Received: by 10.223.176.5 with SMTP id f5csp447095wra; Fri, 9 Feb 2018 01:34:13 -0800 (PST) X-Google-Smtp-Source: AH8x226J8TpeV5hcsE6RoUZJ4PiKELYY+U8mTPrsFFZ0EeD7QRs3wUw8SfvjjE3jHXYKYvF1wbnI X-Received: by 2002:a17:902:bf41:: with SMTP id u1-v6mr1921951pls.416.1518168853248; Fri, 09 Feb 2018 01:34:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518168853; cv=none; d=google.com; s=arc-20160816; b=X/NAt1PZ37JKiOncruza2yw2YYmAsOccuNQ87RPtU3WGJpApWJJ6/bCHhVE1eGpnpz b4UagNFboFSSE2cX4g1NgdlH/sBHlJCUg8dbuOdT1nXtGxvEvy/XbX0VQXcNQ827+TmN 9v1y7WwXOd1gNmAs7D5y5FUK840M/6fCLXpzC4tWAiFVEOSbgJQeFOAVDoGd3ulsycdv Qc8kA0mv28bazws9wwB65Sca+/Has22uk9ZwVV5xuW5CEEnht80HzSLDrKv2XgtVVwYP 8TX/al/6TVAKruidtaK8lekWXB8hmNXMW7byNMptdFRVzmsH1tDhCi6/+CT72IsxYLCg qx0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=cpca8R8tSPFGNg2CkYY+OWUT2oexdUqlX44dCw/JZc8=; b=nWkNq6uUl8c8mE34RBkqa7sgKWNHZUb699dgW0HPFBU4fAO+QUJCkytAjYNIpXaeKy 5TP87q4zJzJOa132v7lu7eMuc/cmTHLoFxkpxivDmFRnjrYbuVJPFpVnvk2bs4xYacXD /OHHpofNaW7jUFostTHC3J5HWGwb9IghMidzW2WDhwPKXuC4zgPiiGCbXatxrUM8IjkK XHA6ZEmszGI3CggQWT/3FKml2n1d8XpyLhxXRIi3e/aT4djNKnBK2dk+//t169YdY6uP c/aQfHq/2EMRgvj/0nTVY8OgReSRX4ZF0V/EbTuSII29KphGjB1dIVb4HOp0YSSlK0xg RRAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=UXfkV2yj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j128si1441999pfc.209.2018.02.09.01.33.59; Fri, 09 Feb 2018 01:34:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=UXfkV2yj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752866AbeBIJcJ (ORCPT + 99 others); Fri, 9 Feb 2018 04:32:09 -0500 Received: from 8bytes.org ([81.169.241.247]:43388 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752210AbeBIJ0A (ORCPT ); Fri, 9 Feb 2018 04:26:00 -0500 Received: by theia.8bytes.org (Postfix, from userid 1000) id 1CC1F524; Fri, 9 Feb 2018 10:25:52 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=8bytes.org; s=mail-1; t=1518168353; bh=T+t/mJN4M8mvbYAe1zEatFzWVj2Xt9WZF9T0Tp23GZE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UXfkV2yjqLg7Ly/3uva8GN1oNTS6Ha4GQ6veAXEcZdinX8XESClrVqpAhiExHO/qh usdpHE+Z2rdGc1edROyf0k/BdhXJvk2Bha+d3qaHpzLrFB5KD59wiquhCNAbZwhNMJ Z7cN5lvNc+C6Loz3N/BC149R57wczhbpe02mftIDpqpEEV+YAWd/QWQ8lf0VwqXfD1 JYtGcu7jcDfvqJQWwtB+d9vT2sOivukFtUeA+3yvR05gpBMlKDw3OwTfV54qyOZpfg J8LYzwnTlWe/h8N0p+KExbbyyP70Sx/I5m1pW6sHCaRPhCohWqPiDGKSfMuAkfSgwa VLYnwov6A3ToA== From: Joerg Roedel To: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Linus Torvalds , Andy Lutomirski , Dave Hansen , Josh Poimboeuf , Juergen Gross , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Greg KH , Will Deacon , aliguori@amazon.com, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, Andrea Arcangeli , Waiman Long , Pavel Machek , jroedel@suse.de, joro@8bytes.org Subject: [PATCH 11/31] x86/entry/32: Add PTI cr3 switches to NMI handler code Date: Fri, 9 Feb 2018 10:25:20 +0100 Message-Id: <1518168340-9392-12-git-send-email-joro@8bytes.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1518168340-9392-1-git-send-email-joro@8bytes.org> References: <1518168340-9392-1-git-send-email-joro@8bytes.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel The NMI handler is special, as it needs to leave with the same cr3 as it was entered with. We need to do this because we could enter the NMI handler from kernel code with user-cr3 already loaded. Signed-off-by: Joerg Roedel --- arch/x86/entry/entry_32.S | 52 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 6 deletions(-) diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S index be1d814..9693485 100644 --- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -77,6 +77,8 @@ #endif .endm +#define PTI_SWITCH_MASK (1 << PAGE_SHIFT) + /* * User gs save/restore * @@ -167,8 +169,30 @@ .endm -.macro SAVE_ALL_NMI +.macro SAVE_ALL_NMI cr3_reg:req SAVE_ALL + + /* + * Now switch the CR3 when PTI is enabled. + * + * We can enter with either user or kernel cr3, the code will + * store the old cr3 in \cr3_reg and switches to the kernel cr3 + * if necessary. + */ + ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_PTI + + movl %cr3, \cr3_reg + testl $PTI_SWITCH_MASK, \cr3_reg + jz .Lend_\@ /* Already on kernel cr3 */ + + /* On user cr3 - write new kernel cr3 */ + andl $(~PTI_SWITCH_MASK), \cr3_reg + movl \cr3_reg, %cr3 + + /* Restore user cr3 value */ + orl $PTI_SWITCH_MASK, \cr3_reg + +.Lend_\@: .endm /* * This is a sneaky trick to help the unwinder find pt_regs on the stack. The @@ -227,13 +251,29 @@ RESTORE_SKIP_SEGMENTS \pop .endm -.macro RESTORE_ALL_NMI pop=0 +.macro RESTORE_ALL_NMI cr3_reg:req pop=0 /* * Restore segments - might cause exceptions when loading * user-space segments */ RESTORE_SEGMENTS + /* + * Now switch the CR3 when PTI is enabled. + * + * We enter with kernel cr3 and switch the cr3 to the value + * stored on \cr3_reg, which is either a user or a kernel cr3. + */ + ALTERNATIVE "jmp .Lswitched_\@", "", X86_FEATURE_PTI + + testl $PTI_SWITCH_MASK, \cr3_reg + jz .Lswitched_\@ + + /* User cr3 in \cr3_reg - write it to hardware cr3 */ + movl \cr3_reg, %cr3 + +.Lswitched_\@: + /* Restore integer registers and unwind stack to iret frame */ RESTORE_INT_REGS RESTORE_SKIP_SEGMENTS \pop @@ -1142,7 +1182,7 @@ ENTRY(nmi) #endif pushl %eax # pt_regs->orig_ax - SAVE_ALL_NMI + SAVE_ALL_NMI cr3_reg=%edi ENCODE_FRAME_POINTER xorl %edx, %edx # zero error code movl %esp, %eax # pt_regs pointer @@ -1170,7 +1210,7 @@ ENTRY(nmi) .Lnmi_return: CHECK_AND_APPLY_ESPFIX - RESTORE_ALL_NMI pop=4 + RESTORE_ALL_NMI cr3_reg=%edi pop=4 jmp .Lirq_return #ifdef CONFIG_X86_ESPFIX32 @@ -1186,12 +1226,12 @@ ENTRY(nmi) pushl 16(%esp) .endr pushl %eax - SAVE_ALL_NMI + SAVE_ALL_NMI cr3_reg=%edi ENCODE_FRAME_POINTER FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx, %edx # zero error code call do_nmi - RESTORE_ALL_NMI + RESTORE_ALL_NMI cr3_reg=%edi lss 12+4(%esp), %esp # back to espfix stack jmp .Lirq_return #endif -- 2.7.4