From: Nikolay Borisov <nik.borisov@suse.com>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, mhocko@suse.com, jslaby@suse.cz,
Nikolay Borisov <nik.borisov@suse.com>
Subject: [PATCH v2 3/4] x86/entry: Disable IA32 syscall if ia32_disabled is true
Date: Fri, 9 Jun 2023 14:13:10 +0300 [thread overview]
Message-ID: <20230609111311.4110901-4-nik.borisov@suse.com> (raw)
In-Reply-To: <20230609111311.4110901-1-nik.borisov@suse.com>
First stage of disabling ia32 compat layer is to disable 32bit syscall
entry points. Legacy int 0x80 vector is disabled by zeroing out its gate
descriptor in the idt and the sysenter vector is disabled by re-using
the existing code in case IA32_EMULATION is disabled.
Signed-off-by: Nikolay Borisov <nik.borisov@suse.com>
---
arch/x86/include/asm/desc.h | 1 +
arch/x86/kernel/cpu/common.c | 37 ++++++++++++++++++------------------
arch/x86/kernel/idt.c | 7 +++++++
3 files changed, 27 insertions(+), 18 deletions(-)
diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
index ab97b22ac04a..1182a5b10be9 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -8,6 +8,7 @@
#include <asm/fixmap.h>
#include <asm/irq_vectors.h>
#include <asm/cpu_entry_area.h>
+#include <asm/traps.h>
#include <linux/debug_locks.h>
#include <linux/smp.h>
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index b20774181e1a..3c4055184d0f 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -2053,24 +2053,25 @@ void syscall_init(void)
wrmsr(MSR_STAR, 0, (__USER32_CS << 16) | __KERNEL_CS);
wrmsrl(MSR_LSTAR, (unsigned long)entry_SYSCALL_64);
-#ifdef CONFIG_IA32_EMULATION
- wrmsrl_cstar((unsigned long)entry_SYSCALL_compat);
- /*
- * This only works on Intel CPUs.
- * On AMD CPUs these MSRs are 32-bit, CPU truncates MSR_IA32_SYSENTER_EIP.
- * This does not cause SYSENTER to jump to the wrong location, because
- * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit).
- */
- wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS);
- wrmsrl_safe(MSR_IA32_SYSENTER_ESP,
- (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1));
- wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat);
-#else
- wrmsrl_cstar((unsigned long)entry_SYSCALL32_ignore);
- wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG);
- wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL);
- wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL);
-#endif
+ if ((IS_ENABLED(CONFIG_IA32_EMULATION) && ia32_disabled) ||
+ !IS_ENABLED(CONFIG_IA32_EMULATION)) {
+ wrmsrl_cstar((unsigned long)entry_SYSCALL32_ignore);
+ wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG);
+ wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL);
+ wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL);
+ } else {
+ wrmsrl_cstar((unsigned long)entry_SYSCALL_compat);
+ /*
+ * This only works on Intel CPUs.
+ * On AMD CPUs these MSRs are 32-bit, CPU truncates MSR_IA32_SYSENTER_EIP.
+ * This does not cause SYSENTER to jump to the wrong location, because
+ * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit).
+ */
+ wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS);
+ wrmsrl_safe(MSR_IA32_SYSENTER_ESP,
+ (unsigned long)(cpu_entry_stack(smp_processor_id()) + 1));
+ wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat);
+ }
/*
* Flags to clear on syscall; clear as much as possible
diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c
index a58c6bc1cd68..d1f388ef2e66 100644
--- a/arch/x86/kernel/idt.c
+++ b/arch/x86/kernel/idt.c
@@ -226,6 +226,13 @@ void __init idt_setup_early_traps(void)
void __init idt_setup_traps(void)
{
idt_setup_from_table(idt_table, def_idts, ARRAY_SIZE(def_idts), true);
+
+ if (IS_ENABLED(CONFIG_IA32_EMULATION) && ia32_disabled) {
+ gate_desc null_desc = {};
+ write_idt_entry(idt_table, IA32_SYSCALL_VECTOR, &null_desc);
+ clear_bit(IA32_SYSCALL_VECTOR, system_vectors);
+ }
+
}
#ifdef CONFIG_X86_64
--
2.34.1
next prev parent reply other threads:[~2023-06-09 11:13 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-09 11:13 [PATCH v2 0/4] Make IA32_EMULATION boot time overridable Nikolay Borisov
2023-06-09 11:13 ` [PATCH v2 1/4] x86: Introduce CONFIG_IA32_EMULATION_DEFAULT_DISABLED Kconfig option Nikolay Borisov
2023-06-09 15:06 ` Thomas Gleixner
2023-06-10 2:21 ` Randy Dunlap
2023-06-09 11:13 ` [PATCH v2 2/4] x86/entry: Rename ignore_sysret and compile it unconditionally Nikolay Borisov
2023-06-09 15:08 ` Thomas Gleixner
2023-06-09 11:13 ` Nikolay Borisov [this message]
2023-06-09 15:22 ` [PATCH v2 3/4] x86/entry: Disable IA32 syscall if ia32_disabled is true Thomas Gleixner
2023-06-09 16:03 ` Nikolay Borisov
2023-06-09 16:13 ` Nikolay Borisov
2023-06-10 11:26 ` Thomas Gleixner
2023-06-09 11:13 ` [PATCH v2 4/4] x86: Disable laoding 32bit processes " Nikolay Borisov
2023-06-09 15:26 ` Thomas Gleixner
2023-06-09 16:45 ` Brian Gerst
2023-06-10 21:46 ` [PATCH v2 0/4] Make IA32_EMULATION boot time overridable David Laight
2023-06-11 8:19 ` Nikolay Borisov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230609111311.4110901-4-nik.borisov@suse.com \
--to=nik.borisov@suse.com \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).