From: Sohil Mehta <sohil.mehta@intel.com>
To: x86@kernel.org, Dave Hansen <dave.hansen@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>
Cc: Jonathan Corbet <corbet@lwn.net>,
"H . Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Ard Biesheuvel <ardb@kernel.org>,
"Kirill A . Shutemov" <kas@kernel.org>,
Sohil Mehta <sohil.mehta@intel.com>, Xin Li <xin@zytor.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Sean Christopherson <seanjc@google.com>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Vegard Nossum <vegard.nossum@oracle.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
David Laight <david.laight.linux@gmail.com>,
Randy Dunlap <rdunlap@infradead.org>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Kees Cook <kees@kernel.org>, Tony Luck <tony.luck@intel.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-efi@vger.kernel.org
Subject: [PATCH v10 10/15] x86/vsyscall: Add vsyscall emulation for #GP
Date: Mon, 6 Oct 2025 23:51:14 -0700 [thread overview]
Message-ID: <20251007065119.148605-11-sohil.mehta@intel.com> (raw)
In-Reply-To: <20251007065119.148605-1-sohil.mehta@intel.com>
The legacy vsyscall page is mapped at a fixed address in the kernel
address range 0xffffffffff600000-0xffffffffff601000. Prior to LASS, a
vsyscall page access from userspace would always generate a #PF. The
kernel emulates the execute (XONLY) accesses in the #PF handler and
returns the appropriate values to userspace.
With LASS, these accesses are intercepted before the paging structures
are traversed triggering a #GP instead of a #PF. However, the #GP
doesn't provide much information in terms of the error code.
Emulate the vsyscall access without going through complex instruction
decoding. Use the faulting RIP which is preserved in the user registers
to determine if the #GP was triggered due to a vsyscall access.
Signed-off-by: Sohil Mehta <sohil.mehta@intel.com>
---
v10:
- No change.
---
arch/x86/entry/vsyscall/vsyscall_64.c | 14 +++++++++++++-
arch/x86/include/asm/vsyscall.h | 6 ++++++
arch/x86/kernel/traps.c | 4 ++++
3 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c
index 4c3f49bf39e6..ff319d7e778c 100644
--- a/arch/x86/entry/vsyscall/vsyscall_64.c
+++ b/arch/x86/entry/vsyscall/vsyscall_64.c
@@ -23,7 +23,7 @@
* soon be no new userspace code that will ever use a vsyscall.
*
* The code in this file emulates vsyscalls when notified of a page
- * fault to a vsyscall address.
+ * fault or a general protection fault to a vsyscall address.
*/
#include <linux/kernel.h>
@@ -282,6 +282,18 @@ bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs,
return __emulate_vsyscall(regs, address);
}
+bool emulate_vsyscall_gp(struct pt_regs *regs)
+{
+ if (!cpu_feature_enabled(X86_FEATURE_LASS))
+ return false;
+
+ /* Emulate only if the RIP points to the vsyscall address */
+ if (!is_vsyscall_vaddr(regs->ip))
+ return false;
+
+ return __emulate_vsyscall(regs, regs->ip);
+}
+
/*
* A pseudo VMA to allow ptrace access for the vsyscall page. This only
* covers the 64bit vsyscall page now. 32bit has a real VMA now and does
diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscall.h
index f34902364972..538053b1656a 100644
--- a/arch/x86/include/asm/vsyscall.h
+++ b/arch/x86/include/asm/vsyscall.h
@@ -15,6 +15,7 @@ extern void set_vsyscall_pgtable_user_bits(pgd_t *root);
* Returns true if handled.
*/
bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs, unsigned long address);
+bool emulate_vsyscall_gp(struct pt_regs *regs);
#else
static inline void map_vsyscall(void) {}
static inline bool emulate_vsyscall_pf(unsigned long error_code,
@@ -22,6 +23,11 @@ static inline bool emulate_vsyscall_pf(unsigned long error_code,
{
return false;
}
+
+static inline bool emulate_vsyscall_gp(struct pt_regs *regs)
+{
+ return false;
+}
#endif
/*
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 25b45193eb19..59bfbdf0a1a0 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -69,6 +69,7 @@
#include <asm/tdx.h>
#include <asm/cfi.h>
#include <asm/msr.h>
+#include <asm/vsyscall.h>
#ifdef CONFIG_X86_64
#include <asm/x86_init.h>
@@ -817,6 +818,9 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection)
if (fixup_umip_exception(regs))
goto exit;
+ if (emulate_vsyscall_gp(regs))
+ goto exit;
+
gp_user_force_sig_segv(regs, X86_TRAP_GP, error_code, desc);
goto exit;
}
--
2.43.0
next prev parent reply other threads:[~2025-10-07 6:54 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-07 6:51 [PATCH v10 00/15] x86: Enable Linear Address Space Separation support Sohil Mehta
2025-10-07 6:51 ` [PATCH v10 01/15] x86/cpu: Enumerate the LASS feature bits Sohil Mehta
2025-10-07 18:19 ` Edgecombe, Rick P
2025-10-07 18:28 ` Dave Hansen
2025-10-07 20:20 ` Sohil Mehta
2025-10-07 20:38 ` Edgecombe, Rick P
2025-10-07 20:53 ` Sohil Mehta
2025-10-16 3:10 ` H. Peter Anvin
2025-10-07 20:49 ` Sohil Mehta
2025-10-07 23:16 ` Xin Li
2025-10-08 16:00 ` Edgecombe, Rick P
2025-10-16 15:35 ` Borislav Petkov
2025-10-21 18:03 ` Sohil Mehta
2025-10-07 6:51 ` [PATCH v10 02/15] x86/asm: Introduce inline memcpy and memset Sohil Mehta
2025-10-21 12:47 ` Borislav Petkov
2025-10-21 13:48 ` David Laight
2025-10-21 18:06 ` Sohil Mehta
2025-10-07 6:51 ` [PATCH v10 03/15] x86/alternatives: Disable LASS when patching kernel alternatives Sohil Mehta
2025-10-07 16:55 ` Edgecombe, Rick P
2025-10-07 22:28 ` Sohil Mehta
2025-10-08 16:22 ` Edgecombe, Rick P
2025-10-10 17:10 ` Sohil Mehta
2025-10-21 20:03 ` Borislav Petkov
2025-10-21 20:55 ` Sohil Mehta
2025-10-22 9:56 ` Borislav Petkov
2025-10-22 19:49 ` Sohil Mehta
2025-10-22 20:03 ` Luck, Tony
2025-10-22 8:25 ` Peter Zijlstra
2025-10-22 9:40 ` Borislav Petkov
2025-10-22 10:22 ` Peter Zijlstra
2025-10-22 10:52 ` Borislav Petkov
2025-10-07 6:51 ` [PATCH v10 04/15] x86/cpu: Set LASS CR4 bit as pinning sensitive Sohil Mehta
2025-10-07 18:24 ` Edgecombe, Rick P
2025-10-07 23:11 ` Sohil Mehta
2025-10-08 16:52 ` Edgecombe, Rick P
2025-10-10 19:03 ` Sohil Mehta
2025-10-07 6:51 ` [PATCH v10 05/15] x86/cpu: Defer CR pinning enforcement until late_initcall() Sohil Mehta
2025-10-07 17:23 ` Edgecombe, Rick P
2025-10-07 23:05 ` Sohil Mehta
2025-10-08 17:36 ` Edgecombe, Rick P
2025-10-10 20:45 ` Sohil Mehta
2025-10-15 21:17 ` Sohil Mehta
2025-10-17 19:28 ` Sohil Mehta
2025-10-07 6:51 ` [PATCH v10 06/15] x86/efi: Disable LASS while mapping the EFI runtime services Sohil Mehta
2025-10-07 6:51 ` [PATCH v10 07/15] x86/kexec: Disable LASS during relocate kernel Sohil Mehta
2025-10-07 17:43 ` Edgecombe, Rick P
2025-10-07 22:33 ` Sohil Mehta
2025-10-07 6:51 ` [PATCH v10 08/15] x86/vsyscall: Reorganize the page fault emulation code Sohil Mehta
2025-10-07 18:37 ` Edgecombe, Rick P
2025-10-07 18:48 ` Dave Hansen
2025-10-07 19:53 ` Edgecombe, Rick P
2025-10-07 22:52 ` Sohil Mehta
2025-10-08 17:42 ` Edgecombe, Rick P
2025-10-30 16:58 ` Andy Lutomirski
2025-10-30 17:22 ` H. Peter Anvin
2025-10-30 17:35 ` Andy Lutomirski
2025-10-30 19:28 ` Sohil Mehta
2025-10-30 21:37 ` David Laight
2025-10-07 6:51 ` [PATCH v10 09/15] x86/traps: Consolidate user fixups in exc_general_protection() Sohil Mehta
2025-10-07 17:46 ` Edgecombe, Rick P
2025-10-07 22:41 ` Sohil Mehta
2025-10-08 17:43 ` Edgecombe, Rick P
2025-10-07 6:51 ` Sohil Mehta [this message]
2025-10-07 6:51 ` [PATCH v10 11/15] x86/vsyscall: Disable LASS if vsyscall mode is set to EMULATE Sohil Mehta
2025-10-07 18:43 ` Edgecombe, Rick P
2025-10-07 6:51 ` [PATCH v10 12/15] x86/traps: Communicate a LASS violation in #GP message Sohil Mehta
2025-10-07 18:07 ` Edgecombe, Rick P
2025-10-07 6:51 ` [PATCH v10 13/15] x86/traps: Generalize #GP address decode and hint code Sohil Mehta
2025-10-07 18:43 ` Edgecombe, Rick P
2025-10-07 6:51 ` [PATCH v10 14/15] x86/traps: Provide additional hints for a kernel stack segment fault Sohil Mehta
2025-10-07 6:51 ` [PATCH v10 15/15] x86/cpu: Enable LASS by default during CPU initialization Sohil Mehta
2025-10-07 18:42 ` Edgecombe, Rick P
2025-10-07 16:23 ` [PATCH v10 00/15] x86: Enable Linear Address Space Separation support Edgecombe, Rick P
2025-10-17 19:52 ` Sohil Mehta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251007065119.148605-11-sohil.mehta@intel.com \
--to=sohil.mehta@intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=david.laight.linux@gmail.com \
--cc=dwmw@amazon.co.uk \
--cc=geert@linux-m68k.org \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=kas@kernel.org \
--cc=kees@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rdunlap@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=vegard.nossum@oracle.com \
--cc=x86@kernel.org \
--cc=xin@zytor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox