From patchwork Wed Jun 25 12:50:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 899782 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 374AB262808; Wed, 25 Jun 2025 12:51:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.15 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855888; cv=none; b=lHfWSctFZS03nCRsiR5yTxGu3a1eShGD85zv5WQLochrq75QUZCpmxCXvVvnedCKoDKTHrYRqeSEXHgA4YEgM1LmOImlyYXU9t7W1+Fmo1mq7O0iv39JEUd+jFcXbUgs9T73nr2AZoUMQziYK8Q7MwDQQI17F4JxF1WmIRgCuQE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855888; c=relaxed/simple; bh=Xzzfhu4lsneCUqevfiSwo4Dmq9+LRc6Pryq8VsUgiU4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=emasUWC26D3V183RPtGL99l7yPocTsyjrRqq9xACNMQ2v3Riog8vwC62kpQIYo9yfitPmK2uyrPoNG0Cqkq5GvTceR1uedHYM52Sof8nFzQXAsDFIR3fvKQRG1x+2Rp7X4SJcsVDP7U1V8sAOjxr0lCHl2lcMEyVgq5Gm1XQ9ks= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=JtD83uXo; arc=none smtp.client-ip=192.198.163.15 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="JtD83uXo" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750855886; x=1782391886; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Xzzfhu4lsneCUqevfiSwo4Dmq9+LRc6Pryq8VsUgiU4=; b=JtD83uXoKJlOGYqfwybdhJsJIhOIsN/FVdssnU4EZM8TxQ3O06nhZ549 lX0k0wiwJH9p4wZuKAtFF7fjmxb/gnAxUUYLFvWMy6N4/YJOKcvM1tzaD hTyJ4tTcKHq31Ly4fEfaJHl5pDHzBz2Ao/peUCX6v4d0kss4blMAZEjuc HEAwWJ72a0pz5fzuLGAv3BR71YjkwULv81o+7bpLgB7FfvGsYaWio0Y3I uzCV1mXsc3KIR7mxCgZzhOkR+SIpXwH8lOMoQsMH+v+XXQHgYAFaSWne9 hzSbnvVlX1bFR5OsthafYJVHcMlrCKywUYtCkGLppgBEsPAMYMqGMZSsz g==; X-CSE-ConnectionGUID: fJATbmCeSZ2W60wOZ6lz1Q== X-CSE-MsgGUID: o5IIQOBdSAK/lm0Ewkiusg== X-IronPort-AV: E=McAfee;i="6800,10657,11474"; a="53263553" X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="53263553" Received: from orviesa005.jf.intel.com ([10.64.159.145]) by fmvoesa109.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2025 05:51:25 -0700 X-CSE-ConnectionGUID: jw3JSwXSQh2ZPqFr9ESfWQ== X-CSE-MsgGUID: SEss1ZnmSjCRe7LmgG67fQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="157976884" Received: from black.fi.intel.com ([10.237.72.28]) by orviesa005.jf.intel.com with ESMTP; 25 Jun 2025 05:51:14 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 5361912D; Wed, 25 Jun 2025 15:51:12 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv7 01/16] x86/cpu: Enumerate the LASS feature bits Date: Wed, 25 Jun 2025 15:50:53 +0300 Message-ID: <20250625125112.3943745-2-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> References: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sohil Mehta Linear Address Space Separation (LASS) is a security feature that intends to prevent malicious virtual address space accesses across user/kernel mode. Such mode based access protection already exists today with paging and features such as SMEP and SMAP. However, to enforce these protections, the processor must traverse the paging structures in memory. Malicious software can use timing information resulting from this traversal to determine details about the paging structures, and these details may also be used to determine the layout of the kernel memory. The LASS mechanism provides the same mode-based protections as paging but without traversing the paging structures. Because the protections enforced by LASS are applied before paging, software will not be able to derive paging-based timing information from the various caching structures such as the TLBs, mid-level caches, page walker, data caches, etc. LASS enforcement relies on the typical kernel implementation to divide the 64-bit virtual address space into two halves: Addr[63]=0 -> User address space Addr[63]=1 -> Kernel address space Any data access or code execution across address spaces typically results in a #GP fault. The LASS enforcement for kernel data access is dependent on CR4.SMAP being set. The enforcement can be disabled by toggling the RFLAGS.AC bit similar to SMAP. Define the CPU feature bits to enumerate this feature and include feature dependencies to reflect the same. LASS provides protection against a class of speculative attacks, such as SLAM[1]. Add the "lass" flag to /proc/cpuinfo to indicate that the feature is supported by hardware and enabled by the kernel. This allows userspace to determine if the setup is secure against such attacks. [1] https://download.vusec.net/papers/slam_sp24.pdf Co-developed-by: Yian Chen Signed-off-by: Yian Chen Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin Signed-off-by: Kirill A. Shutemov --- arch/x86/Kconfig.cpufeatures | 4 ++++ arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/uapi/asm/processor-flags.h | 2 ++ arch/x86/kernel/cpu/cpuid-deps.c | 1 + tools/arch/x86/include/asm/cpufeatures.h | 1 + 5 files changed, 9 insertions(+) diff --git a/arch/x86/Kconfig.cpufeatures b/arch/x86/Kconfig.cpufeatures index 250c10627ab3..733d5aff2456 100644 --- a/arch/x86/Kconfig.cpufeatures +++ b/arch/x86/Kconfig.cpufeatures @@ -124,6 +124,10 @@ config X86_DISABLED_FEATURE_PCID def_bool y depends on !X86_64 +config X86_DISABLED_FEATURE_LASS + def_bool y + depends on X86_32 + config X86_DISABLED_FEATURE_PKU def_bool y depends on !X86_INTEL_MEMORY_PROTECTION_KEYS diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index b78af55aa22e..8eef1ad7aca2 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -313,6 +313,7 @@ #define X86_FEATURE_SM4 (12*32+ 2) /* SM4 instructions */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* "avx_vnni" AVX VNNI instructions */ #define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* "avx512_bf16" AVX512 BFLOAT16 instructions */ +#define X86_FEATURE_LASS (12*32+ 6) /* "lass" Linear Address Space Separation */ #define X86_FEATURE_CMPCCXADD (12*32+ 7) /* CMPccXADD instructions */ #define X86_FEATURE_ARCH_PERFMON_EXT (12*32+ 8) /* Intel Architectural PerfMon Extension */ #define X86_FEATURE_FZRM (12*32+10) /* Fast zero-length REP MOVSB */ diff --git a/arch/x86/include/uapi/asm/processor-flags.h b/arch/x86/include/uapi/asm/processor-flags.h index f1a4adc78272..81d0c8bf1137 100644 --- a/arch/x86/include/uapi/asm/processor-flags.h +++ b/arch/x86/include/uapi/asm/processor-flags.h @@ -136,6 +136,8 @@ #define X86_CR4_PKE _BITUL(X86_CR4_PKE_BIT) #define X86_CR4_CET_BIT 23 /* enable Control-flow Enforcement Technology */ #define X86_CR4_CET _BITUL(X86_CR4_CET_BIT) +#define X86_CR4_LASS_BIT 27 /* enable Linear Address Space Separation support */ +#define X86_CR4_LASS _BITUL(X86_CR4_LASS_BIT) #define X86_CR4_LAM_SUP_BIT 28 /* LAM for supervisor pointers */ #define X86_CR4_LAM_SUP _BITUL(X86_CR4_LAM_SUP_BIT) diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c index 46efcbd6afa4..98d0cdd82574 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -89,6 +89,7 @@ static const struct cpuid_dep cpuid_deps[] = { { X86_FEATURE_SHSTK, X86_FEATURE_XSAVES }, { X86_FEATURE_FRED, X86_FEATURE_LKGS }, { X86_FEATURE_SPEC_CTRL_SSBD, X86_FEATURE_SPEC_CTRL }, + { X86_FEATURE_LASS, X86_FEATURE_SMAP }, {} }; diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h index ee176236c2be..4473a6f7800b 100644 --- a/tools/arch/x86/include/asm/cpufeatures.h +++ b/tools/arch/x86/include/asm/cpufeatures.h @@ -313,6 +313,7 @@ #define X86_FEATURE_SM4 (12*32+ 2) /* SM4 instructions */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* "avx_vnni" AVX VNNI instructions */ #define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* "avx512_bf16" AVX512 BFLOAT16 instructions */ +#define X86_FEATURE_LASS (12*32+ 6) /* "lass" Linear Address Space Separation */ #define X86_FEATURE_CMPCCXADD (12*32+ 7) /* CMPccXADD instructions */ #define X86_FEATURE_ARCH_PERFMON_EXT (12*32+ 8) /* Intel Architectural PerfMon Extension */ #define X86_FEATURE_FZRM (12*32+10) /* Fast zero-length REP MOVSB */ From patchwork Wed Jun 25 12:50:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 899780 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A5971262FF8; Wed, 25 Jun 2025 12:51:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.14 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855890; cv=none; b=DvP02n2JZMFn6IIAGRVtK8/1qE4rBbviFykOBmhE+lhTysrG96lVIgIYX5UPLKvDEbHCw1i1jwMoRasrZPvEqFfOCY3UJtDkjRB3y6OK834ts2s+PopAvMwq6u1ZWoOb7cuvI2L7jZ1A0lAmLAg62PpUtkXI7DBjwU1XLW4MxX8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855890; c=relaxed/simple; bh=KVi1SbCxLhPwipXkfMiClroXvuKW+0f0MpKQ0MUg/MY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=o53iGuIGNn8FzeqYD+GBCf8si9tT59CRDzuJR6eBJ9iipdiHOnysrBxUW5khbLTzDPEcgYNjdGN0lHeKvmHkI3sfAlWWIXEnBSJ5SAn/+/6J2fpHJn/UkiCYPP0GcC/yz9XibSTuVegjSQ2qkHTQYcFtiMr3NcOpC321j/EGsrY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=bUVnJDzF; arc=none smtp.client-ip=192.198.163.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="bUVnJDzF" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750855888; x=1782391888; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=KVi1SbCxLhPwipXkfMiClroXvuKW+0f0MpKQ0MUg/MY=; b=bUVnJDzFf4MYDEiCKjnGvCm/hn7MwWM+6csKFFHai2RfoKrJz4x9DRXS f1DjmvLebPkAaWGn+lvi4V2D2xOxOrVOpnHxbwtwg7y2OG+ZEJe+3Fmbf IdXlOuMRiiToiarQyv72DrOLxTyZSpyTRIBtGumw+aF+X8PDetNYDhq3F T3+DDjarru73PFujlkS0D1qrP1s6cnAaEYFCczKtej7uBwOOwkxeXszBC L0xZeBq95YnNo4xUn+qIeRKIv0TXuXLDf8uYXhMHuxCoXzZTfEuRBdM3l fActcYrWJejZjcDZQhRfJyee01P1OkU9/5S5zp5r0bPsIC2p51uOZ/Gcq w==; X-CSE-ConnectionGUID: OrYN/U7LTL+gpwH76T36vw== X-CSE-MsgGUID: +SYsD78VSrO33ZJRqo5uDA== X-IronPort-AV: E=McAfee;i="6800,10657,11474"; a="53189522" X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="53189522" Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa108.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2025 05:51:28 -0700 X-CSE-ConnectionGUID: GF2unmvcT8uUvY7B1febpw== X-CSE-MsgGUID: 7pcmBo8tTpCXMijl0qyhnw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="151830943" Received: from black.fi.intel.com ([10.237.72.28]) by fmviesa007.fm.intel.com with ESMTP; 25 Jun 2025 05:51:17 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 9A9AD4A1; Wed, 25 Jun 2025 15:51:12 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv7 04/16] x86/cpu: Defer CR pinning setup until after EFI initialization Date: Wed, 25 Jun 2025 15:50:57 +0300 Message-ID: <20250625125112.3943745-6-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> References: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Alexander Shishkin In order to map the EFI runtime services, set_virtual_address_map() needs to be called, which resides in the lower half of the address space. This means that LASS needs to be temporarily disabled around this call. This can only be done before the CR pinning is set up. Move CR pinning setup behind the EFI initialization. Wrapping efi_enter_virtual_mode() into lass_disable/enable_enforcement() is not enough because AC flag gates data accesses, but not instruction fetch. Clearing the CR4 bit is required. Signed-off-by: Alexander Shishkin Suggested-by: Kirill A. Shutemov Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/cpu/common.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 4f430be285de..9918121e0adc 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2081,7 +2081,6 @@ static __init void identify_boot_cpu(void) enable_sep_cpu(); #endif cpu_detect_tlb(&boot_cpu_data); - setup_cr_pinning(); tsx_init(); tdx_init(); @@ -2532,10 +2531,14 @@ void __init arch_cpu_finalize_init(void) /* * This needs to follow the FPU initializtion, since EFI depends on it. + * + * EFI twiddles CR4.LASS. Do it before CR pinning. */ if (efi_enabled(EFI_RUNTIME_SERVICES)) efi_enter_virtual_mode(); + setup_cr_pinning(); + /* * Ensure that access to the per CPU representation has the initial * boot CPU configuration. From patchwork Wed Jun 25 12:50:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 899779 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F001A2641CC; Wed, 25 Jun 2025 12:51:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.14 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855891; cv=none; b=Oby9DNXNURnT4C/rhemDNv0Q9i9y0gOs4yMEHBkH8cozBhkEn55WosvuSDyBpZYs4ueBVG0j0JEydnwCrxTCzMVncHy0f3klxnG+ua9RoHojIuyJtd4sEKKcgq+OPsKnB+tl0PvkUe64kJXmLz8wLMe+74VID7X+9ZotIS3lxIc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855891; c=relaxed/simple; bh=TQ5RCfOQ/5tuZqESL8hi2WCyzYpg/ALQ/w3Eenbo4Ow=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=p0ygqzR3yHjvQ2q2IVUyCqA1N6nXqnNRHDdQ3uyetNq3NEc+YT7EN38+h30QUbwyn2cRcwryY1SkJQBFf6LU0UYth0csch12t6SxDoSt1glHepYXgBcCMw0Wf29C4tA6Ni4wB+sJv1qFl82Oh1pRW+pO6pcwgUYWlDLPW5Tghzk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=BUqzN/ov; arc=none smtp.client-ip=198.175.65.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="BUqzN/ov" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750855890; x=1782391890; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=TQ5RCfOQ/5tuZqESL8hi2WCyzYpg/ALQ/w3Eenbo4Ow=; b=BUqzN/ov+MIAi+jUqRuffj81qrn0hP9MZdxBWdNLhik+850nUOcAT4yW ngER3URvQmMpuWk6LAGqCm7NNSg1qd3a5TauiDYfwMTFTbysPQ/1b4VT/ fB7c2Id0dwQPJh1Z6l738UDe6pTWUvurVnY9OKpV8NB9H08mKScoyu8Ci SmoO3lhrPVpsDuYQFX7jtVEv9igxNcVy8P9XFIDl6/9mfnKusWvL36ph3 1TCrObyWfS7mNs1Oj7IFtxqKeCP4OdQA/YX3hM8/6Qcq3F9JLbcmsQflm Q5KkkfJAzHTIp147w46tuXo7oDiKEFbX/VWe0FTgEfkgGXIFanfzyT0QN w==; X-CSE-ConnectionGUID: dfGE9jEvSPW+F9+vDE7ypQ== X-CSE-MsgGUID: eps+vFMtTs+eTrzRZXlPSw== X-IronPort-AV: E=McAfee;i="6800,10657,11474"; a="56908319" X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="56908319" Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by orvoesa106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2025 05:51:29 -0700 X-CSE-ConnectionGUID: zHGruUlaTpuSShyTG2JVlw== X-CSE-MsgGUID: rT6unHdoRUGtZbk9Fc4xfQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="152919793" Received: from black.fi.intel.com ([10.237.72.28]) by fmviesa010.fm.intel.com with ESMTP; 25 Jun 2025 05:51:19 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id