Received: by 10.223.185.116 with SMTP id b49csp2424084wrg; Mon, 5 Mar 2018 02:36:53 -0800 (PST) X-Google-Smtp-Source: AG47ELtu/C1xZfG2Iuec1YABMZGjoFkgzI+Dz4vWpX3orDdxu/l56QKchFTX0mVE51xzgFRJKpA+ X-Received: by 2002:a17:902:b117:: with SMTP id q23-v6mr12702278plr.58.1520246213772; Mon, 05 Mar 2018 02:36:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520246213; cv=none; d=google.com; s=arc-20160816; b=yHGePFDcpEhK+J1rAcwPhzaj8fJhjVHLIUsCu1uTGB/U/559gOzmC5m2gjWxx0/46N bu6BZfDncEUOUkvClu9HeCcDtDkKsQqbhybWfkfwJjdAa6uina7s4HK0IxtsUgmvJtXX Lt3vGz683bPvS+R9S2VMbFxBN6HdIxzIRbuE3XHWfXjijwFpeYcb9nbaV+v8Ixlcm6RS bDkmvdXuBqIHRGTG2L8Vvf1CjfKBgq6U7h9COeTfPQ2akN+gxxLdblAY1HLJJxsKz6k1 pSKTO9IFFmfyCh0cjqVjXkaT+r+v9jg24zW1VFkG90Iv0qCtTYVuDZM0EzKHA+rMj2Z8 414g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=lqDTZPgOy9Zup7fwv8/14WJaSbYFMc3N9hyxJ0hwDZA=; b=J8sL0FkoIc8kBu1kY2qciJ4dQuXglPfIKv7I4n78OmXIW4DNbNRYMGIxsmTD7gtYDZ 9NmEwPizwNMZlxtH4zpD5/YQFy5Iah49Nt2gW2HWDkfkHhO3YIdHImA/pUPO5+sC0LRm 5s3l9AEUHpN6YVOz7dSZK/6M0TjLAL4pbgoZDZmH+BBDs2TlMRPYGrE2UaIz5yxe8O4f 8sL6ETMbhIojBTbOMQVfU0SuDJ+ozK/1qrHp3DxN+ZWsgnb8LT+GLRtP/MFkJpSnHW21 xa0jWl0IvBlVSU7YPOSPn7iP6N6h05zHx515xyY0w6G+VCJlR4Rzr39tV9jEiVh3gpeg A7ug== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=d/vFP1db; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y4si8242366pgc.601.2018.03.05.02.36.39; Mon, 05 Mar 2018 02:36:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=d/vFP1db; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934234AbeCEKb7 (ORCPT + 99 others); Mon, 5 Mar 2018 05:31:59 -0500 Received: from 8bytes.org ([81.169.241.247]:54324 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933743AbeCEK0P (ORCPT ); Mon, 5 Mar 2018 05:26:15 -0500 Received: by theia.8bytes.org (Postfix, from userid 1000) id 65AE18E9; Mon, 5 Mar 2018 11:26:06 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=8bytes.org; s=mail-1; t=1520245567; bh=wHs29pkYg82uoMolmODit53eGHuPhH7u9SgF1lQ0A80=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=d/vFP1db8tgS1Pp/VqAZ2mQ51GJHIchBhROycQraZJLi4IXMTW0hxlo0MGooUiEGC pO3K3yCtLCkwxmJF2Q0oUlTST9ZAHib3g+EgFeX5VXVjMcEw4weomOBTtwRNmYB6Yb d+3xIwYVMiQDnYMYyggYfCf64T0vqf6V2wiYCq2JUjlnTo9XSFmslUNuO8Tkh0P5oK 8xcBg+bxsRd1+OO8v/cBhKI+Le6KOWvY3HPHN/lZJSmeSWNnf4nBa0beN4yr8FIko5 ZFkW/lvNfE7u393VxklLlQIDaz76dy6sDL0c+/FKAFibxWUhiFgDWzNM6fsLT8Z3BI 0RncNKPPLv4Dw== From: Joerg Roedel To: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Linus Torvalds , Andy Lutomirski , Dave Hansen , Josh Poimboeuf , Juergen Gross , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Greg KH , Will Deacon , aliguori@amazon.com, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, Andrea Arcangeli , Waiman Long , Pavel Machek , jroedel@suse.de, joro@8bytes.org Subject: [PATCH 13/34] x86/entry/32: Add PTI cr3 switches to NMI handler code Date: Mon, 5 Mar 2018 11:25:42 +0100 Message-Id: <1520245563-8444-14-git-send-email-joro@8bytes.