From: konrad.wilk@oracle.com
To: speck@linutronix.de
Subject: [MODERATED] [patch 7/8] [PATCH v1.3.1 7/7] Linux Patch 7
Date: Thu, 12 Apr 2018 22:26:56 -0400 [thread overview]
Message-ID: <20180413022657.613792722@localhost.localdomain> (raw)
All of the entry points to the kernel call the SPEC_CTRL macro.
The macro itself is alternative assembly and is nop by default.
This only gets enabled if the user boots Linux with
mdd=userspace
at which point we will utilize the SPEC_CTRL MSR to enable
memory disambiguation when entering the kernel. And when
exiting to userspace we _disable_ memory disambiguation.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---
v3: s/md/mdd/
- Expand the commit
---
arch/x86/entry/entry_64.S | 14 +++++++++++++-
arch/x86/entry/entry_64_compat.S | 7 +++++++
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index 18ed349b4f83..b414c226d9b2 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -230,6 +230,8 @@ GLOBAL(entry_SYSCALL_64_after_hwframe)
PUSH_AND_CLEAR_REGS rax=$-ENOSYS
+ ENABLE_SPEC_CTRL
+
TRACE_IRQS_OFF
/* IRQs are off. */
@@ -305,6 +307,7 @@ GLOBAL(entry_SYSCALL_64_after_hwframe)
* perf profiles. Nothing jumps here.
*/
syscall_return_via_sysret:
+ DISABLE_SPEC_CTRL
/* rcx and r11 are already restored (see code above) */
UNWIND_HINT_EMPTY
POP_REGS pop_rdi=0 skip_r11rcx=1
@@ -591,6 +594,8 @@ ENTRY(interrupt_entry)
UNWIND_HINT_FUNC
movq (%rdi), %rdi
+
+ ENABLE_SPEC_CTRL
1:
PUSH_AND_CLEAR_REGS save_ret=1
@@ -660,6 +665,7 @@ GLOBAL(swapgs_restore_regs_and_return_to_usermode)
#endif
POP_REGS pop_rdi=0
+ DISABLE_SPEC_CTRL
/*
* The stack is now user RDI, orig_ax, RIP, CS, EFLAGS, RSP, SS.
* Save old stack pointer and switch to trampoline stack.
@@ -1178,6 +1184,7 @@ ENTRY(paranoid_entry)
1:
SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg=%rax save_reg=%r14
+ ENABLE_SPEC_CTRL_SAVE_N_CLOBBER save_reg=%r13d
ret
END(paranoid_entry)
@@ -1201,6 +1208,7 @@ ENTRY(paranoid_exit)
testl %ebx, %ebx /* swapgs needed? */
jnz .Lparanoid_exit_no_swapgs
TRACE_IRQS_IRETQ
+ RESTORE_SPEC_CTRL_CLOBBER save_reg=%r13d
RESTORE_CR3 scratch_reg=%rbx save_reg=%r14
SWAPGS_UNSAFE_STACK
jmp .Lparanoid_exit_restore
@@ -1230,6 +1238,7 @@ ENTRY(error_entry)
SWAPGS
/* We have user CR3. Change to kernel CR3. */
SWITCH_TO_KERNEL_CR3 scratch_reg=%rax
+ ENABLE_SPEC_CTRL_CLOBBER
.Lerror_entry_from_usermode_after_swapgs:
/* Put us onto the real thread stack. */
@@ -1291,7 +1300,7 @@ ENTRY(error_entry)
*/
SWAPGS
SWITCH_TO_KERNEL_CR3 scratch_reg=%rax
-
+ ENABLE_SPEC_CTRL
/*
* Pretend that the exception came from user mode: set up pt_regs
* as if we faulted immediately after IRET and clear EBX so that
@@ -1392,6 +1401,7 @@ ENTRY(nmi)
SWITCH_TO_KERNEL_CR3 scratch_reg=%rdx
movq %rsp, %rdx
movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
+ ENABLE_SPEC_CTRL
UNWIND_HINT_IRET_REGS base=%rdx offset=8
pushq 5*8(%rdx) /* pt_regs->ss */
pushq 4*8(%rdx) /* pt_regs->rsp */
@@ -1626,6 +1636,8 @@ end_repeat_nmi:
movq $-1, %rsi
call do_nmi
+ RESTORE_SPEC_CTRL_CLOBBER save_reg=%r13d
+
RESTORE_CR3 scratch_reg=%r15 save_reg=%r14
testl %ebx, %ebx /* swapgs needed? */
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
index 08425c42f8b7..93233a13f4c5 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -14,6 +14,7 @@
#include <asm/irqflags.h>
#include <asm/asm.h>
#include <asm/smap.h>
+#include <asm/nospec-branch.h>
#include <linux/linkage.h>
#include <linux/err.h>
@@ -55,6 +56,7 @@ ENTRY(entry_SYSENTER_compat)
movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
+ ENABLE_SPEC_CTRL
/*
* User tracing code (ptrace or signal handlers) might assume that
* the saved RAX contains a 32-bit number when we're invoking a 32-bit
@@ -140,6 +142,7 @@ ENTRY(entry_SYSENTER_compat)
/* XEN PV guests always use IRET path */
ALTERNATIVE "testl %eax, %eax; jz .Lsyscall_32_done", \
"jmp .Lsyscall_32_done", X86_FEATURE_XENPV
+ DISABLE_SPEC_CTRL
jmp sysret32_from_system_call
.Lsysenter_fix_flags:
@@ -244,6 +247,7 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe)
pushq $0 /* pt_regs->r15 = 0 */
xorl %r15d, %r15d /* nospec r15 */
+ ENABLE_SPEC_CTRL
/*
* User mode is traced as though IRQs are on, and SYSENTER
* turned them off.
@@ -259,6 +263,7 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe)
/* Opportunistic SYSRET */
sysret32_from_system_call:
TRACE_IRQS_ON /* User mode traces as IRQs on. */
+ DISABLE_SPEC_CTRL
movq RBX(%rsp), %rbx /* pt_regs->rbx */
movq RBP(%rsp), %rbp /* pt_regs->rbp */
movq EFLAGS(%rsp), %r11 /* pt_regs->flags (in r11) */
@@ -390,6 +395,8 @@ ENTRY(entry_INT80_compat)
xorl %r15d, %r15d /* nospec r15 */
cld
+ ENABLE_SPEC_CTRL_CLOBBER
+
/*
* User mode is traced as though IRQs are on, and the interrupt
* gate turned them off.
--
2.14.3
reply other threads:[~2018-04-18 14:15 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180413022657.613792722@localhost.localdomain \
--to=konrad.wilk@oracle.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.