From patchwork Fri Jun 20 13:53:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 898480 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8F9828B7C5; Fri, 20 Jun 2025 13:53:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.10 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427627; cv=none; b=WXlBWMRWrgdMzAmuY8WuWjgNqmQ221MWWs7sBebxUvMcgGzbAyST49F5X7ATRHCnZtDOa1teK2sma24ferBwanosKEMTW7yk6bO8Ew3pY2kgJfg8+8NCj0noz4R4zbzl2GONyF/hrc0cThywBU8qRzmN/owCR1irFOOWX3rol2c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427627; c=relaxed/simple; bh=cyQl5wwakRbv76k1YvxJC2e2S422at1UGipEhH7xKXo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Nm3StKZ0BNPR73cxjRv5jjrBfZOXMkFcCBZIHWCkdTB1ggKSryVUQnNHoTen4yK0oKG7Z6+vYehm0iom8KLi6zo8osceG/q5jo+eK9PGMAZGEVWRwqoLPPLGHCOOAD0UIMkQH7MGcbOw4BNsX06GjXCMJtWFtY7RBR6I5K5AhK8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=U02h4ToN; arc=none smtp.client-ip=192.198.163.10 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="U02h4ToN" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750427626; x=1781963626; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=cyQl5wwakRbv76k1YvxJC2e2S422at1UGipEhH7xKXo=; b=U02h4ToNecaXijsYtclrWrHnTJMCCmnfFxuceeWTsEWiOnIlIGnQwZ2u bn8DBeIuY+m6+Sd0VubEqUv6B45Tgk8eGQk7nxIiAQ+CH44Q67vlq5yA4 8iy4y3fZSvuHKmEbkfcWOv//AoLF/Y5IlYUEWSgVt4iX9WDsGnjlvj81V WdJse2tMd1y33/DJss/ZVF5axknbddPa+Igx/I+ASSjC3sdMiwgxKCP82 QhwRN/F+j3h2md8NQ13uprBbywQoaEytaPdbdjbD7zM5wBTFRUaUmzuii NnucL7hcB/wjLzpxih5PxR4SeKaUcIi4OxWyxZb11z9W9veiDB+7vEIYF g==; X-CSE-ConnectionGUID: IL2dPsF9Qi6otpcZfQv4tw== X-CSE-MsgGUID: Ki/Ki7yxTM6tqb7XsecJrQ== X-IronPort-AV: E=McAfee;i="6800,10657,11469"; a="64047082" X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="64047082" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jun 2025 06:53:43 -0700 X-CSE-ConnectionGUID: LsVYINO5ReazqEHBTdUpag== X-CSE-MsgGUID: dBoUO9spSxmOf6qslGubPw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="150412000" Received: from black.fi.intel.com ([10.237.72.28]) by orviesa006.jf.intel.com with ESMTP; 20 Jun 2025 06:53:30 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 4E163AF; Fri, 20 Jun 2025 16:53:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, Yian Chen , "Kirill A. Shutemov" Subject: [PATCHv6 01/16] x86/cpu: Enumerate the LASS feature bits Date: Fri, 20 Jun 2025 16:53:09 +0300 Message-ID: <20250620135325.3300848-2-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> References: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sohil Mehta Linear Address Space Separation (LASS) is a security feature that intends to prevent malicious virtual address space accesses across user/kernel mode. Such mode based access protection already exists today with paging and features such as SMEP and SMAP. However, to enforce these protections, the processor must traverse the paging structures in memory. Malicious software can use timing information resulting from this traversal to determine details about the paging structures, and these details may also be used to determine the layout of the kernel memory. The LASS mechanism provides the same mode-based protections as paging but without traversing the paging structures. Because the protections enforced by LASS are applied before paging, software will not be able to derive paging-based timing information from the various caching structures such as the TLBs, mid-level caches, page walker, data caches, etc. LASS enforcement relies on the typical kernel implementation to divide the 64-bit virtual address space into two halves: Addr[63]=0 -> User address space Addr[63]=1 -> Kernel address space Any data access or code execution across address spaces typically results in a #GP fault. The LASS enforcement for kernel data access is dependent on CR4.SMAP being set. The enforcement can be disabled by toggling the RFLAGS.AC bit similar to SMAP. Define the CPU feature bits to enumerate this feature and include feature dependencies to reflect the same. Co-developed-by: Yian Chen Signed-off-by: Yian Chen Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin Signed-off-by: Kirill A. Shutemov --- arch/x86/Kconfig.cpufeatures | 4 ++++ arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/smap.h | 22 +++++++++++++++++++-- arch/x86/include/uapi/asm/processor-flags.h | 2 ++ arch/x86/kernel/cpu/cpuid-deps.c | 1 + tools/arch/x86/include/asm/cpufeatures.h | 1 + 6 files changed, 29 insertions(+), 2 deletions(-) diff --git a/arch/x86/Kconfig.cpufeatures b/arch/x86/Kconfig.cpufeatures index 250c10627ab3..9574c198fc08 100644 --- a/arch/x86/Kconfig.cpufeatures +++ b/arch/x86/Kconfig.cpufeatures @@ -124,6 +124,10 @@ config X86_DISABLED_FEATURE_PCID def_bool y depends on !X86_64 +config X86_DISABLED_FEATURE_LASS + def_bool y + depends on !X86_64 + config X86_DISABLED_FEATURE_PKU def_bool y depends on !X86_INTEL_MEMORY_PROTECTION_KEYS diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index ee176236c2be..4473a6f7800b 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -313,6 +313,7 @@ #define X86_FEATURE_SM4 (12*32+ 2) /* SM4 instructions */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* "avx_vnni" AVX VNNI instructions */ #define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* "avx512_bf16" AVX512 BFLOAT16 instructions */ +#define X86_FEATURE_LASS (12*32+ 6) /* "lass" Linear Address Space Separation */ #define X86_FEATURE_CMPCCXADD (12*32+ 7) /* CMPccXADD instructions */ #define X86_FEATURE_ARCH_PERFMON_EXT (12*32+ 8) /* Intel Architectural PerfMon Extension */ #define X86_FEATURE_FZRM (12*32+10) /* Fast zero-length REP MOVSB */ diff --git a/arch/x86/include/asm/smap.h b/arch/x86/include/asm/smap.h index 4f84d421d1cf..1f36c5b26949 100644 --- a/arch/x86/include/asm/smap.h +++ b/arch/x86/include/asm/smap.h @@ -23,18 +23,36 @@ #else /* __ASSEMBLER__ */ +/* + * The CLAC/STAC instructions toggle enforcement of X86_FEATURE_SMAP. + * + * X86_FEATURE_LASS requires flipping the AC flag when accessing the lower half + * of the virtual address space, regardless of the _PAGE_BIT_USER bit in the + * page tables. lass_clac/stac() should be used for these cases. + * + * Note: a barrier is implicit in alternative(). + */ + static __always_inline void clac(void) { - /* Note: a barrier is implicit in alternative() */ alternative("", "clac", X86_FEATURE_SMAP); } static __always_inline void stac(void) { - /* Note: a barrier is implicit in alternative() */ alternative("", "stac", X86_FEATURE_SMAP); } +static __always_inline void lass_clac(void) +{ + alternative("", "clac", X86_FEATURE_LASS); +} + +static __always_inline void lass_stac(void) +{ + alternative("", "stac", X86_FEATURE_LASS); +} + static __always_inline unsigned long smap_save(void) { unsigned long flags; diff --git a/arch/x86/include/uapi/asm/processor-flags.h b/arch/x86/include/uapi/asm/processor-flags.h index f1a4adc78272..81d0c8bf1137 100644 --- a/arch/x86/include/uapi/asm/processor-flags.h +++ b/arch/x86/include/uapi/asm/processor-flags.h @@ -136,6 +136,8 @@ #define X86_CR4_PKE _BITUL(X86_CR4_PKE_BIT) #define X86_CR4_CET_BIT 23 /* enable Control-flow Enforcement Technology */ #define X86_CR4_CET _BITUL(X86_CR4_CET_BIT) +#define X86_CR4_LASS_BIT 27 /* enable Linear Address Space Separation support */ +#define X86_CR4_LASS _BITUL(X86_CR4_LASS_BIT) #define X86_CR4_LAM_SUP_BIT 28 /* LAM for supervisor pointers */ #define X86_CR4_LAM_SUP _BITUL(X86_CR4_LAM_SUP_BIT) diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c index 46efcbd6afa4..98d0cdd82574 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -89,6 +89,7 @@ static const struct cpuid_dep cpuid_deps[] = { { X86_FEATURE_SHSTK, X86_FEATURE_XSAVES }, { X86_FEATURE_FRED, X86_FEATURE_LKGS }, { X86_FEATURE_SPEC_CTRL_SSBD, X86_FEATURE_SPEC_CTRL }, + { X86_FEATURE_LASS, X86_FEATURE_SMAP }, {} }; diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h index e02be2962a01..20df2ce5d339 100644 --- a/tools/arch/x86/include/asm/cpufeatures.h +++ b/tools/arch/x86/include/asm/cpufeatures.h @@ -313,6 +313,7 @@ #define X86_FEATURE_SM4 (12*32+ 2) /* SM4 instructions */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* "avx_vnni" AVX VNNI instructions */ #define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* "avx512_bf16" AVX512 BFLOAT16 instructions */ +#define X86_FEATURE_LASS (12*32+ 6) /* "lass" Linear Address Space Separation */ #define X86_FEATURE_CMPCCXADD (12*32+ 7) /* CMPccXADD instructions */ #define X86_FEATURE_ARCH_PERFMON_EXT (12*32+ 8) /* Intel Architectural PerfMon Extension */ #define X86_FEATURE_FZRM (12*32+10) /* Fast zero-length REP MOVSB */ From patchwork Fri Jun 20 13:53:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 898482 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A611728C2AC; Fri, 20 Jun 2025 13:53:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.10 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427625; cv=none; b=cLx5/Zp/8alRHAp93B2+D29tVw+R+JubyHx7A1JdYLQihUuMB4QgoQ98wRqkWWNN77p5p7l5RqYaGauRPjOf1kL7cta5hmZkv71giGZu/R10bDWFTi6AfLMTKFFXScqKDoijX3xLJlFYuloOdX+45/hNiXTGimyWSgxzdOae0U4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427625; c=relaxed/simple; bh=hBguH5HKy6qvaWcEryNxH+ubaULuT1r46czj/O7PFco=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Gi33oDq4EpsZX1trGhD0wXWqWBJ4JNO399cT9SmgxBlGxIhC5Sm/7sTODpzDb0U3A90EcKBzIiRnAkXQBZpxwIwJlevri1hVNRLhr4eZp2n363X5A+MvXJphE20XibcM+RZXcj4+4kR7KZbngv8mRW8L8EMy7hGyWKERgJUnJNE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=nx1YbC3u; arc=none smtp.client-ip=192.198.163.10 