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520245563-8444-1-git-send-email-joro@8bytes.org> References: <1520245563-8444-1-git-send-email-joro@8bytes.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel The NMI handler is special, as it needs to leave with the same cr3 as it was entered with. We need to do this because we could enter the NMI handler from kernel code with user-cr3 already loaded. Signed-off-by: Joerg Roedel --- arch/x86/entry/entry_32.S | 52 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 6 deletions(-) diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S index b1a5f34ee..35379e5 100644 --- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -77,6 +77,8 @@ #endif .endm +#define PTI_SWITCH_MASK (1 << PAGE_SHIFT) + /* * User gs save/restore * @@ -167,8 +169,30 @@ .endm -.macro SAVE_ALL_NMI +.macro SAVE_ALL_NMI cr3_reg:req SAVE_ALL + + /* + * Now switch the CR3 when PTI is enabled. + * + * We can enter with either user or kernel cr3, the code will + * store the old cr3 in \cr3_reg and switches to the kernel cr3 + * if necessary. + */ + ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_PTI + + movl %cr3, \cr3_reg + testl $PTI_SWITCH_MASK, \cr3_reg + jz .Lend_\@ /* Already on kernel cr3 */ + + /* On user cr3 - write new kernel cr3 */ + andl $(~PTI_SWITCH_MASK), \cr3_reg + movl \cr3_reg, %cr3 + + /* Restore user cr3 value */ + orl $PTI_SWITCH_MASK, \cr3_reg + +.Lend_\@: .endm /* * This is a sneaky trick to help the unwinder find pt_regs on the stack. The @@ -227,13 +251,29 @@ RESTORE_SKIP_SEGMENTS \pop .endm -.macro RESTORE_ALL_NMI pop=0 +.macro RESTORE_ALL_NMI cr3_reg:req pop=0 /* * Restore segments - might cause exceptions when loading * user-space segments */ RESTORE_SEGMENTS + /* + * Now switch the CR3 when PTI is enabled. + * + * We enter with kernel cr3 and switch the cr3 to the value + * stored on \cr3_reg, which is either a user or a kernel cr3. + */ + ALTERNATIVE "jmp .Lswitched_\@", "", X86_FEATURE_PTI + + testl $PTI_SWITCH_MASK, \cr3_reg + jz .Lswitched_\@ + + /* User cr3 in \cr3_reg - write it to hardware cr3 */ + movl \cr3_reg, %cr3 + +.Lswitched_\@: + /* Restore integer registers and unwind stack to iret frame */ RESTORE_INT_REGS RESTORE_SKIP_SEGMENTS \pop @@ -1242,7 +1282,7 @@ ENTRY(nmi) #endif pushl %eax # pt_regs->orig_ax - SAVE_ALL_NMI + SAVE_ALL_NMI cr3_reg=%edi ENCODE_FRAME_POINTER xorl %edx, %edx # zero error code movl %esp, %eax # pt_regs pointer @@ -1270,7 +1310,7 @@ ENTRY(nmi) .Lnmi_return: CHECK_AND_APPLY_ESPFIX - RESTORE_ALL_NMI pop=4 + RESTORE_ALL_NMI cr3_reg=%edi pop=4 jmp .Lirq_return #ifdef CONFIG_X86_ESPFIX32 @@ -1286,12 +1326,12 @@ ENTRY(nmi) pushl 16(%esp) .endr pushl %eax - SAVE_ALL_NMI + SAVE_ALL_NMI cr3_reg=%edi ENCODE_FRAME_POINTER FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx, %edx # zero error code call do_nmi - RESTORE_ALL_NMI + RESTORE_ALL_NMI cr3_reg=%edi lss 12+4(%esp), %esp # back to espfix stack jmp .Lirq_return #endif -- 2.7.4