From: Sohil Mehta <sohil.mehta@intel.com>
To: "H. Peter Anvin" <hpa@zytor.com>,
Dave Hansen <dave.hansen@intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>, <x86@kernel.org>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@alien8.de>
Cc: Jonathan Corbet <corbet@lwn.net>,
Shuah Khan <skhan@linuxfoundation.org>,
Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
"Peter Zijlstra" <peterz@infradead.org>,
Kiryl Shutsemau <kas@kernel.org>,
"Brendan Jackman" <jackmanb@google.com>,
Sean Christopherson <seanjc@google.com>,
"Nam Cao" <namcao@linutronix.de>,
Cedric Xing <cedric.xing@intel.com>,
"Rick Edgecombe" <rick.p.edgecombe@intel.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Tony Luck <tony.luck@intel.com>,
"Alexander Shishkin" <alexander.shishkin@linux.intel.com>,
Maciej Wieczor-Retman <m.wieczorretman@pm.me>,
<linux-doc@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 3/5] x86/vsyscall: Add vsyscall emulation for #GP
Date: Wed, 4 Mar 2026 16:10:22 -0800 [thread overview]
Message-ID: <eeec4ac0-be05-4a4e-a9c7-8716de50cfbb@intel.com> (raw)
In-Reply-To: <3212161f-64b2-4825-8bcc-c36201ab6589@zytor.com>
On 3/3/2026 2:35 PM, H. Peter Anvin wrote:
> Suggest making an introductory paragraph here with the background information,
> instead of mixing it into the rest of the text in a somewhat incoherent manner:
>
I rewrote the whole thing based on your and Dave's input. I added
sections because it was getting a bit wordy.
x86/vsyscall: Restore vsyscall=xonly mode under LASS
Background
----------
The vsyscall page is located in the high/kernel part of the address
space. Prior to LASS, a vsyscall page access from userspace would always
generate a #PF. The kernel emulates the accesses in the #PF handler and
returns the appropriate values to userspace.
Vsyscall emulation has two modes of operation, specified by the
vsyscall={xonly, emulate} kernel command line option. The vsyscall page
is marked as execute-only in XONLY mode or read-execute in EMULATE mode.
XONLY mode is the default and the only one expected to be commonly used.
The EMULATE mode has been deprecated since 2022 and is considered
insecure.
With LASS, a vsyscall page access triggers a #GP instead of a #PF.
Currently, LASS is only enabled when all vsyscall modes are disabled.
LASS with XONLY mode
--------------------
Now add support for LASS specifically with XONLY vsyscall emulation. For
XONLY mode, all that is needed is the faulting RIP, which is trivially
available regardless of the type of fault. Reuse the #PF emulation code
during the #GP when the fault address points to the vsyscall page.
As multiple fault handlers will now be using the emulation code, add a
sanity check to ensure that the fault truly happened in 64-bit user
mode.
LASS with EMULATE mode
----------------------
Supporting vsyscall=emulate with LASS is much harder because the #GP
doesn't provide enough error information (such as PFEC and CR2 as in
case of a #PF). So, complex instruction decoding would be required to
emulate this mode in the #GP handler.
This isn't worth the effort as remaining users of EMULATE mode can be
reasonably assumed to be niche users, who are already trading off
security for compatibility. LASS and vsyscall=emulate will be kept
mutually exclusive for simplicity.
next prev parent reply other threads:[~2026-03-05 0:10 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-19 23:35 [PATCH 0/5] x86: Enable LASS support with vsyscall emulation Sohil Mehta
2026-02-19 23:35 ` [PATCH 1/5] x86/vsyscall: Reorganize the page fault emulation code Sohil Mehta
2026-02-19 23:35 ` [PATCH 2/5] x86/traps: Consolidate user fixups in the #GP handler Sohil Mehta
2026-02-19 23:35 ` [PATCH 3/5] x86/vsyscall: Add vsyscall emulation for #GP Sohil Mehta
2026-03-03 15:51 ` Dave Hansen
2026-03-03 21:20 ` Sohil Mehta
2026-03-03 22:35 ` H. Peter Anvin
2026-03-05 0:10 ` Sohil Mehta [this message]
2026-03-05 1:45 ` Dave Hansen
2026-03-05 6:31 ` H. Peter Anvin
2026-03-05 7:56 ` Sohil Mehta
2026-03-05 6:32 ` H. Peter Anvin
2026-02-19 23:35 ` [PATCH 4/5] x86/vsyscall: Disable LASS if vsyscall mode is set to EMULATE Sohil Mehta
2026-03-03 16:33 ` Dave Hansen
2026-02-19 23:36 ` [PATCH 5/5] x86/cpu: Remove LASS restriction on vsyscall emulation Sohil Mehta
2026-03-03 16:37 ` Dave Hansen
2026-03-03 16:27 ` [PATCH 0/5] x86: Enable LASS support with " Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eeec4ac0-be05-4a4e-a9c7-8716de50cfbb@intel.com \
--to=sohil.mehta@intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jackmanb@google.com \
--cc=kas@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=m.wieczorretman@pm.me \
--cc=mingo@redhat.com \
--cc=namcao@linutronix.de \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=skhan@linuxfoundation.org \
--cc=tglx@kernel.org \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox