Received: by 10.223.176.5 with SMTP id f5csp442763wra; Fri, 9 Feb 2018 01:29:12 -0800 (PST) X-Google-Smtp-Source: AH8x226/z8vERcqDPcHu9p+Fs9oRHE3HmkySN1GfjoKUndIFrwrV+rCsuakHXXPw31aTwYmLD0T1 X-Received: by 10.98.137.6 with SMTP id v6mr2189295pfd.179.1518168552765; Fri, 09 Feb 2018 01:29:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518168552; cv=none; d=google.com; s=arc-20160816; b=Hvl/0H6o/RX5dlVw7UddiS4Ijztzt9BKJASgZfu4bGn17P3lGprNyy/G4ZimnDzP0w LOPVfzMJLJHMpM77ZIxRoTE4tBdOcs/bA7K6NNdVy1K8pwwYGS0QZ6lqTwCF4UGGUjpg bBSV/172oN8K+yTTj/a1COX8fE561Wor6rnZooXnN5CzMbP/5rV1tLB+tXkObl9QgcEd oS4vQWkDnhmzqz5eSNhMirB3DdD5Ee2tJ7BfVY3AjIWuZZa9iqvRax7ECueddDsJZKhn mZhOE4q+YL21OhtIRul+c17hCesjENBEZR4eDdqNYvUW4sj+bo8gsiOKNkPqDyn7HSZx LYsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=FOGcjZdCJswE4mbEpM6qn1i3rwOsDJ4PA+EewLYsZVk=; b=mNHtYagLv3b6mjzVy/5n4Pt3aZGmbvej7LYVU5Fai7r2R9odMxeal0g6IngKVtH2hV 5Wd0Mb37qtM2Gn/eqFZK0C54LxOOV7WAJSuJDUrJ4+e5U1K7jX9sWjEKxgbJaqulhTVY qAv2hUJCDfhzy7ZtaGrKmtKaAUEbe0wKC+qps3SrH1oIBHHzzRf3gSHZM/MKtDBLCVyZ aAEL6AsF+iXoi3/71aeotvZk9//DbyrFHm8hO16Qvk/bs0Y56Xay1bT4BZloZAImzO0T Jup+9YUFwyNicqrxLLL/hxYBj5PzYbkcoUbb7D8+tUUNMKYE1bQwt1IZQ7R42cOqsqaX /hIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=NEGSudBf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x6-v6si1260887plo.104.2018.02.09.01.28.55; Fri, 09 Feb 2018 01:29:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=NEGSudBf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752470AbeBIJ0P (ORCPT + 99 others); Fri, 9 Feb 2018 04:26:15 -0500 Received: from 8bytes.org ([81.169.241.247]:43324 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752190AbeBIJZ7 (ORCPT ); Fri, 9 Feb 2018 04:25:59 -0500 Received: by theia.8bytes.org (Postfix, from userid 1000) id A5BD15C6; Fri, 9 Feb 2018 10:25:52 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=8bytes.org; s=mail-1; t=1518168352; bh=9LzAepj37NMdxXigTE2RLTbHqYL+5/Z0F3B+5iWsKvY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NEGSudBf2JGLaPVZnuYLIsAtXVANzHff6MG6sTJBw6hS2a9LFyEJW/FhZAGOCrcam 7VaK3naDf1xgNC/5HVOL+1ECVheDwqedO+zhq5j7QkCZOJ9Xp8I4AUp4OU/wFiBfPY Om14WgmYKGIUWPnlP3y30qCrmHzXid3Gm8ZL0sMskQwcjh4mBmXyOf16dSFFpntpXN 1w9Hb+TNs82oMK7O8jemXQjDjrcJDgdUyFRQ7SHarHC3JL8ZCwe8e8C2nX/CUQZi5P r/uqkuo7aIlyASUfenSb5D91DSLFFMd/WinQRb3TwJjUBju8huO+vBtB3EJ+LXOKtV 7gR/m1D+42YJA== From: Joerg Roedel To: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Linus Torvalds , Andy Lutomirski , Dave Hansen , Josh Poimboeuf , Juergen Gross , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Greg KH , Will Deacon , aliguori@amazon.com, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, Andrea Arcangeli , Waiman Long , Pavel Machek , jroedel@suse.de, joro@8bytes.org Subject: [PATCH 12/31] x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points Date: Fri, 9 Feb 2018 10:25:21 +0100 Message-Id: <1518168340-9392-13-git-send-email-joro@8bytes.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1518168340-9392-1-git-send-email-joro@8bytes.org> References: <1518168340-9392-1-git-send-email-joro@8bytes.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel Add unconditional cr3 switches between user and kernel cr3 to all non-NMI entry and exit points. Signed-off-by: Joerg Roedel --- arch/x86/entry/entry_32.S | 59 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 58 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S index 9693485..b5ef003 100644 --- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -328,6 +328,25 @@ #endif /* CONFIG_X86_ESPFIX32 */ .endm +/* Unconditionally switch to user cr3 */ +.macro SWITCH_TO_USER_CR3 scratch_reg:req + ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_PTI + + movl %cr3, \scratch_reg + orl $PTI_SWITCH_MASK, \scratch_reg + movl \scratch_reg, %cr3 +.Lend_\@: +.endm + +/* Unconditionally switch to kernel cr3 */ +.macro SWITCH_TO_KERNEL_CR3 scratch_reg:req + ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_PTI + movl %cr3, \scratch_reg + andl $(~PTI_SWITCH_MASK), \scratch_reg + movl \scratch_reg, %cr3 +.Lend_\@: +.endm + /* * Called with pt_regs fully populated and kernel segments loaded, @@ -343,6 +362,8 @@ ALTERNATIVE "", "jmp .Lend_\@", X86_FEATURE_XENPV + SWITCH_TO_KERNEL_CR3 scratch_reg=%eax + /* Are we on the entry stack? Bail out if not! */ movl PER_CPU_VAR(cpu_entry_area), %edi addl $CPU_ENTRY_AREA_entry_stack, %edi @@ -637,6 +658,18 @@ ENTRY(xen_sysenter_target) * 0(%ebp) arg6 */ ENTRY(entry_SYSENTER_32) + /* + * On entry-stack with all userspace-regs live - save and + * restore eflags and %eax to use it as scratch-reg for the cr3 + * switch. + */ + pushfl + pushl %eax + SWITCH_TO_KERNEL_CR3 scratch_reg=%eax + popl %eax + popfl + + /* Stack empty again, switch to task stack */ movl TSS_entry_stack(%esp), %esp .Lsysenter_past_esp: @@ -691,6 +724,10 @@ ENTRY(entry_SYSENTER_32) movl PT_OLDESP(%esp), %ecx /* pt_regs->sp */ 1: mov PT_FS(%esp), %fs PTGS_TO_GS + + /* Segments are restored - switch to user cr3 */ + SWITCH_TO_USER_CR3 scratch_reg=%eax + popl %ebx /* pt_regs->bx */ addl $2*4, %esp /* skip pt_regs->cx and pt_regs->dx */ popl %esi /* pt_regs->si */ @@ -778,7 +815,23 @@ restore_all: .Lrestore_all_notrace: CHECK_AND_APPLY_ESPFIX .Lrestore_nocheck: - RESTORE_REGS 4 # skip orig_eax/error_code + /* + * First restore user segments. This can cause exceptions, so we + * run it with kernel cr3. + */ + RESTORE_SEGMENTS + + /* + * Segments are restored - no more exceptions from here on except on + * iret, but that handled safely. + */ + SWITCH_TO_USER_CR3 scratch_reg=%eax + + /* Restore rest */ + RESTORE_INT_REGS + + /* Unwind stack to the iret frame */ + RESTORE_SKIP_SEGMENTS 4 # skip orig_eax/error_code .Lirq_return: INTERRUPT_RETURN @@ -1139,6 +1192,10 @@ ENTRY(debug) SAVE_ALL ENCODE_FRAME_POINTER + + /* Make sure we are running on kernel cr3 */ + SWITCH_TO_KERNEL_CR3 scratch_reg=%eax + xorl %edx, %edx # error code 0 movl %esp, %eax # pt_regs pointer -- 2.7.4