730.1164989-1-nik.borisov@suse.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768865146894278450?= X-GMAIL-MSGID: =?utf-8?q?1768865146894278450?= Another major aspect of supporting running of 32bit processes is the ability to access 32bit syscalls. Such syscalls are invoked either by using the legacy int 0x80 call gate interface or via the newer sysenter instruction. Ensure that if ia32 emulation is disabled (either at compile time or runtime) then those 2 syscall mechanisms are also disabled. Signed-off-by: Nikolay Borisov --- arch/x86/include/asm/proto.h | 3 +++ arch/x86/kernel/cpu/common.c | 37 ++++++++++++++++++------------------ arch/x86/kernel/idt.c | 10 ++++++++++ 3 files changed, 32 insertions(+), 18 deletions(-) diff --git a/arch/x86/include/asm/proto.h b/arch/x86/include/asm/proto.h index 12ef86b19910..1241d27fc4a6 100644 --- a/arch/x86/include/asm/proto.h +++ b/arch/x86/include/asm/proto.h @@ -36,6 +36,9 @@ void entry_INT80_compat(void); #ifdef CONFIG_XEN_PV void xen_entry_INT80_compat(void); #endif +#else /* #CONFIG_IA32_EMULATION */ +#define entry_SYSCALL_compat NULL +#define entry_SYSENTER_compat NULL #endif void x86_configure_nx(void); diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index b20774181e1a..aafb83d1b3a7 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -59,6 +59,7 @@ #include #include #include +#include #include #include #include @@ -2053,24 +2054,24 @@ void syscall_init(void) wrmsr(MSR_STAR, 0, (__USER32_CS << 16) | __KERNEL_CS); wrmsrl(MSR_LSTAR, (unsigned long)entry_SYSCALL_64); -#ifdef CONFIG_IA32_EMULATION - wrmsrl_cstar((unsigned long)entry_SYSCALL_compat); - /* - * This only works on Intel CPUs. - * On AMD CPUs these MSRs are 32-bit, CPU truncates MSR_IA32_SYSENTER_EIP. - * This does not cause SYSENTER to jump to the wrong location, because - * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit). - */ - wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS); - wrmsrl_safe(MSR_IA32_SYSENTER_ESP, - (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1)); - wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat); -#else - wrmsrl_cstar((unsigned long)entry_SYSCALL32_ignore); - wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG); - wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL); - wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL); -#endif + if (ia32_enabled()) { + wrmsrl_cstar((unsigned long)entry_SYSCALL_compat); + /* + * This only works on Intel CPUs. + * On AMD CPUs these MSRs are 32-bit, CPU truncates MSR_IA32_SYSENTER_EIP. + * This does not cause SYSENTER to jump to the wrong location, because + * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit). + */ + wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS); + wrmsrl_safe(MSR_IA32_SYSENTER_ESP, + (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1)); + wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat); + } else { + wrmsrl_cstar((unsigned long)entry_SYSCALL32_ignore); + wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG); + wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL); + wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL); + } /* * Flags to clear on syscall; clear as much as possible diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c index a58c6bc1cd68..c76953656212 100644 --- a/arch/x86/kernel/idt.c +++ b/arch/x86/kernel/idt.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #define DPL0 0x0 @@ -116,6 +117,9 @@ static const __initconst struct idt_data def_idts[] = { #endif SYSG(X86_TRAP_OF, asm_exc_overflow), +}; + +static const struct idt_data ia32_idt[] __initconst = { #if defined(CONFIG_IA32_EMULATION) SYSG(IA32_SYSCALL_VECTOR, entry_INT80_compat), #elif defined(CONFIG_X86_32) @@ -226,6 +230,12 @@ void __init idt_setup_early_traps(void) void __init idt_setup_traps(void) { idt_setup_from_table(idt_table, def_idts, ARRAY_SIZE(def_idts), true); + + if (ia32_enabled()) { + idt_setup_from_table(idt_table, ia32_idt, ARRAY_SIZE(ia32_idt), + true); + } + } #ifdef CONFIG_X86_64