From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from userp2130.oracle.com ([156.151.31.86]) by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1f8ns8-0002bl-NQ for speck@linutronix.de; Wed, 18 Apr 2018 16:15:46 +0200 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w3IEBfux093795 for ; Wed, 18 Apr 2018 14:15:38 GMT Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp2130.oracle.com with ESMTP id 2hdrxntum0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 18 Apr 2018 14:15:38 +0000 Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w3IEFbEV012962 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 18 Apr 2018 14:15:37 GMT Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w3IEFbfa003551 for ; Wed, 18 Apr 2018 14:15:37 GMT Message-Id: <20180413022657.613792722@localhost.localdomain> Date: Thu, 12 Apr 2018 22:26:56 -0400 From: konrad.wilk@oracle.com Subject: [MODERATED] [patch 7/8] [PATCH v1.3.1 7/7] Linux Patch 7 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: All of the entry points to the kernel call the SPEC_CTRL macro. The macro itself is alternative assembly and is nop by default. This only gets enabled if the user boots Linux with mdd=userspace at which point we will utilize the SPEC_CTRL MSR to enable memory disambiguation when entering the kernel. And when exiting to userspace we _disable_ memory disambiguation. Signed-off-by: Konrad Rzeszutek Wilk --- v3: s/md/mdd/ - Expand the commit --- arch/x86/entry/entry_64.S | 14 +++++++++++++- arch/x86/entry/entry_64_compat.S | 7 +++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index 18ed349b4f83..b414c226d9b2 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -230,6 +230,8 @@ GLOBAL(entry_SYSCALL_64_after_hwframe) PUSH_AND_CLEAR_REGS rax=$-ENOSYS + ENABLE_SPEC_CTRL + TRACE_IRQS_OFF /* IRQs are off. */ @@ -305,6 +307,7 @@ GLOBAL(entry_SYSCALL_64_after_hwframe) * perf profiles. Nothing jumps here. */ syscall_return_via_sysret: + DISABLE_SPEC_CTRL /* rcx and r11 are already restored (see code above) */ UNWIND_HINT_EMPTY POP_REGS pop_rdi=0 skip_r11rcx=1 @@ -591,6 +594,8 @@ ENTRY(interrupt_entry) UNWIND_HINT_FUNC movq (%rdi), %rdi + + ENABLE_SPEC_CTRL 1: PUSH_AND_CLEAR_REGS save_ret=1 @@ -660,6 +665,7 @@ GLOBAL(swapgs_restore_regs_and_return_to_usermode) #endif POP_REGS pop_rdi=0 + DISABLE_SPEC_CTRL /* * The stack is now user RDI, orig_ax, RIP, CS, EFLAGS, RSP, SS. * Save old stack pointer and switch to trampoline stack. @@ -1178,6 +1184,7 @@ ENTRY(paranoid_entry) 1: SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg=%rax save_reg=%r14 + ENABLE_SPEC_CTRL_SAVE_N_CLOBBER save_reg=%r13d ret END(paranoid_entry) @@ -1201,6 +1208,7 @@ ENTRY(paranoid_exit) testl %ebx, %ebx /* swapgs needed? */ jnz .Lparanoid_exit_no_swapgs TRACE_IRQS_IRETQ + RESTORE_SPEC_CTRL_CLOBBER save_reg=%r13d RESTORE_CR3 scratch_reg=%rbx save_reg=%r14 SWAPGS_UNSAFE_STACK jmp .Lparanoid_exit_restore @@ -1230,6 +1238,7 @@ ENTRY(error_entry) SWAPGS /* We have user CR3. Change to kernel CR3. */ SWITCH_TO_KERNEL_CR3 scratch_reg=%rax + ENABLE_SPEC_CTRL_CLOBBER .Lerror_entry_from_usermode_after_swapgs: /* Put us onto the real thread stack. */ @@ -1291,7 +1300,7 @@ ENTRY(error_entry) */ SWAPGS SWITCH_TO_KERNEL_CR3 scratch_reg=%rax - + ENABLE_SPEC_CTRL /* * Pretend that the exception came from user mode: set up pt_regs * as if we faulted immediately after IRET and clear EBX so that @@ -1392,6 +1401,7 @@ ENTRY(nmi) SWITCH_TO_KERNEL_CR3 scratch_reg=%rdx movq %rsp, %rdx movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp + ENABLE_SPEC_CTRL UNWIND_HINT_IRET_REGS base=%rdx offset=8 pushq 5*8(%rdx) /* pt_regs->ss */ pushq 4*8(%rdx) /* pt_regs->rsp */ @@ -1626,6 +1636,8 @@ end_repeat_nmi: movq $-1, %rsi call do_nmi + RESTORE_SPEC_CTRL_CLOBBER save_reg=%r13d + RESTORE_CR3 scratch_reg=%r15 save_reg=%r14 testl %ebx, %ebx /* swapgs needed? */ diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S index 08425c42f8b7..93233a13f4c5 100644 --- a/arch/x86/entry/entry_64_compat.S +++ b/arch/x86/entry/entry_64_compat.S @@ -14,6 +14,7 @@ #include #include #include +#include #include #include @@ -55,6 +56,7 @@ ENTRY(entry_SYSENTER_compat) movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp + ENABLE_SPEC_CTRL /* * User tracing code (ptrace or signal handlers) might assume that * the saved RAX contains a 32-bit number when we're invoking a 32-bit @@ -140,6 +142,7 @@ ENTRY(entry_SYSENTER_compat) /* XEN PV guests always use IRET path */ ALTERNATIVE "testl %eax, %eax; jz .Lsyscall_32_done", \ "jmp .Lsyscall_32_done", X86_FEATURE_XENPV + DISABLE_SPEC_CTRL jmp sysret32_from_system_call .Lsysenter_fix_flags: @@ -244,6 +247,7 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe) pushq $0 /* pt_regs->r15 = 0 */ xorl %r15d, %r15d /* nospec r15 */ + ENABLE_SPEC_CTRL /* * User mode is traced as though IRQs are on, and SYSENTER * turned them off. @@ -259,6 +263,7 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe) /* Opportunistic SYSRET */ sysret32_from_system_call: TRACE_IRQS_ON /* User mode traces as IRQs on. */ + DISABLE_SPEC_CTRL movq RBX(%rsp), %rbx /* pt_regs->rbx */ movq RBP(%rsp), %rbp /* pt_regs->rbp */ movq EFLAGS(%rsp), %r11 /* pt_regs->flags (in r11) */ @@ -390,6 +395,8 @@ ENTRY(entry_INT80_compat) xorl %r15d, %r15d /* nospec r15 */ cld + ENABLE_SPEC_CTRL_CLOBBER + /* * User mode is traced as though IRQs are on, and the interrupt * gate turned them off. -- 2.14.3