BFBB74E1; Wed, 25 Jun 2025 15:51:12 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv7 06/16] x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Date: Wed, 25 Jun 2025 15:50:59 +0300 Message-ID: <20250625125112.3943745-8-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> References: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 emulate_vsyscall() expects to see X86_PF_INSTR in PFEC on a vsyscall page fault, but the CPU does not report X86_PF_INSTR if neither X86_FEATURE_NX nor X86_FEATURE_SMEP are enabled. X86_FEATURE_NX should be enabled on nearly all 64-bit CPUs, except for early P4 processors that did not support this feature. Instead of explicitly checking for X86_PF_INSTR, compare the fault address against RIP. On machines with X86_FEATURE_NX enabled, issue a warning if RIP is equal to fault address but X86_PF_INSTR is absent. Originally-by: Dave Hansen Link: https://lore.kernel.org/all/bd81a98b-f8d4-4304-ac55-d4151a1a77ab@intel.com Signed-off-by: Kirill A. Shutemov Reported-by: Andrew Cooper Reviewed-by: Andrew Cooper --- arch/x86/entry/vsyscall/vsyscall_64.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c index c9103a6fa06e..0b0e0283994f 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -124,7 +124,8 @@ bool emulate_vsyscall(unsigned long error_code, if ((error_code & (X86_PF_WRITE | X86_PF_USER)) != X86_PF_USER) return false; - if (!(error_code & X86_PF_INSTR)) { + /* Avoid emulation unless userspace was executing from vsyscall page: */ + if (address != regs->ip) { /* Failed vsyscall read */ if (vsyscall_mode == EMULATE) return false; @@ -136,13 +137,16 @@ bool emulate_vsyscall(unsigned long error_code, return false; } + + /* X86_PF_INSTR is only set when NX is supported: */ + if (cpu_feature_enabled(X86_FEATURE_NX)) + WARN_ON_ONCE(!(error_code & X86_PF_INSTR)); + /* * No point in checking CS -- the only way to get here is a user mode * trap to a high address, which means that we're in 64-bit user code. */ - WARN_ON_ONCE(address != regs->ip); - if (vsyscall_mode == NONE) { warn_bad_vsyscall(KERN_INFO, regs, "vsyscall attempted with vsyscall=none"); From patchwork Wed Jun 25 12:51:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 899778 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B906E265292; Wed, 25 Jun 2025 12:51:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.14 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855893; cv=none; b=GFDhBs/jxiIhWuy/i4yt0odnFQsJB4PKplmF28UZyhXPP8XHDz6y/iHMR8uTUO7qsr+wiUw/3q8rThm5oVoBlMiR0IShueCQkghQ5i+ONbaq99bLWFzFW5i0E3V3ccgdYKOexpH2CycPI6V+ccTU4pVE2UKJQTBLmDjqxZjErME= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855893; c=relaxed/simple; bh=GkZc9oX0bGyfhB00ib+Vypspe5Y0XCe0GUwAqpAwtwU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Ddmmxtbwx2IpDODab35XtFbakLi81sMPbyY/f/jMLvs2+Zim+/NUVdLBMVOlxkWO5VTKa3EwynfCUdhJ1C77eGfH971UfGuIR8h/at82xmEetQIrY3sEBFhg7D+aO9xZisYr0rTR0OQes8S5XlDXfEnMfbcSHnHMvKLjbT0GRag= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=muPW10nY; arc=none smtp.client-ip=192.198.163.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="muPW10nY" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750855892; x=1782391892; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=GkZc9oX0bGyfhB00ib+Vypspe5Y0XCe0GUwAqpAwtwU=; b=muPW10nYNHXUfnqxx1g7Rnws7t09peTLfSEISkOD3BxHsGS/lZdt/bng ZznHAWy9bHvvhPVfD2gz4XW+FUq5rIJ9yPSpqWSWghv+SRtkxl+oSj3aX bG0z9slQ/3rSg77IVqMF5QuTyM0/3fZ5KrfwJzTbCMarldVMh8Wtmyc1V 6bu/9NmsAeMIjLjLuACvLCYpJ3xXJqTth3py8t/Kbv5wPqU1TKt2rXW4d 5KQQdTQBDkkTzDgHEwQxOX6Jy8rjlLtekB9mDo24T5uvIPRIyiKJLeg2/ lf6h15JKuco5uYDhIgQdJy/jynXGEDR5isThN7wo43G1fXjXilOFXO6ur A==; X-CSE-ConnectionGUID: Ci3hK6ESQuqcVwAxZMJVTA== X-CSE-MsgGUID: Q0JhiCYyTZ6wlY0jdPlWHw== X-IronPort-AV: E=McAfee;i="6800,10657,11474"; a="53189567" X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="53189567" Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa108.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2025 05:51:31 -0700 X-CSE-ConnectionGUID: MC7cDlfzQIKKuFefVebO6w== X-CSE-MsgGUID: ycgt7at0QQSOCLeRsvfyZA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="151830971" Received: from black.fi.intel.com ([10.237.72.28]) by fmviesa007.fm.intel.com with ESMTP; 25 Jun 2025 05:51:20 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id DA729648; Wed, 25 Jun 2025 15:51:12 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv7 08/16] x86/traps: Consolidate user fixups in exc_general_protection() Date: Wed, 25 Jun 2025 15:51:01 +0300 Message-ID: <20250625125112.3943745-10-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> References: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sohil Mehta Move the UMIP exception fixup along with the other user mode fixups, that is, under the common "if (user_mode(regs))" condition where the rest of the fixups reside. No functional change intended. Suggested-by: Dave Hansen Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin Signed-off-by: Kirill A. Shutemov Acked-by: Dave Hansen --- arch/x86/kernel/traps.c | 8 +++----- arch/x86/kernel/umip.c | 3 +++ 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index c5c897a86418..10856e0ac46c 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -800,11 +800,6 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) cond_local_irq_enable(regs); - if (static_cpu_has(X86_FEATURE_UMIP)) { - if (user_mode(regs) && fixup_umip_exception(regs)) - goto exit; - } - if (v8086_mode(regs)) { local_irq_enable(); handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code); @@ -819,6 +814,9 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) if (fixup_vdso_exception(regs, X86_TRAP_GP, error_code, 0)) goto exit; + if (fixup_umip_exception(regs)) + goto exit; + gp_user_force_sig_segv(regs, X86_TRAP_GP, error_code, desc); goto exit; } diff --git a/arch/x86/kernel/umip.c b/arch/x86/kernel/umip.c index 5a4b21389b1d..80f2ad26363c 100644 --- a/arch/x86/kernel/umip.c +++ b/arch/x86/kernel/umip.c @@ -343,6 +343,9 @@ bool fixup_umip_exception(struct pt_regs *regs) void __user *uaddr; struct insn insn; + if (!cpu_feature_enabled(X86_FEATURE_UMIP)) + return false; + if (!regs) return false; From patchwork Wed Jun 25 12:51:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 899777 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE8E2266B41; Wed, 25 Jun 2025 12:51:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.14 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855894; cv=none; b=lk0ysmDkDuhioazXpQbXYHSvKEKGwwyYZNwMFW3IPZYj3P/wEcP5NRgyW4yMO2B7pguSnCaA6tfPnCLHIfkSHpJYFb6qie77zysEGCH9Q0pX1e+963NfqjHzLbKw7UU+IqBVFCzmXX3QlK4ubK9l9ZoY4Yt8G/b5z8ph53sEdbg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855894; c=relaxed/simple; bh=gRYbIS7Dgh1noZwFu/j8FTMijwGvmqKuvAcfA8tsGH0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=R6nNufHJJ+XawYN5w43yj6fKWJZE1WbKmX+DHyAw6Ek/4PbDIS7O9HJJvwM4LEis1WL9UMpR5mlp4SsbYmyrJtJHP4fo0lvO50bDsgZGlPMQX7GY5bBuldLbuqOgs6UC0g5clF9LvCYalxiwdQzEddgy4PUQzygfh4UddLQyU3A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=B1u2EZA3; arc=none smtp.client-ip=192.198.163.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="B1u2EZA3" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750855893; x=1782391893; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=gRYbIS7Dgh1noZwFu/j8FTMijwGvmqKuvAcfA8tsGH0=; b=B1u2EZA3xoNqIS96dyHLJH/kZlrrIL4DfsfmtWu65bF9OZ8PxPUj4X8X s3GLlFcC+w2y/WpXdtOZ1Rkqq7prWqDTtxf6bUdJQL977cHwvRpfYuvtM 6LzupqDnHiA3CMeMjHZ9MzZan3IRTGl5Fg0wAjx9HEO91UyFl0MmJgDKO 3s0fkDcqF2xfObSzFja/Vu0bntDXmVK7ARdCnO+JlOJY2TKJzA1KS3k1+ WLGR6cClnESFla08PB95geBweDWuJ0B9Qq83iOkbHLWDwPv7WR1wyhRcY vBzbGYcajJrCJVz3vIqTIIGOGOHFnBfhPi0+fN+8m/8IQX/qplu3H/oFE Q==; X-CSE-ConnectionGUID: ir4YO1xxQveKfL7AMhWInw== X-CSE-MsgGUID: nMI+TFDMRFqTFmZawkW8Hg== X-IronPort-AV: E=McAfee;i="6800,10657,11474"; a="53189609" X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="53189609" Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa108.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2025 05:51:32 -0700 X-CSE-ConnectionGUID: JDdH85PdT5GN4tnJmDIMAw== X-CSE-MsgGUID: BSccn12xSoyfdl+piAUuhQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="151830976" Received: from black.fi.intel.com ([10.237.72.28]) by fmviesa007.fm.intel.com with ESMTP; 25 Jun 2025 05:51:21 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id F2FD26DB; Wed, 25 Jun 2025 15:51:12 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv7 10/16] x86/vsyscall: Disable LASS if vsyscall mode is set to EMULATE Date: Wed, 25 Jun 2025 15:51:03 +0300 Message-ID: <20250625125112.3943745-12-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> References: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sohil Mehta The EMULATE mode of vsyscall maps the vsyscall page into user address space which can be read directly by the user application. This mode has been deprecated recently and can only be enabled from a special command line parameter vsyscall=emulate. See commit bf00745e7791 ("x86/vsyscall: Remove CONFIG_LEGACY_VSYSCALL_EMULATE") Fixing the LASS violations during the EMULATE mode would need complex instruction decoding since the resulting #GP fault does not include any useful error information and the vsyscall address is not readily available in the RIP. At this point, no one is expected to be using the insecure and deprecated EMULATE mode. The rare usages that need support probably don't care much about security anyway. Disable LASS when EMULATE mode is requested during command line parsing to avoid breaking user software. LASS will be supported if vsyscall mode is set to XONLY or NONE. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin Signed-off-by: Kirill A. Shutemov --- Documentation/admin-guide/kernel-parameters.txt | 4 +++- arch/x86/entry/vsyscall/vsyscall_64.c | 7 +++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index f1f2c0874da9..796c987372df 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -7926,7 +7926,9 @@ emulate Vsyscalls turn into traps and are emulated reasonably safely. The vsyscall page is - readable. + readable. This disables the Linear + Address Space Separation (LASS) security + feature and makes the system less secure. xonly [default] Vsyscalls turn into traps and are emulated reasonably safely. The vsyscall diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c index be77385b311e..d37df40bfb26 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -63,6 +63,13 @@ static int __init vsyscall_setup(char *str) else return -EINVAL; + if (cpu_feature_enabled(X86_FEATURE_LASS) && + vsyscall_mode == EMULATE) { + cr4_clear_bits(X86_CR4_LASS); + setup_clear_cpu_cap(X86_FEATURE_LASS); + pr_warn_once("x86/cpu: Disabling LASS support due to vsyscall=emulate\n"); + } + return 0; } From patchwork Wed Jun 25 12:51:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 899776 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E0A452690D5; Wed, 25 Jun 2025 12:51:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.14 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855896; cv=none; b=U8mBjaEALyDxjZmD52Y3ahWzC1TX7WJ858ylmvt/dlAz5WV8eeh3RVuOMOEbiqiSgLEYO61TSNzRudslegW+2GMZSfX7vBROxIJGnV9L3AJ0Hw1WEUfIMsgqaE2ktdFrVULLJPIIGPffDsaeevFllbL66ZXeXvm5JUieyoM65Ok= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855896; c=relaxed/simple; bh=7foUi90kAx/WEJRwF/WT7nYOqwMH5sjvGQWVUc7hDJU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iiSrNRRwPcAxr8uqAs0VfOdSCx6Yf1dNXelBHq4k1H2pJmwfN4xEct0SMfBNB9p2GBoJjSY7L7giSu182RxuycnheIkqFP45IeWhHVkoXzshpyOh4LbZqNhdYkHSTf4PnCSfIYRswtROSYEk/5ZxtdbUDL34GV+y7qgF45z8AIY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=GsS5Gcil; arc=none smtp.client-ip=198.175.65.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="GsS5Gcil" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750855895; x=1782391895; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=7foUi90kAx/WEJRwF/WT7nYOqwMH5sjvGQWVUc7hDJU=; b=GsS5GcilBy/mCT0gyYN4iNDpZvvSK6/OhMZn/h5aCYqsHmiq4VipAzlA 6UvrTvgFshUdMv1Y98sWPYnEOEoOgpYz5sv2s0GqHS5z2cEsc3C43bJBn gN3/AMHR1uW8/szoK9ayp9hkkQ1e9P7pGMnCfjsHzSTD4cSat/AYMqTbJ p8+J6v1QMCs7kNhisXPsIfsYPKmY8gQiwPJdgZCmGEKOPBop5F11CzkMM RdZhOZvrExwuup7PM5p0QYriJ63/DrJ4+lJ9NNO5Gw9ukHWcpWTrWi1ui ZUw0TC0ornOrV4+q0540zUGBBD+JyfKH90YTS2OfHOhqnvrosw7im/avk Q==; X-CSE-ConnectionGUID: enyVq8XZRays0DZ1+UENwQ== X-CSE-MsgGUID: R8bETpfwTXqo+Vm4HMHdiQ== X-IronPort-AV: E=McAfee;i="6800,10657,11474"; a="56908347" X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="56908347" Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by orvoesa106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2025 05:51:34 -0700 X-CSE-ConnectionGUID: fXXgAvxmRB2H2v15sARs1w== X-CSE-MsgGUID: BMzC/J5HTw+85PN7O7+iKw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="152919809" Received: from black.fi.intel.com ([10.237.72.28]) by fmviesa010.fm.intel.com with ESMTP; 25 Jun 2025 05:51:23 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 1B13173B; Wed, 25 Jun 2025 15:51:13 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv7 12/16] x86/traps: Communicate a LASS violation in #GP message Date: Wed, 25 Jun 2025 15:51:05 +0300 Message-ID: <20250625125112.3943745-14-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> References: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Alexander Shishkin Provide a more helpful message on #GP when a kernel side LASS violation is detected. A NULL pointer dereference is reported if a LASS violation occurs due to accessing the first page frame. Signed-off-by: Alexander Shishkin Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/traps.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index 40e34bb66d7c..e2ad760b17ea 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -636,7 +636,16 @@ DEFINE_IDTENTRY(exc_bounds) enum kernel_gp_hint { GP_NO_HINT, GP_NON_CANONICAL, - GP_CANONICAL + GP_CANONICAL, + GP_LASS_VIOLATION, + GP_NULL_POINTER, +}; + +static const char *kernel_gp_hint_help[] = { + [GP_NON_CANONICAL] = "probably for non-canonical address", + [GP_CANONICAL] = "maybe for address", + [GP_LASS_VIOLATION] = "LASS prevented access to address", + [GP_NULL_POINTER] = "kernel NULL pointer dereference", }; /* @@ -672,6 +681,12 @@ static enum kernel_gp_hint get_kernel_gp_address(struct pt_regs *regs, if (*addr < ~__VIRTUAL_MASK && *addr + insn.opnd_bytes - 1 > __VIRTUAL_MASK) return GP_NON_CANONICAL; + else if (*addr < ~__VIRTUAL_MASK && + cpu_feature_enabled(X86_FEATURE_LASS)) { + if (*addr < PAGE_SIZE) + return GP_NULL_POINTER; + return GP_LASS_VIOLATION; + } #endif return GP_CANONICAL; @@ -833,11 +848,10 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) else hint = get_kernel_gp_address(regs, &gp_addr); - if (hint != GP_NO_HINT) + if (hint != GP_NO_HINT) { snprintf(desc, sizeof(desc), GPFSTR ", %s 0x%lx", - (hint == GP_NON_CANONICAL) ? "probably for non-canonical address" - : "maybe for address", - gp_addr); + kernel_gp_hint_help[hint], gp_addr); + } /* * KASAN is interested only in the non-canonical case, clear it From patchwork Wed Jun 25 12:51:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 899774 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DC3B261594; Wed, 25 Jun 2025 12:51:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.14 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855899; cv=none; b=ufKCStp3jfpeNjE4SEjZWeigYWhD96YEkkfx4nHazddJGqlfM7+gAwGsJzX0nriS+rSvae3kPHt2DzIQf3M663Fd/eKNM7fHz3rzCKdKKpPfNIVASQJHqOgwFddSTbsuvUtVsmYBGsfMlK424Hw6cjfvPUz2TlvQhwdmWZRYWew= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855899; c=relaxed/simple; bh=OjJNhJk2T736RflVUZxtae35YdvRzXSJjxBWWJGThLU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RKzvR3H8uGDW/m0cKlqWrZd7xxaR3T2WMFATczcq5U6geGdxt1fIAgpKi4J0tzlWhrDmDJvdiBVTK1KaU8F8G/mH08gU6uikB5UAybHc3w3h8Iflmb13QsDbyQnlpPcf2JSq1Hv3VzVql92qOGcOi+jQKqf+FdniGkw3yie4/hg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=dLRmXaBW; arc=none smtp.client-ip=192.198.163.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="dLRmXaBW" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750855897; x=1782391897; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=OjJNhJk2T736RflVUZxtae35YdvRzXSJjxBWWJGThLU=; b=dLRmXaBWVFXNG3QpQ7GZ22PRK6h8tWOd8fC/s2214ebWcZ8sdUug4FWh Ih8FD5wHd/1Y9WmHhmyZyTJHqUVAkAMFYOaCWNSO/tYHhx1jyIs0KQ1Ne Vq3RXF7S1v4dc8G79DJe1mkVI8EcFVoRJZbBqM2yxHF9X+B00CAhdABsp bGdY3w/l/ffDJm6gHrrhMnmi1tP6qGC6Wu4AQqPCsKQaCVMpigYf34eyR BbrgiYPxpZytgUlZCgznBfstk4N4N1vbxkskkWJ1IGL++Iv4Atp5HW3FW Zb7j4EB6x/Prq80pjhUyaDr+h2EInq92jP20u5GBcpdSM8gj2y8Lq368H Q==; X-CSE-ConnectionGUID: Y0NKWOZ6RKe6XPc/zvoVlA== X-CSE-MsgGUID: DelkvT1LRyW82XR1hXU8og== X-IronPort-AV: E=McAfee;i="6800,10657,11474"; a="53189698" X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="53189698" Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa108.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2025 05:51:36 -0700 X-CSE-ConnectionGUID: CUdWr/0xSjGd09hE2d7u8A== X-CSE-MsgGUID: TFzgGhRYSzCwRkjbu0forw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="151830988" Received: from black.fi.intel.com ([10.237.72.28]) by fmviesa007.fm.intel.com with ESMTP; 25 Jun 2025 05:51:25 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 3E9DF825; Wed, 25 Jun 2025 15:51:13 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv7 15/16] x86/cpu: Enable LASS during CPU initialization Date: Wed, 25 Jun 2025 15:51:08 +0300 Message-ID: <20250625125112.3943745-17-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> References: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sohil Mehta Being a security feature, enable LASS by default if the platform supports it. While at it, get rid of the comment above the SMAP/SMEP/UMIP/LASS setup instead of updating it to mention LASS as well, as the whole sequence is quite self-explanatory. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/cpu/common.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 1552c7510380..97a228f917a9 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -401,6 +401,12 @@ static __always_inline void setup_umip(struct cpuinfo_x86 *c) cr4_clear_bits(X86_CR4_UMIP); } +static __always_inline void setup_lass(struct cpuinfo_x86 *c) +{ + if (cpu_feature_enabled(X86_FEATURE_LASS)) + cr4_set_bits(X86_CR4_LASS); +} + /* These bits should not change their value after CPU init is finished. */ static const unsigned long cr4_pinned_mask = X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP | X86_CR4_FSGSBASE | X86_CR4_CET | X86_CR4_FRED | @@ -1975,10 +1981,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) /* Disable the PN if appropriate */ squash_the_stupid_serial_number(c); - /* Set up SMEP/SMAP/UMIP */ setup_smep(c); setup_smap(c); setup_umip(c); + setup_lass(c); /* Enable FSGSBASE instructions if available. */ if (cpu_has(c, X86_FEATURE_FSGSBASE)) { From patchwork Wed Jun 25 12:51:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 899775 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8680A26A0F2; Wed, 25 Jun 2025 12:51:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.14 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855898; cv=none; b=krnxnNdMli3vL/+c9ywz3UVg0a95ZRiMPeVcpoeSBlje2yu06z8OFHb54tXsjPPuVpmhjtINBV7527UjzSG6xFOnCKAmL/y0QZreFP71kViyWd7v/htu2+zFqXP3jkbWXB5IEoLEXEEdPVxySVzhFEAZpxNzxZoKfmyOQjZ5Md8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750855898; c=relaxed/simple; bh=gDZAIaId/LE+Cg3g34PHSl3JoHL8xvSE+GTgwe6XlKg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gACQ1j288OR1y8FC2Dc+jUbzthJEm+Ujma2fvcNM2963spynHnKOshbLvQ4IV8cbVU4VHgw7+n2ldJTrOLeQ7VqqzC1vnIMwWXXgBnjIwU29Xza2NP1z1jl8yCCCG4b/EZM2CZHnLozUz9N6YQJivBPiLHnTKSn8GDGKdXs7Eyc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Z4ZYli/o; arc=none smtp.client-ip=198.175.65.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Z4ZYli/o" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750855896; x=1782391896; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=gDZAIaId/LE+Cg3g34PHSl3JoHL8xvSE+GTgwe6XlKg=; b=Z4ZYli/oIFvsVqCOdrR6LaG3tkrApxKCdKBvpImOfokXnGhDwmm7wDV8 RGiyrCdKqY0MLilR7FY+uchVsVBMcLfWJWgW+HEg+S2voZ1NXq8t89vxT rHT3d3vY9YAXcvp24WWuGwD5jcGui91GP3g4SKeJByXglJqfWAohvP6xd hWvz4KWEhfQtQSS7VWy6B5NiO7NlbggBpSTEkiay2gtS54RFZcfU2ODDn xMkIwCSSrf/M3WBf0GKAoCNE2VSsmdwzgvJmbNGNjxYP0qSIvsVWGFGfa EOjaONH+MAeu+GGC8jQYXv2DkavKBmVrlohBECl4Ut5RKnpysyWsiGgja w==; X-CSE-ConnectionGUID: WbdQy+/VRI6Wnosw+WwtHQ== X-CSE-MsgGUID: 4Xp0zkwLQBuCPLcVfk9zLQ== X-IronPort-AV: E=McAfee;i="6800,10657,11474"; a="56908374" X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="56908374" Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by orvoesa106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2025 05:51:36 -0700 X-CSE-ConnectionGUID: PuC99ST/SMezEVXWAKvk2g== X-CSE-MsgGUID: vtZJnGSOR+mfXpIQU3xILw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,264,1744095600"; d="scan'208";a="152919817" Received: from black.fi.intel.com ([10.237.72.28]) by fmviesa010.fm.intel.com with ESMTP; 25 Jun 2025 05:51:25 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 518C6862; Wed, 25 Jun 2025 15:51:13 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv7 16/16] x86: Re-enable Linear Address Masking Date: Wed, 25 Jun 2025 15:51:09 +0300 Message-ID: <20250625125112.3943745-18-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> References: <20250625125112.3943745-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This reverts commit 3267cb6d3a174ff83d6287dcd5b0047bbd912452. LASS mitigates the Spectre based on LAM (SLAM) [1] and the previous commit made LAM depend on LASS, so we no longer need to disable LAM at compile time, so revert the commit that disables LAM. Adjust USER_PTR_MAX if LAM enabled, allowing tag bits to be set for userspace pointers. The value for the constant is defined in a way to avoid overflow compiler warning on 32-bit config. [1] https://download.vusec.net/papers/slam_sp24.pdf Signed-off-by: Kirill A. Shutemov Cc: Pawan Gupta --- arch/x86/Kconfig | 1 - arch/x86/kernel/cpu/common.c | 5 +---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 71019b3b54ea..2b48e916b754 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2181,7 +2181,6 @@ config RANDOMIZE_MEMORY_PHYSICAL_PADDING config ADDRESS_MASKING bool "Linear Address Masking support" depends on X86_64 - depends on COMPILE_TEST || !CPU_MITIGATIONS # wait for LASS help Linear Address Masking (LAM) modifies the checking that is applied to 64-bit linear addresses, allowing software to use of the diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 97a228f917a9..6f2ae9e702bc 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2558,11 +2558,8 @@ void __init arch_cpu_finalize_init(void) if (IS_ENABLED(CONFIG_X86_64)) { unsigned long USER_PTR_MAX = TASK_SIZE_MAX; - /* - * Enable this when LAM is gated on LASS support if (cpu_feature_enabled(X86_FEATURE_LAM)) - USER_PTR_MAX = (1ul << 63) - PAGE_SIZE; - */ + USER_PTR_MAX = (-1UL >> 1) & PAGE_MASK; runtime_const_init(ptr, USER_PTR_MAX); /*