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="nx1YbC3u" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750427623; x=1781963623; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=hBguH5HKy6qvaWcEryNxH+ubaULuT1r46czj/O7PFco=; b=nx1YbC3ueZVteFfjUuyLfFWxwPraMio2bv/3ZRnlcLNwtfFQUkKGVXgg dGox+Wn+eljg7FxS5MKk6VAXKFL1RN0QCyXNnPtWCW3+jxEsgQZ+JPoJh eYGynYhyfmux+SZvGEmXQvDd6GYekENaI63cfTWdL9bJr6mdNp69+D0Nj swxXB/SJJjvbo+NMPCYRXYhIJbcu9DqprxUuonP4g9V7kCrfWVn08su1l jVI9xNjWPRQCKMR6Y4Gm6rt4G+h3KPhdhFRZ2Dm5wYu/Jf8RWzwH/bJiy X2vHsnFfbvTpjwKrtN4F+bQp/RB5Kl+LmuTxPxgzQHu9vBBojKAAcLPdQ w==; X-CSE-ConnectionGUID: P8h7opJUQ2CF/QJb1LC6Lw== X-CSE-MsgGUID: 3/Nn2zmvQl6O5NIFNoZ1Hw== X-IronPort-AV: E=McAfee;i="6800,10657,11469"; a="64047006" X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="64047006" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jun 2025 06:53:42 -0700 X-CSE-ConnectionGUID: CUmkhyVxSLO2jeEuBWPjNA== X-CSE-MsgGUID: Hg2dxZkKQnWtzjMi6WgRnA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="150411986" Received: from black.fi.intel.com ([10.237.72.28]) by orviesa006.jf.intel.com with ESMTP; 20 Jun 2025 06:53:30 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 5CC3A131; Fri, 20 Jun 2025 16:53:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv6 02/16] x86/asm: Introduce inline memcpy and memset Date: Fri, 20 Jun 2025 16:53:10 +0300 Message-ID: <20250620135325.3300848-3-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> References: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Extract memcpy and memset functions from copy_user_generic() and __clear_user(). They can be used as inline memcpy and memset instead of the GCC builtins whenever necessary. LASS requires them to handle text_poke. Originally-by: Peter Zijlstra Link: https://lore.kernel.org/all/20241029184840.GJ14555@noisy.programming.kicks-ass.net/ Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/string.h | 45 +++++++++++++++++++++++++++++++ arch/x86/include/asm/uaccess_64.h | 37 +++++++------------------ arch/x86/lib/clear_page_64.S | 10 +++++-- 3 files changed, 62 insertions(+), 30 deletions(-) diff --git a/arch/x86/include/asm/string.h b/arch/x86/include/asm/string.h index c3c2c1914d65..d75e965d1ce4 100644 --- a/arch/x86/include/asm/string.h +++ b/arch/x86/include/asm/string.h @@ -1,6 +1,51 @@ /* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_X86_STRING_H +#define _ASM_X86_STRING_H + +#include +#include + #ifdef CONFIG_X86_32 # include #else # include #endif + +#ifdef CONFIG_X86_64 +#define ALT_64(orig, alt, feat) ALTERNATIVE(orig, alt, feat) +#else +#define ALT_64(orig, alt, feat) orig +#endif + +static __always_inline void *__inline_memcpy(void *to, const void *from, size_t len) +{ + void *ret = to; + + asm volatile("1:\n\t" + ALT_64("rep movsb", + "call rep_movs_alternative", ALT_NOT(X86_FEATURE_FSRM)) + "2:\n\t" + _ASM_EXTABLE_UA(1b, 2b) + :"+c" (len), "+D" (to), "+S" (from), ASM_CALL_CONSTRAINT + : : "memory", _ASM_AX); + + return ret + len; +} + +static __always_inline void *__inline_memset(void *addr, int v, size_t len) +{ + void *ret = addr; + + asm volatile("1:\n\t" + ALT_64("rep stosb", + "call rep_stos_alternative", ALT_NOT(X86_FEATURE_FSRM)) + "2:\n\t" + _ASM_EXTABLE_UA(1b, 2b) + : "+c" (len), "+D" (addr), ASM_CALL_CONSTRAINT + : "a" ((uint8_t)v) + : "memory", _ASM_SI); + + return ret + len; +} + +#endif /* _ASM_X86_STRING_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h index c8a5ae35c871..30cc318eb3ed 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -13,6 +13,7 @@ #include #include #include +#include /* * Virtual variable: there's no actual backing store for this, @@ -118,21 +119,12 @@ rep_movs_alternative(void *to, const void *from, unsigned len); static __always_inline __must_check unsigned long copy_user_generic(void *to, const void *from, unsigned long len) { + void *ret; + stac(); - /* - * If CPU has FSRM feature, use 'rep movs'. - * Otherwise, use rep_movs_alternative. - */ - asm volatile( - "1:\n\t" - ALTERNATIVE("rep movsb", - "call rep_movs_alternative", ALT_NOT(X86_FEATURE_FSRM)) - "2:\n" - _ASM_EXTABLE_UA(1b, 2b) - :"+c" (len), "+D" (to), "+S" (from), ASM_CALL_CONSTRAINT - : : "memory", "rax"); + ret = __inline_memcpy(to, from, len); clac(); - return len; + return ret - to; } static __always_inline __must_check unsigned long @@ -178,25 +170,14 @@ rep_stos_alternative(void __user *addr, unsigned long len); static __always_inline __must_check unsigned long __clear_user(void __user *addr, unsigned long size) { + void *ret; + might_fault(); stac(); - - /* - * No memory constraint because it doesn't change any memory gcc - * knows about. - */ - asm volatile( - "1:\n\t" - ALTERNATIVE("rep stosb", - "call rep_stos_alternative", ALT_NOT(X86_FEATURE_FSRS)) - "2:\n" - _ASM_EXTABLE_UA(1b, 2b) - : "+c" (size), "+D" (addr), ASM_CALL_CONSTRAINT - : "a" (0)); - + ret = __inline_memset(addr, 0, size); clac(); - return size; + return ret - addr; } static __always_inline unsigned long clear_user(void __user *to, unsigned long n) diff --git a/arch/x86/lib/clear_page_64.S b/arch/x86/lib/clear_page_64.S index a508e4a8c66a..ca94828def62 100644 --- a/arch/x86/lib/clear_page_64.S +++ b/arch/x86/lib/clear_page_64.S @@ -55,17 +55,23 @@ SYM_FUNC_END(clear_page_erms) EXPORT_SYMBOL_GPL(clear_page_erms) /* - * Default clear user-space. + * Default memset. * Input: * rdi destination + * rsi scratch * rcx count - * rax is zero + * al is value * * Output: * rcx: uncleared bytes or 0 if successful. */ SYM_FUNC_START(rep_stos_alternative) ANNOTATE_NOENDBR + + movzbq %al, %rsi + movabs $0x0101010101010101, %rax + mulq %rsi + cmpq $64,%rcx jae .Lunrolled From patchwork Fri Jun 20 13:53:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 898479 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A17F298264; Fri, 20 Jun 2025 13:53:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427630; cv=none; b=p131z1qQznQIU/d1EC4uNbOXdaZkfdOYGXzxTv5cc2TYnpen0pyfm9JIQ+X0E21AVrsQi1jdmR9T3g1R+6DtR+ODsW7o96LkUHe3ChAEh744QxpfVVOikWWQoZ7njU1IENX2bQ6mqilJ/AhJR3S6SdxPSKkphggCoqTIHlxHUr8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427630; c=relaxed/simple; bh=KLHzuunjVF20It9CsStNlBhnWQ8hFQOuNQygPo2X/zg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Iw6QeDI5DZjbQQOztkSggE2N5R8BFZxecqJltiBEi5P5oJepgSQVh+7MPy1wex8YWvowDgS/m6h4QA5XV8AEL6HTM0xqaHO8pSvbPKn33IeE2aZ+JXNKWe8cGSwOjrmiBuN+4gw45U0sbOXq/RcVyuVONZbLdWcOkvKUYiZxOlk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=k67QWP90; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="k67QWP90" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750427628; x=1781963628; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=KLHzuunjVF20It9CsStNlBhnWQ8hFQOuNQygPo2X/zg=; b=k67QWP90+N0kG4lgptxWbKtV6uIOo68h6c0BJSpdMzCqwAx3IxE4SQrY FvIRkJQvrRXL9EE7MJZ6wwAw5HuM7hojIBT/6LwInMruhvNrdYhti2dli wBT+2LIZPUSThvwCVQe0dwN8tCIBqgf4AHu4DHMGABYkplFbOyu/y7pNJ qn1QeR0A6p1P/a74tv61Y4tJnadxCYqNkjV1jnmGe2ge643elH1BEn9I0 qarnET4vPH4jFjDp2DzU6E/Th3bC8wT/m24JG5ATlrXwKSq6evEmyMTZk 7tX2kkwtTCQZJU00BGXGCCL5rbIEhezGNOgi8PgA6DWfUuMirbGf7+vBG Q==; X-CSE-ConnectionGUID: JffBJPapREWU4bj/LcBW1g== X-CSE-MsgGUID: XIVRp/ByTdydPOtaehUkWg== X-IronPort-AV: E=McAfee;i="6800,10657,11469"; a="51919317" X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="51919317" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jun 2025 06:53:48 -0700 X-CSE-ConnectionGUID: yBZb9zvBRyCtqfZeK8tztg== X-CSE-MsgGUID: KfKEqQL6TW2sTfKtzfPLbg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="155292134" Received: from black.fi.intel.com ([10.237.72.28]) by orviesa003.jf.intel.com with ESMTP; 20 Jun 2025 06:53:34 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id AE6EE3F4; Fri, 20 Jun 2025 16:53:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv6 07/16] x86/vsyscall: Reorganize the #PF emulation code Date: Fri, 20 Jun 2025 16:53:15 +0300 Message-ID: <20250620135325.3300848-8-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> References: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sohil Mehta Separate out the actual vsyscall emulation from the page fault specific handling in preparation for the upcoming #GP fault emulation. No functional change intended. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin Signed-off-by: Kirill A. Shutemov --- arch/x86/entry/vsyscall/vsyscall_64.c | 42 +++++++++++++++------------ arch/x86/include/asm/vsyscall.h | 8 ++--- arch/x86/mm/fault.c | 2 +- 3 files changed, 29 insertions(+), 23 deletions(-) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c index c9103a6fa06e..f18b08c03553 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -112,30 +112,13 @@ static bool write_ok_or_segv(unsigned long ptr, size_t size) } } -bool emulate_vsyscall(unsigned long error_code, - struct pt_regs *regs, unsigned long address) +static bool __emulate_vsyscall(struct pt_regs *regs, unsigned long address) { unsigned long caller; int vsyscall_nr, syscall_nr, tmp; long ret; unsigned long orig_dx; - /* Write faults or kernel-privilege faults never get fixed up. */ - if ((error_code & (X86_PF_WRITE | X86_PF_USER)) != X86_PF_USER) - return false; - - if (!(error_code & X86_PF_INSTR)) { - /* Failed vsyscall read */ - if (vsyscall_mode == EMULATE) - return false; - - /* - * User code tried and failed to read the vsyscall page. - */ - warn_bad_vsyscall(KERN_INFO, regs, "vsyscall read attempt denied -- look up the vsyscall kernel parameter if you need a workaround"); - return false; - } - /* * No point in checking CS -- the only way to get here is a user mode * trap to a high address, which means that we're in 64-bit user code. @@ -270,6 +253,29 @@ bool emulate_vsyscall(unsigned long error_code, return true; } +bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs, + unsigned long address) +{ + /* Write faults or kernel-privilege faults never get fixed up. */ + if ((error_code & (X86_PF_WRITE | X86_PF_USER)) != X86_PF_USER) + return false; + + if (!(error_code & X86_PF_INSTR)) { + /* Failed vsyscall read */ + if (vsyscall_mode == EMULATE) + return false; + + /* + * User code tried and failed to read the vsyscall page. + */ + warn_bad_vsyscall(KERN_INFO, regs, + "vsyscall read attempt denied -- look up the vsyscall kernel parameter if you need a workaround"); + return false; + } + + return __emulate_vsyscall(regs, address); +} + /* * A pseudo VMA to allow ptrace access for the vsyscall page. This only * covers the 64bit vsyscall page now. 32bit has a real VMA now and does diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscall.h index 472f0263dbc6..214977f4fa11 100644 --- a/arch/x86/include/asm/vsyscall.h +++ b/arch/x86/include/asm/vsyscall.h @@ -14,12 +14,12 @@ extern void set_vsyscall_pgtable_user_bits(pgd_t *root); * Called on instruction fetch fault in vsyscall page. * Returns true if handled. */ -extern bool emulate_vsyscall(unsigned long error_code, - struct pt_regs *regs, unsigned long address); +extern bool emulate_vsyscall_pf(unsigned long error_code, + struct pt_regs *regs, unsigned long address); #else static inline void map_vsyscall(void) {} -static inline bool emulate_vsyscall(unsigned long error_code, - struct pt_regs *regs, unsigned long address) +static inline bool emulate_vsyscall_pf(unsigned long error_code, + struct pt_regs *regs, unsigned long address) { return false; } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index 998bd807fc7b..fbcc2da75fd6 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -1316,7 +1316,7 @@ void do_user_addr_fault(struct pt_regs *regs, * to consider the PF_PK bit. */ if (is_vsyscall_vaddr(address)) { - if (emulate_vsyscall(error_code, regs, address)) + if (emulate_vsyscall_pf(error_code, regs, address)) return; } #endif From patchwork Fri Jun 20 13:53:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 898478 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC67A291861; Fri, 20 Jun 2025 13:53:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427631; cv=none; b=UKLYsz0Q3SXqeL9s5z6+GBHp7F4L6FHtncckeAJAd5FKdIyB/sjs5DGCLFl6PVfL9H6AarLHzM6YenFz8noozU59vo6MPin+km/PJCP47wyLI+KXJR7ycrcu+nkrojhDyOhzX0w4p1jL+oZBcPu4E/Gq9/5kcAvCYxSt0tyAnqc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427631; c=relaxed/simple; bh=HbPmwi8AshufdSIx8XTVcQlvNsvbbzDCxbhzFZVS0Ew=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=f7avFc0hoyibA5lzaTRVEMFW/FilPyeteIgWCAjGaONSGAp9Nj5fESQKaza3do95MCgtL1Rq+o1NBym1hjl8S1Gi7sqsWcdoEvfhMViNtttQHpkK93FX+RnvDwcxrHBzxF6UTVSz3ZGSj6R3o9mQD9NnosWVAHVjCGKkWxYBdmo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=RJ6+G6Vg; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="RJ6+G6Vg" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750427630; x=1781963630; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=HbPmwi8AshufdSIx8XTVcQlvNsvbbzDCxbhzFZVS0Ew=; b=RJ6+G6VgXzkWAwpOGPAZNzitzMxP/DO8/tXAwpYJwCKSfjbRFqbt7+1M ivrZbNk0w36dmy5yA7fIpqZseH4orbu/+OfZuDvzoQFBH5QBuFiG32zCb UfezpqzDdrSCpdmiwbYIz5ZqN7PsyH615yBHC1hLWgCawWm2ZTC7eBPPV 5JPpe98Dy6hS4aMOwt0lw41u5nJ1WM3imzoTbOiwDGArdxwBV27dCsREM qwFpzGcnBSb1NSgMtYLPJNO2tYWmlDI3sfQSRBm/f0xFqKp6cEJNuW2K2 8Ov3qtamt6bGi9XDWkZAnOPd+5WLD37E8usSlOxKCxkzsDawfnXThdKGB g==; X-CSE-ConnectionGUID: ZRekWSnGQ7uzhcNxUMA4xw== X-CSE-MsgGUID: VttFcapAThiWOp23Ec+0Cw== X-IronPort-AV: E=McAfee;i="6800,10657,11469"; a="51919340" X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="51919340" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jun 2025 06:53:48 -0700 X-CSE-ConnectionGUID: lmSPR2CqQAG/m/9rn5rcXQ== X-CSE-MsgGUID: +uQSGnp/TxW1FZ48fNmRlQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="155292142" Received: from black.fi.intel.com ([10.237.72.28]) by orviesa003.jf.intel.com with ESMTP; 20 Jun 2025 06:53:34 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id C1DF141C; Fri, 20 Jun 2025 16:53:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, Dave Hansen , "Kirill A. Shutemov" Subject: [PATCHv6 08/16] x86/traps: Consolidate user fixups in exc_general_protection() Date: Fri, 20 Jun 2025 16:53:16 +0300 Message-ID: <20250620135325.3300848-9-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> References: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sohil Mehta Move the UMIP exception fixup along with the other user mode fixups, that is, under the common "if (user_mode(regs))" condition where the rest of the fixups reside. No functional change intended. Suggested-by: Dave Hansen Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/traps.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index c5c897a86418..3eb2ef46f733 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -800,11 +800,6 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) cond_local_irq_enable(regs); - if (static_cpu_has(X86_FEATURE_UMIP)) { - if (user_mode(regs) && fixup_umip_exception(regs)) - goto exit; - } - if (v8086_mode(regs)) { local_irq_enable(); handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code); @@ -819,6 +814,9 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) if (fixup_vdso_exception(regs, X86_TRAP_GP, error_code, 0)) goto exit; + if (cpu_feature_enabled(X86_FEATURE_UMIP) && fixup_umip_exception(regs)) + goto exit; + gp_user_force_sig_segv(regs, X86_TRAP_GP, error_code, desc); goto exit; } From patchwork Fri Jun 20 13:53:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 898477 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A6D0F299AAC; Fri, 20 Jun 2025 13:53:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427633; cv=none; b=O7VsP4keN3EcW8NIEdJAIrq7e4nCXL8yLLBCiJ7/AhVU4T1uRBulAwEotRRepCwbZ6RpKDiqbiTw3p9g8nKpF4UdOnysxi6ai5AmUf5vtKxTjbfnEIN8Eekd0LG9bq+d79j2jVQVMh8lGsUddFw4VpHJ6Qb9cMKOt6hpXPe3Tdg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427633; c=relaxed/simple; bh=hqslAmBsHA+s5rclK/PLuhquqmdRqvtTBSMQN1soz3k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=V+AhiIISJ35hB6d93Cjh2MbQGuIRaV3MYeJQcV87BCLhcy/Lx1MYzXiNUbFQIYnS7gP7cWs2HgaLDmBWogJZOihTSvSOtwlBIOPgpgzDR7cpI/xLAdy/YmmbrstTEdwVhl2gJTHP1hzYAI0M3VZxs9+U8V7iQ1jZhkauIYWWUrI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=NlS9uDgm; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="NlS9uDgm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750427632; x=1781963632; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=hqslAmBsHA+s5rclK/PLuhquqmdRqvtTBSMQN1soz3k=; b=NlS9uDgmnlVj8oHNV2QVtAQOWfyJhDReGwMZxdEp87XPR/HxKdB/06Py TnzhivBfMhqHXkVwJDerc8DRPNnAKnIz5C8SzoT237hEY87WLOGJCh6C6 S2VQBGP+LWW+tfgEA1uG59Aj4QB5qwEYhMbOMFiNsc7gOfZ5csnYqkSQd /FZRufgglw4YPitzUz6NnfSlgRtAC8XreslVv3aAodw2I9jmu3Kf8inb5 A8n4Z5nr4ebEpY3RBVZsO3y2PkckDl3t5MyrxyV5XR5wP+V+CdF4+/QMp KFXFc0u+vZL29CI2vMNvbMAZFwsMUE0Zb83S3R4Z+GoK5pFI2eXHgiGbk A==; X-CSE-ConnectionGUID: p+nMEVVJQYuaJkvK3JNT2A== X-CSE-MsgGUID: ZPj86VJ3TriSuDlQLsfr8Q== X-IronPort-AV: E=McAfee;i="6800,10657,11469"; a="51919385" X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="51919385" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jun 2025 06:53:51 -0700 X-CSE-ConnectionGUID: 3V7/tI0oSwOdDYe2udpvxg== X-CSE-MsgGUID: oAleeYJpQQW3/5k37JprDw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="155292152" Received: from black.fi.intel.com ([10.237.72.28]) by orviesa003.jf.intel.com with ESMTP; 20 Jun 2025 06:53:35 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id D06F14B0; Fri, 20 Jun 2025 16:53:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv6 09/16] x86/vsyscall: Add vsyscall emulation for #GP Date: Fri, 20 Jun 2025 16:53:17 +0300 Message-ID: <20250620135325.3300848-10-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> References: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sohil Mehta The legacy vsyscall page is mapped at a fixed address in the kernel address range 0xffffffffff600000-0xffffffffff601000. Prior to LASS being introduced, a legacy vsyscall page access from userspace would always generate a page fault. The kernel emulates the execute (XONLY) accesses in the page fault handler and returns back to userspace with the appropriate register values. Since LASS intercepts these accesses before the paging structures are traversed it generates a general protection fault instead of a page fault. The #GP fault doesn't provide much information in terms of the error code. So, use the faulting RIP which is preserved in the user registers to emulate the vsyscall access without going through complex instruction decoding. Signed-off-by: Sohil Mehta Signed-off-by: Alexander Shishkin Signed-off-by: Kirill A. Shutemov --- arch/x86/entry/vsyscall/vsyscall_64.c | 11 ++++++++++- arch/x86/include/asm/vsyscall.h | 6 ++++++ arch/x86/kernel/traps.c | 4 ++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c index f18b08c03553..f07c1d087227 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -23,7 +23,7 @@ * soon be no new userspace code that will ever use a vsyscall. * * The code in this file emulates vsyscalls when notified of a page - * fault to a vsyscall address. + * fault or a general protection fault to a vsyscall address. */ #include @@ -276,6 +276,15 @@ bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs, return __emulate_vsyscall(regs, address); } +bool emulate_vsyscall_gp(struct pt_regs *regs) +{ + /* Emulate only if the RIP points to the vsyscall address */ + if (!is_vsyscall_vaddr(regs->ip)) + return false; + + return __emulate_vsyscall(regs, regs->ip); +} + /* * A pseudo VMA to allow ptrace access for the vsyscall page. This only * covers the 64bit vsyscall page now. 32bit has a real VMA now and does diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscall.h index 214977f4fa11..4eb8d3673223 100644 --- a/arch/x86/include/asm/vsyscall.h +++ b/arch/x86/include/asm/vsyscall.h @@ -16,6 +16,7 @@ extern void set_vsyscall_pgtable_user_bits(pgd_t *root); */ extern bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs, unsigned long address); +extern bool emulate_vsyscall_gp(struct pt_regs *regs); #else static inline void map_vsyscall(void) {} static inline bool emulate_vsyscall_pf(unsigned long error_code, @@ -23,6 +24,11 @@ static inline bool emulate_vsyscall_pf(unsigned long error_code, { return false; } + +static inline bool emulate_vsyscall_gp(struct pt_regs *regs) +{ + return false; +} #endif /* diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index 3eb2ef46f733..333c45df80fc 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -69,6 +69,7 @@ #include #include #include +#include #ifdef CONFIG_X86_64 #include @@ -817,6 +818,9 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) if (cpu_feature_enabled(X86_FEATURE_UMIP) && fixup_umip_exception(regs)) goto exit; + if (cpu_feature_enabled(X86_FEATURE_LASS) && emulate_vsyscall_gp(regs)) + goto exit; + gp_user_force_sig_segv(regs, X86_TRAP_GP, error_code, desc); goto exit; } From patchwork Fri Jun 20 13:53:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 898476 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6940A29DB79; Fri, 20 Jun 2025 13:53:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427635; cv=none; b=ZNdacZa9cjF+8kkbZBt6ONbjCBarcJcPxqGWIrG/JxFBOnJ/gzGz7DiQLb1srPgc2iupDalZGM3LJB3Fz0J339rYrqFOossMfDc/cWDMF29msmNh+tJ/cs1XEtKSimqFnPwRyJ7Vkye4ZPIiY+ikaXSe4bFKCWEXmXbumPaXsyI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427635; c=relaxed/simple; bh=y/CedaaKlFdbrxkql8ztvuaZ9CW/pvTqK0EU0vlRN80=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=MHkGEFp9h5JKvqlDNP9pkrPDR2NogjDrJmElKXrUDtB78V8O7bIhwjuHek+7JNUJzyHwWJng2qOxph16MABnhsvQdXfq0AAC0auTFLAxQaHfFrtV29cnyXb5a8Odk9Z3rdzNeBYkv9JvSbHkWTqxIoQvBUqHQlrMz0720Uqz5zo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=aP70DChs; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="aP70DChs" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750427633; x=1781963633; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=y/CedaaKlFdbrxkql8ztvuaZ9CW/pvTqK0EU0vlRN80=; b=aP70DChseWzeO3JOair9unG9XIH4WFwupv+a3qNwYJv0ieuL8sQb2RgV RLfmTxKf6GSH+VkIfaVDRnu6jJMLmkz3gH/k3l2npie4dZFl6nAre03ST snnkQ9djI/BMRwgDal9zXcqTnDnC/FJvMoKX1Tk6B0UO7lcazPuFBJPO/ vbF2ryEESAirgdEUGmL2Zuo0I5Db2UUAhacdrwxWnv2rZyprGPqdkurnX onKO4j6++TfqTFc+lkEVksFFLRUGY000B0uOZe4ziAakbggIlmrKP+SPW fhKW9MFx1u49AO6ZPiKPiEmraM3kpIoE4tariJldmLV6fIfuQBG5tz3hb Q==; X-CSE-ConnectionGUID: t1ruuPZLQtytOc0m6+DtyA== X-CSE-MsgGUID: XiikWXU3T3WZXZXW7lSlKg== X-IronPort-AV: E=McAfee;i="6800,10657,11469"; a="51919436" X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="51919436" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jun 2025 06:53:52 -0700 X-CSE-ConnectionGUID: dVzB+ju+T0SgPREksYDMcg== X-CSE-MsgGUID: EXKdu1V+RAiqUbBS+1zHgg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="155292158" Received: from black.fi.intel.com ([10.237.72.28]) by orviesa003.jf.intel.com with ESMTP; 20 Jun 2025 06:53:39 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 181AC7DA; Fri, 20 Jun 2025 16:53:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv6 13/16] x86/traps: Handle LASS thrown #SS Date: Fri, 20 Jun 2025 16:53:21 +0300 Message-ID: <20250620135325.3300848-14-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> References: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Alexander Shishkin LASS throws a #GP for any violations except for stack register accesses, in which case it throws a #SS instead. Handle this similarly to how other LASS violations are handled. Signed-off-by: Alexander Shishkin Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/traps.c | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index 0f558d3369a3..bd8f7e72b238 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -418,12 +418,6 @@ DEFINE_IDTENTRY_ERRORCODE(exc_segment_not_present) SIGBUS, 0, NULL); } -DEFINE_IDTENTRY_ERRORCODE(exc_stack_segment) -{ - do_error_trap(regs, error_code, "stack segment", X86_TRAP_SS, SIGBUS, - 0, NULL); -} - DEFINE_IDTENTRY_ERRORCODE(exc_alignment_check) { char *str = "alignment check"; @@ -866,6 +860,34 