From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xin Li <xin3.li@intel.com>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-edac@vger.kernel.org, linux-hyperv@vger.kernel.org,
kvm@vger.kernel.org, xen-devel@lists.xenproject.org
Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
luto@kernel.org, pbonzini@redhat.com, seanjc@google.com,
peterz@infradead.org, jgross@suse.com, ravi.v.shankar@intel.com,
mhiramat@kernel.org, jiangshanlai@gmail.com,
nik.borisov@suse.com, shan.kang@intel.com
Subject: Re: [PATCH v13 26/35] x86/fred: FRED entry/exit and dispatch code
Date: Tue, 5 Dec 2023 12:25:25 +0000 [thread overview]
Message-ID: <f260ddf9-be67-48e0-8121-6f58d46f7978@citrix.com> (raw)
In-Reply-To: <20231205105030.8698-27-xin3.li@intel.com>
On 05/12/2023 10:50 am, Xin Li wrote:
> diff --git a/arch/x86/entry/entry_fred.c b/arch/x86/entry/entry_fred.c
> new file mode 100644
> index 000000000000..215883e90f94
> --- /dev/null
> +++ b/arch/x86/entry/entry_fred.c
> @@ -0,0 +1,230 @@
> ...
> +static noinstr void fred_intx(struct pt_regs *regs)
> +{
> + switch (regs->fred_ss.vector) {
> + /* INT0 */
INTO (for overflow), not INT-zero. However...
> + case X86_TRAP_OF:
> + exc_overflow(regs);
> + return;
> +
> + /* INT3 */
> + case X86_TRAP_BP:
> + exc_int3(regs);
> + return;
... neither OF nor BP will ever enter fred_intx() because they're type
SWEXC not SWINT.
SWINT is strictly the INT $imm8 instruction.
> ...
> +static noinstr void fred_extint(struct pt_regs *regs)
> +{
> + unsigned int vector = regs->fred_ss.vector;
> +
> + if (WARN_ON_ONCE(vector < FIRST_EXTERNAL_VECTOR))
> + return;
> +
> + if (likely(vector >= FIRST_SYSTEM_VECTOR)) {
> + irqentry_state_t state = irqentry_enter(regs);
> +
> + instrumentation_begin();
> + sysvec_table[vector - FIRST_SYSTEM_VECTOR](regs);
array_index_mask_nospec()
This is easy for an attacker to abuse, to install non-function-pointer
targets into the indirect predictor.
> + instrumentation_end();
> + irqentry_exit(regs, state);
> + } else {
> + common_interrupt(regs, vector);
> + }
> +}
> +
> +static noinstr void fred_exception(struct pt_regs *regs, unsigned long error_code)
> +{
> + /* Optimize for #PF. That's the only exception which matters performance wise */
> + if (likely(regs->fred_ss.vector == X86_TRAP_PF)) {
> + exc_page_fault(regs, error_code);
> + return;
> + }
> +
> + switch (regs->fred_ss.vector) {
> + case X86_TRAP_DE: return exc_divide_error(regs);
> + case X86_TRAP_DB: return fred_exc_debug(regs);
> + case X86_TRAP_BP: return exc_int3(regs);
> + case X86_TRAP_OF: return exc_overflow(regs);
Depending on what you want to do with BP/OF vs fred_intx(), this may
need adjusting.
If you are cross-checking type and vector, then these should be rejected
for not being of type HWEXC.
> + case X86_TRAP_BR: return exc_bounds(regs);
> + case X86_TRAP_UD: return exc_invalid_op(regs);
> + case X86_TRAP_NM: return exc_device_not_available(regs);
> + case X86_TRAP_DF: return exc_double_fault(regs, error_code);
> + case X86_TRAP_TS: return exc_invalid_tss(regs, error_code);
> + case X86_TRAP_NP: return exc_segment_not_present(regs, error_code);
> + case X86_TRAP_SS: return exc_stack_segment(regs, error_code);
> + case X86_TRAP_GP: return exc_general_protection(regs, error_code);
> + case X86_TRAP_MF: return exc_coprocessor_error(regs);
> + case X86_TRAP_AC: return exc_alignment_check(regs, error_code);
> + case X86_TRAP_XF: return exc_simd_coprocessor_error(regs);
> +
> +#ifdef CONFIG_X86_MCE
> + case X86_TRAP_MC: return fred_exc_machine_check(regs);
> +#endif
> +#ifdef CONFIG_INTEL_TDX_GUEST
> + case X86_TRAP_VE: return exc_virtualization_exception(regs);
> +#endif
> +#ifdef CONFIG_X86_KERNEL_IBT
CONFIG_X86_CET
Userspace can use CET even if the kernel isn't compiled with IBT, so
this exception needs handling.
> + case X86_TRAP_CP: return exc_control_protection(regs, error_code);
> +#endif
> + default: return fred_bad_type(regs, error_code);
> + }
> +}
> +
> +__visible noinstr void fred_entry_from_user(struct pt_regs *regs)
> +{
> + unsigned long error_code = regs->orig_ax;
> +
> + /* Invalidate orig_ax so that syscall_get_nr() works correctly */
> + regs->orig_ax = -1;
> +
> + switch (regs->fred_ss.type) {
> + case EVENT_TYPE_EXTINT:
> + return fred_extint(regs);
> + case EVENT_TYPE_NMI:
> + return fred_exc_nmi(regs);
> + case EVENT_TYPE_SWINT:
> + return fred_intx(regs);
> + case EVENT_TYPE_HWEXC:
> + case EVENT_TYPE_SWEXC:
> + case EVENT_TYPE_PRIV_SWEXC:
> + return fred_exception(regs, error_code);
PRIV_SWEXC should have it's own function and not fall into fred_exception().
It is strictly only the ICEBP (INT1) instruction at the moment, so
should fall into bad_type() for any vector other than X86_TRAP_DB.
> + case EVENT_TYPE_OTHER:
> + return fred_other(regs);
> + default:
> + return fred_bad_type(regs, error_code);
> + }
> +}
~Andrew
next prev parent reply other threads:[~2023-12-05 12:25 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-05 10:49 [PATCH v13 00/35] x86: enable FRED for x86-64 Xin Li
2023-12-05 10:49 ` [PATCH v13 01/35] x86/cpufeatures,opcode,msr: Add the WRMSRNS instruction support Xin Li
2023-12-11 5:14 ` Masami Hiramatsu
2024-01-02 15:34 ` Borislav Petkov
2024-01-02 22:06 ` Li, Xin3
2024-01-03 11:10 ` Borislav Petkov
2023-12-05 10:49 ` [PATCH v13 02/35] x86/entry: Remove idtentry_sysvec from entry_{32,64}.S Xin Li
2023-12-05 10:49 ` [PATCH v13 03/35] x86/trapnr: Add event type macros to <asm/trapnr.h> Xin Li
2023-12-05 10:49 ` [PATCH v13 04/35] Documentation/x86/64: Add a documentation for FRED Xin Li
2023-12-05 10:49 ` [PATCH v13 05/35] x86/fred: Add Kconfig option for FRED (CONFIG_X86_FRED) Xin Li
2023-12-05 10:49 ` [PATCH v13 06/35] x86/cpufeatures: Add the CPU feature bit for FRED Xin Li
2023-12-05 10:49 ` [PATCH v13 07/35] x86/fred: Disable FRED support if CONFIG_X86_FRED is disabled Xin Li
2024-01-22 13:08 ` Borislav Petkov
2023-12-05 10:49 ` [PATCH v13 08/35] x86/fred: Disable FRED by default in its early stage Xin Li
2024-01-22 13:19 ` Borislav Petkov
2023-12-05 10:49 ` [PATCH v13 09/35] x86/opcode: Add ERET[US] instructions to the x86 opcode map Xin Li
2023-12-05 10:49 ` [PATCH v13 10/35] x86/objtool: Teach objtool about ERET[US] Xin Li
2023-12-05 10:50 ` [PATCH v13 11/35] x86/cpu: Add X86_CR4_FRED macro Xin Li
2023-12-05 10:50 ` [PATCH v13 12/35] x86/cpu: Add MSR numbers for FRED configuration Xin Li
2023-12-05 10:50 ` [PATCH v13 13/35] x86/ptrace: Cleanup the definition of the pt_regs structure Xin Li
2023-12-05 10:50 ` [PATCH v13 14/35] x86/ptrace: Add FRED additional information to " Xin Li
2023-12-05 10:50 ` [PATCH v13 15/35] x86/fred: Add a new header file for FRED definitions Xin Li