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection) cond_local_irq_disable(regs); } +DEFINE_IDTENTRY_ERRORCODE(exc_stack_segment) +{ + if (cpu_feature_enabled(X86_FEATURE_LASS)) { + enum kernel_gp_hint hint = GP_NO_HINT; + unsigned long gp_addr; + + if (user_mode(regs)) { + gp_user_force_sig_segv(regs, X86_TRAP_GP, error_code, GPFSTR); + return; + } + + hint = get_kernel_gp_address(regs, &gp_addr); + if (hint != GP_NO_HINT) { + printk(GPFSTR ", %s 0x%lx", kernel_gp_hint_help[hint], + gp_addr); + } + + if (hint != GP_NON_CANONICAL) + gp_addr = 0; + + die_addr(GPFSTR, regs, error_code, gp_addr); + return; + } + + do_error_trap(regs, error_code, "stack segment", X86_TRAP_SS, SIGBUS, + 0, NULL); +} + static bool do_int3(struct pt_regs *regs) { int res; From patchwork Fri Jun 20 13:53:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 898475 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A9A929DB7F; Fri, 20 Jun 2025 13:53:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427635; cv=none; b=PI3VTc96IasavLbCcPQkFmiYGkRP8LrsJysikX+5fbMReraGre2+tyN0HggJguGmSn9NKrGfKqyZ975ao+leT35KmI2/fz9jN1gTYi1LLvMCpTd4L6hL315RJV27hQfGZ/Zyav15VGHpAbck7PwiqheQ480l5Xq4eVsVGZsRP/8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750427635; c=relaxed/simple; bh=UXQro1nhuXHnLN9WvBTrdf+zqqavYnpmltBFM1Abf3w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=W7oobbqrbnPphy2885WL/6pKdRpcOyM4BieNISh0CCkt+YdoQceKUkL06/Ggoc3vt9Z0O15PA5QGui7P2PGe6EUxhBaCsNkRrnPIOq4V6XQPTkE+edLHtfPyxnZvEaZcL1a7N/OZH3L4GJlerkwqRPYdUmB/a1qlnrysT1EQpcU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=cQQqAWNn; arc=none smtp.client-ip=192.198.163.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="cQQqAWNn" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1750427634; x=1781963634; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=UXQro1nhuXHnLN9WvBTrdf+zqqavYnpmltBFM1Abf3w=; b=cQQqAWNnPIrTd7jgAAJW1A3k3QCAQTcGyeQpXIwRCvgjs1zEE+lDHx3p 2xPipKPnoWZ0B1e/tl2H6viWxgC8MuYelSSPBHFHiLWvdGy+gJJlegry4 OVwtD5rdmHtdiDwKl1bnD+uOl+3ZYJg/KyRnB9EwHaG8hYnlo3NHqkJe8 U1eVZzEvTehG3YjcA0q9HnTFQEDOop5Vgm3TlIaRMhBmXM6v9eHettmcW TLDmH/Q++ylzlpPL1AtU+fWsL1h5VEvEZbY5g9WZW3+rPaOMWbwI8n6ZY b7fvvooPbM7b21GUhZX2VCGW7XG8wsMfWVhEfnClEGDQ7pcUbl/9dEGpZ A==; X-CSE-ConnectionGUID: ogjtmG97TE+iRBdKyVkelQ== X-CSE-MsgGUID: /gEKRepgSm65w4WinwKS3A== X-IronPort-AV: E=McAfee;i="6800,10657,11469"; a="63298032" X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="63298032" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jun 2025 06:53:53 -0700 X-CSE-ConnectionGUID: 3cdRhCzmQ6y4eQ96FN8e8A== X-CSE-MsgGUID: 0eoyFOJ+S1GWBUwCf2kviQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,251,1744095600"; d="scan'208";a="155470819" Received: from black.fi.intel.com ([10.237.72.28]) by orviesa004.jf.intel.com with ESMTP; 20 Jun 2025 06:53:42 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 268609FF; Fri, 20 Jun 2025 16:53:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Ard Biesheuvel , "Paul E. McKenney" , Josh Poimboeuf , Xiongwei Song , Xin Li , "Mike Rapoport (IBM)" , Brijesh Singh , Michael Roth , Tony Luck , Alexey Kardashevskiy , Alexander Shishkin Cc: Jonathan Corbet , Sohil Mehta , Ingo Molnar , Pawan Gupta , Daniel Sneddon , Kai Huang , Sandipan Das , Breno Leitao , Rick Edgecombe , Alexei Starovoitov , Hou Tao , Juergen Gross , Vegard Nossum , Kees Cook , Eric Biggers , Jason Gunthorpe , "Masami Hiramatsu (Google)" , Andrew Morton , Luis Chamberlain , Yuntao Wang , Rasmus Villemoes , Christophe Leroy , Tejun Heo , Changbin Du , Huang Shijie , Geert Uytterhoeven , Namhyung Kim , Arnaldo Carvalho de Melo , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, linux-mm@kvack.org, "Kirill A. Shutemov" Subject: [PATCHv6 14/16] x86/cpu: Make LAM depend on LASS Date: Fri, 20 Jun 2025 16:53:22 +0300 Message-ID: <20250620135325.3300848-15-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> References: <20250620135325.3300848-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-efi@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Alexander Shishkin To prevent exploits for Spectre based on LAM as demonstrated by the whitepaper [1], make LAM depend on LASS, which avoids this type of vulnerability. [1] https://download.vusec.net/papers/slam_sp24.pdf Signed-off-by: Alexander Shishkin Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/cpu/cpuid-deps.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c index 98d0cdd82574..11bb9ed40140 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -90,6 +90,7 @@ static const struct cpuid_dep cpuid_deps[] = { { X86_FEATURE_FRED, X86_FEATURE_LKGS }, { X86_FEATURE_SPEC_CTRL_SSBD, X86_FEATURE_SPEC_CTRL }, { X86_FEATURE_LASS, X86_FEATURE_SMAP }, + { X86_FEATURE_LAM, X86_FEATURE_LASS }, {} };