2023-12-05 10:50 ` [PATCH v13 16/35] x86/fred: Reserve space for the FRED stack frame Xin Li
2023-12-05 10:50 ` [PATCH v13 17/35] x86/fred: Update MSR_IA32_FRED_RSP0 during task switch Xin Li
2023-12-05 10:50 ` [PATCH v13 18/35] x86/fred: Disallow the swapgs instruction when FRED is enabled Xin Li
2023-12-05 10:50 ` [PATCH v13 19/35] x86/fred: No ESPFIX needed " Xin Li
2023-12-05 10:50 ` [PATCH v13 20/35] x86/fred: Allow single-step trap and NMI when starting a new task Xin Li
2023-12-05 10:50 ` [PATCH v13 21/35] x86/fred: Make exc_page_fault() work for FRED Xin Li
2023-12-05 10:50 ` [PATCH v13 22/35] x86/idtentry: Incorporate definitions/declarations of the FRED entries Xin Li
2023-12-05 10:50 ` [PATCH v13 23/35] x86/fred: Add a debug fault entry stub for FRED Xin Li
2023-12-05 10:50 ` [PATCH v13 24/35] x86/fred: Add a NMI " Xin Li
2023-12-15 1:51 ` H. Peter Anvin
2023-12-15 18:37 ` Li, Xin3
2023-12-16 6:31 ` [PATCH v13A " Xin Li
2023-12-05 10:50 ` [PATCH v13 25/35] x86/fred: Add a machine check " Xin Li
2023-12-05 10:50 ` [PATCH v13 26/35] x86/fred: FRED entry/exit and dispatch code Xin Li
2023-12-05 12:25 ` Andrew Cooper [this message]
2023-12-05 19:03 ` Li, Xin3
2023-12-06 7:45 ` Li, Xin3
2023-12-06 14:11 ` Andrew Cooper
2023-12-06 19:19 ` Li, Xin3
2023-12-06 19:26 ` H. Peter Anvin
2023-12-06 19:58 ` Brian Gerst
2023-12-07 9:43 ` Li, Xin3
2023-12-09 21:42 ` [PATCH v13A " Xin Li
2024-01-26 10:05 ` Borislav Petkov
2023-12-05 10:50 ` [PATCH v13 27/35] x86/traps: Add sysvec_install() to install a system interrupt handler Xin Li
2023-12-05 10:50 ` [PATCH v13 28/35] x86/fred: Let ret_from_fork_asm() jmp to asm_fred_exit_user when FRED is enabled Xin Li
2023-12-05 10:50 ` [PATCH v13 29/35] x86/fred: Fixup fault on ERETU by jumping to fred_entrypoint_user Xin Li
2023-12-05 10:50 ` [PATCH v13 30/35] x86/entry/calling: Allow PUSH_AND_CLEAR_REGS being used beyond actual entry code Xin Li
2023-12-05 10:50 ` [PATCH v13 31/35] x86/entry: Add fred_entry_from_kvm() for VMX to handle IRQ/NMI Xin Li
2023-12-05 10:50 ` [PATCH v13 32/35] KVM: VMX: Call fred_entry_from_kvm() for IRQ/NMI handling Xin Li
2023-12-05 10:50 ` [PATCH v13 33/35] x86/syscall: Split IDT syscall setup code into idt_syscall_init() Xin Li
2023-12-05 10:50 ` [PATCH v13 34/35] x86/fred: Add FRED initialization functions Xin Li
2023-12-05 10:50 ` [PATCH v13 35/35] x86/fred: Invoke FRED initialization code to enable FRED Xin Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f260ddf9-be67-48e0-8121-6f58d46f7978@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=jiangshanlai@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-edac@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=seanjc@google.com \
--cc=shan.kang@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
--cc=xin3.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).