License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 08:07:57 -06:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
2008-10-22 23:26:29 -06:00
|
|
|
#ifndef _ASM_X86_PROCESSOR_H
|
|
|
|
|
#define _ASM_X86_PROCESSOR_H
|
2008-01-30 05:31:03 -07:00
|
|
|
|
2008-01-30 05:31:27 -07:00
|
|
|
#include <asm/processor-flags.h>
|
|
|
|
|
|
2008-01-30 05:31:27 -07:00
|
|
|
/* Forward declaration, a strange C thing */
|
|
|
|
|
struct task_struct;
|
|
|
|
|
struct mm_struct;
|
2015-07-28 23:41:16 -06:00
|
|
|
struct vm86;
|
2008-01-30 05:31:27 -07:00
|
|
|
|
2008-01-30 05:31:57 -07:00
|
|
|
#include <asm/math_emu.h>
|
|
|
|
|
#include <asm/segment.h>
|
|
|
|
|
#include <asm/types.h>
|
2015-09-05 01:32:43 -06:00
|
|
|
#include <uapi/asm/sigcontext.h>
|
2008-01-30 05:31:57 -07:00
|
|
|
#include <asm/current.h>
|
2016-01-26 14:12:04 -07:00
|
|
|
#include <asm/cpufeatures.h>
|
2008-01-30 05:31:57 -07:00
|
|
|
#include <asm/page.h>
|
2009-02-11 11:20:05 -07:00
|
|
|
#include <asm/pgtable_types.h>
|
2008-01-30 05:31:33 -07:00
|
|
|
#include <asm/percpu.h>
|
2008-01-30 05:31:57 -07:00
|
|
|
#include <asm/msr.h>
|
|
|
|
|
#include <asm/desc_defs.h>
|
2008-01-30 05:32:38 -07:00
|
|
|
#include <asm/nops.h>
|
2012-03-28 11:11:12 -06:00
|
|
|
#include <asm/special_insns.h>
|
2015-04-22 01:57:24 -06:00
|
|
|
#include <asm/fpu/types.h>
|
2017-07-11 09:33:45 -06:00
|
|
|
#include <asm/unwind_hints.h>
|
2008-02-20 20:24:40 -07:00
|
|
|
|
2008-01-30 05:31:57 -07:00
|
|
|
#include <linux/personality.h>
|
2008-01-30 05:31:33 -07:00
|
|
|
#include <linux/cache.h>
|
2008-01-30 05:31:57 -07:00
|
|
|
#include <linux/threads.h>
|
2009-09-02 03:49:52 -06:00
|
|
|
#include <linux/math64.h>
|
2010-03-25 07:51:50 -06:00
|
|
|
#include <linux/err.h>
|
2012-03-28 11:11:12 -06:00
|
|
|
#include <linux/irqflags.h>
|
2017-07-17 15:10:07 -06:00
|
|
|
#include <linux/mem_encrypt.h>
|
2012-03-28 11:11:12 -06:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We handle most unaligned accesses in hardware. On the other hand
|
|
|
|
|
* unaligned DMA can be quite expensive on some Nehalem processors.
|
|
|
|
|
*
|
|
|
|
|
* Based on this we disable the IP header alignment in network drivers.
|
|
|
|
|
*/
|
|
|
|
|
#define NET_IP_ALIGN 0
|
2008-01-30 05:31:27 -07:00
|
|
|
|
2009-06-01 12:13:10 -06:00
|
|
|
#define HBP_NUM 4
|
2008-01-30 05:31:27 -07:00
|
|
|
|
2015-05-24 01:58:12 -06:00
|
|
|
/*
|
|
|
|
|
* These alignment constraints are for performance in the vSMP case,
|
|
|
|
|
* but in the task_struct case we must also meet hardware imposed
|
|
|
|
|
* alignment requirements of the FPU state:
|
|
|
|
|
*/
|
2008-01-30 05:31:31 -07:00
|
|
|
#ifdef CONFIG_X86_VSMP
|
2008-02-20 20:24:40 -07:00
|
|
|
# define ARCH_MIN_TASKALIGN (1 << INTERNODE_CACHE_SHIFT)
|
|
|
|
|
# define ARCH_MIN_MMSTRUCT_ALIGN (1 << INTERNODE_CACHE_SHIFT)
|
2008-01-30 05:31:31 -07:00
|
|
|
#else
|
2015-05-24 01:58:12 -06:00
|
|
|
# define ARCH_MIN_TASKALIGN __alignof__(union fpregs_state)
|
2008-02-20 20:24:40 -07:00
|
|
|
# define ARCH_MIN_MMSTRUCT_ALIGN 0
|
2008-01-30 05:31:31 -07:00
|
|
|
#endif
|
|
|
|
|
|
x86/tlb_info: get last level TLB entry number of CPU
For 4KB pages, x86 CPU has 2 or 1 level TLB, first level is data TLB and
instruction TLB, second level is shared TLB for both data and instructions.
For hupe page TLB, usually there is just one level and seperated by 2MB/4MB
and 1GB.
Although each levels TLB size is important for performance tuning, but for
genernal and rude optimizing, last level TLB entry number is suitable. And
in fact, last level TLB always has the biggest entry number.
This patch will get the biggest TLB entry number and use it in furture TLB
optimizing.
Accroding Borislav's suggestion, except tlb_ll[i/d]_* array, other
function and data will be released after system boot up.
For all kinds of x86 vendor friendly, vendor specific code was moved to its
specific files.
Signed-off-by: Alex Shi <alex.shi@intel.com>
Link: http://lkml.kernel.org/r/1340845344-27557-2-git-send-email-alex.shi@intel.com
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2012-06-27 19:02:16 -06:00
|
|
|
enum tlb_infos {
|
|
|
|
|
ENTRIES,
|
|
|
|
|
NR_INFO
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
extern u16 __read_mostly tlb_lli_4k[NR_INFO];
|
|
|
|
|
extern u16 __read_mostly tlb_lli_2m[NR_INFO];
|
|
|
|
|
extern u16 __read_mostly tlb_lli_4m[NR_INFO];
|
|
|
|
|
extern u16 __read_mostly tlb_lld_4k[NR_INFO];
|
|
|
|
|
extern u16 __read_mostly tlb_lld_2m[NR_INFO];
|
|
|
|
|
extern u16 __read_mostly tlb_lld_4m[NR_INFO];
|
x86, cpu: Detect more TLB configuration
The Intel Software Developer’s Manual covers few more TLB
configurations exposed as CPUID 2 descriptors:
61H Instruction TLB: 4 KByte pages, fully associative, 48 entries
63H Data TLB: 1 GByte pages, 4-way set associative, 4 entries
76H Instruction TLB: 2M/4M pages, fully associative, 8 entries
B5H Instruction TLB: 4KByte pages, 8-way set associative, 64 entries
B6H Instruction TLB: 4KByte pages, 8-way set associative, 128 entries
C1H Shared 2nd-Level TLB: 4 KByte/2MByte pages, 8-way associative, 1024 entries
C2H DTLB DTLB: 2 MByte/$MByte pages, 4-way associative, 16 entries
Let's detect them as well.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Link: http://lkml.kernel.org/r/1387801018-14499-1-git-send-email-kirill.shutemov@linux.intel.com
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
2013-12-23 05:16:58 -07:00
|
|
|
extern u16 __read_mostly tlb_lld_1g[NR_INFO];
|
2012-06-27 19:02:19 -06:00
|
|
|
|
2008-01-30 05:31:33 -07:00
|
|
|
/*
|
|
|
|
|
* CPU type and hardware bug flags. Kept separately for each CPU.
|
2017-02-12 14:12:07 -07:00
|
|
|
* Members of this structure are referenced in head_32.S, so think twice
|
2008-01-30 05:31:33 -07:00
|
|
|
* before touching them. [mj]
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
struct cpuinfo_x86 {
|
2008-02-20 20:24:40 -07:00
|
|
|
__u8 x86; /* CPU family */
|
|
|
|
|
__u8 x86_vendor; /* CPU vendor */
|
|
|
|
|
__u8 x86_model;
|
2017-12-31 18:52:10 -07:00
|
|
|
__u8 x86_stepping;
|
2017-02-12 14:12:08 -07:00
|
|
|
#ifdef CONFIG_X86_64
|
2008-02-20 20:24:40 -07:00
|
|
|
/* Number of 4K pages in DTLB/ITLB combined(in pages): */
|
2009-01-23 18:18:52 -07:00
|
|
|
int x86_tlbsize;
|
2009-03-12 06:37:34 -06:00
|
|
|
#endif
|
2008-02-20 20:24:40 -07:00
|
|
|
__u8 x86_virt_bits;
|
|
|
|
|
__u8 x86_phys_bits;
|
|
|
|
|
/* CPUID returned core id bits: */
|
|
|
|
|
__u8 x86_coreid_bits;
|
2017-02-05 03:50:21 -07:00
|
|
|
__u8 cu_id;
|
2008-02-20 20:24:40 -07:00
|
|
|
/* Max extended CPUID function supported: */
|
|
|
|
|
__u32 extended_cpuid_level;
|
|
|
|
|
/* Maximum supported CPUID level, -1=no CPUID: */
|
|
|
|
|
int cpuid_level;
|
2013-03-20 08:07:23 -06:00
|
|
|
__u32 x86_capability[NCAPINTS + NBUGINTS];
|
2008-02-20 20:24:40 -07:00
|
|
|
char x86_vendor_id[16];
|
|
|
|
|
char x86_model_id[64];
|
|
|
|
|
/* in KB - valid for CPUS which support this call: */
|
2018-02-13 12:22:08 -07:00
|
|
|
unsigned int x86_cache_size;
|
2008-02-20 20:24:40 -07:00
|
|
|
int x86_cache_alignment; /* In bytes */
|
2015-01-23 11:45:43 -07:00
|
|
|
/* Cache QoS architectural values: */
|
|
|
|
|
int x86_cache_max_rmid; /* max index */
|
|
|
|
|
int x86_cache_occ_scale; /* scale to bytes */
|
2008-02-20 20:24:40 -07:00
|
|
|
int x86_power;
|
|
|
|
|
unsigned long loops_per_jiffy;
|
|
|
|
|
/* cpuid returned max cores value: */
|
|
|
|
|
u16 x86_max_cores;
|
|
|
|
|
u16 apicid;
|
2008-03-06 14:46:39 -07:00
|
|
|
u16 initial_apicid;
|
2008-02-20 20:24:40 -07:00
|
|
|
u16 x86_clflush_size;
|
|
|
|
|
/* number of cores as seen by the OS: */
|
|
|
|
|
u16 booted_cores;
|
|
|
|
|
/* Physical processor id: */
|
|
|
|
|
u16 phys_proc_id;
|
2016-02-22 15:19:15 -07:00
|
|
|
/* Logical processor id: */
|
|
|
|
|
u16 logical_proc_id;
|
2008-02-20 20:24:40 -07:00
|
|
|
/* Core id: */
|
|
|
|
|
u16 cpu_core_id;
|
|
|
|
|
/* Index into per_cpu list: */
|
|
|
|
|
u16 cpu_index;
|
2011-10-12 18:46:33 -06:00
|
|
|
u32 microcode;
|
2018-08-24 11:03:50 -06:00
|
|
|
/* Address space bits used by the cache internally */
|
|
|
|
|
u8 x86_cache_bits;
|
2017-11-14 05:42:56 -07:00
|
|
|
unsigned initialized : 1;
|
2016-10-28 02:22:25 -06:00
|
|
|
} __randomize_layout;
|
2008-01-30 05:31:33 -07:00
|
|
|
|
2016-11-11 02:25:34 -07:00
|
|
|
struct cpuid_regs {
|
|
|
|
|
u32 eax, ebx, ecx, edx;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum cpuid_regs_idx {
|
|
|
|
|
CPUID_EAX = 0,
|
|
|
|
|
CPUID_EBX,
|
|
|
|
|
CPUID_ECX,
|
|
|
|
|
CPUID_EDX,
|
|
|
|
|
};
|
|
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
#define X86_VENDOR_INTEL 0
|
|
|
|
|
#define X86_VENDOR_CYRIX 1
|
|
|
|
|
#define X86_VENDOR_AMD 2
|
|
|
|
|
#define X86_VENDOR_UMC 3
|
|
|
|
|
#define X86_VENDOR_CENTAUR 5
|
|
|
|
|
#define X86_VENDOR_TRANSMETA 7
|
|
|
|
|
#define X86_VENDOR_NSC 8
|
2018-09-23 03:33:12 -06:00
|
|
|
#define X86_VENDOR_HYGON 9
|
|
|
|
|
#define X86_VENDOR_NUM 10
|
2008-02-20 20:24:40 -07:00
|
|
|
|
|
|
|
|
#define X86_VENDOR_UNKNOWN 0xff
|
2008-01-30 05:31:33 -07:00
|
|
|
|
2008-01-30 05:31:39 -07:00
|
|
|
/*
|
|
|
|
|
* capabilities of CPUs
|
|
|
|
|
*/
|
2008-02-20 20:24:40 -07:00
|
|
|
extern struct cpuinfo_x86 boot_cpu_data;
|
|
|
|
|
extern struct cpuinfo_x86 new_cpu_data;
|
|
|
|
|
|
2017-12-04 07:07:17 -07:00
|
|
|
extern struct x86_hw_tss doublefault_tss;
|
2017-12-04 07:07:32 -07:00
|
|
|
extern __u32 cpu_caps_cleared[NCAPINTS + NBUGINTS];
|
|
|
|
|
extern __u32 cpu_caps_set[NCAPINTS + NBUGINTS];
|
2008-01-30 05:31:33 -07:00
|
|
|
|
|
|
|
|
#ifdef CONFIG_SMP
|
2014-11-04 01:26:42 -07:00
|
|
|
DECLARE_PER_CPU_READ_MOSTLY(struct cpuinfo_x86, cpu_info);
|
2008-01-30 05:31:33 -07:00
|
|
|
#define cpu_data(cpu) per_cpu(cpu_info, cpu)
|
|
|
|
|
#else
|
2010-12-18 08:30:05 -07:00
|
|
|
#define cpu_info boot_cpu_data
|
2008-01-30 05:31:33 -07:00
|
|
|
#define cpu_data(cpu) boot_cpu_data
|
|
|
|
|
#endif
|
|
|
|
|
|
2008-07-21 11:10:37 -06:00
|
|
|
extern const struct seq_operations cpuinfo_op;
|
|
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
#define cache_line_size() (boot_cpu_data.x86_cache_alignment)
|
|
|
|
|
|
|
|
|
|
extern void cpu_detect(struct cpuinfo_x86 *c);
|
2008-01-30 05:31:39 -07:00
|
|
|
|
2018-08-20 03:58:35 -06:00
|
|
|
static inline unsigned long long l1tf_pfn_limit(void)
|
2018-06-13 16:48:26 -06:00
|
|
|
{
|
2018-08-24 11:03:50 -06:00
|
|
|
return BIT_ULL(boot_cpu_data.x86_cache_bits - 1 - PAGE_SHIFT);
|
2018-06-13 16:48:26 -06:00
|
|
|
}
|
|
|
|
|
|
2008-06-21 04:24:19 -06:00
|
|
|
extern void early_cpu_init(void);
|
2008-01-30 05:31:39 -07:00
|
|
|
extern void identify_boot_cpu(void);
|
|
|
|
|
extern void identify_secondary_cpu(struct cpuinfo_x86 *);
|
2008-01-30 05:31:33 -07:00
|
|
|
extern void print_cpu_info(struct cpuinfo_x86 *);
|
2012-02-12 10:53:57 -07:00
|
|
|
void print_cpu_msr(struct cpuinfo_x86 *);
|
2008-01-30 05:31:39 -07:00
|
|
|
|
2012-12-21 00:44:23 -07:00
|
|
|
#ifdef CONFIG_X86_32
|
|
|
|
|
extern int have_cpuid_p(void);
|
|
|
|
|
#else
|
|
|
|
|
static inline int have_cpuid_p(void)
|
|
|
|
|
{
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2008-01-30 05:31:03 -07:00
|
|
|
static inline void native_cpuid(unsigned int *eax, unsigned int *ebx,
|
2008-02-20 20:24:40 -07:00
|
|
|
unsigned int *ecx, unsigned int *edx)
|
2008-01-30 05:31:03 -07:00
|
|
|
{
|
|
|
|
|
/* ecx is often an input as well as an output. */
|
2009-12-16 17:25:42 -07:00
|
|
|
asm volatile("cpuid"
|
2008-03-23 02:03:15 -06:00
|
|
|
: "=a" (*eax),
|
|
|
|
|
"=b" (*ebx),
|
|
|
|
|
"=c" (*ecx),
|
|
|
|
|
"=d" (*edx)
|
2011-10-12 18:46:33 -06:00
|
|
|
: "0" (*eax), "2" (*ecx)
|
|
|
|
|
: "memory");
|
2008-01-30 05:31:03 -07:00
|
|
|
}
|
|
|
|
|
|
2017-01-09 04:41:43 -07:00
|
|
|
#define native_cpuid_reg(reg) \
|
|
|
|
|
static inline unsigned int native_cpuid_##reg(unsigned int op) \
|
|
|
|
|
{ \
|
|
|
|
|
unsigned int eax = op, ebx, ecx = 0, edx; \
|
|
|
|
|
\
|
|
|
|
|
native_cpuid(&eax, &ebx, &ecx, &edx); \
|
|
|
|
|
\
|
|
|
|
|
return reg; \
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Native CPUID functions returning a single datum.
|
|
|
|
|
*/
|
|
|
|
|
native_cpuid_reg(eax)
|
|
|
|
|
native_cpuid_reg(ebx)
|
|
|
|
|
native_cpuid_reg(ecx)
|
|
|
|
|
native_cpuid_reg(edx)
|
|
|
|
|
|
2017-06-12 11:26:14 -06:00
|
|
|
/*
|
|
|
|
|
* Friendlier CR3 helpers.
|
|
|
|
|
*/
|
|
|
|
|
static inline unsigned long read_cr3_pa(void)
|
|
|
|
|
{
|
|
|
|
|
return __read_cr3() & CR3_ADDR_MASK;
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-17 15:10:08 -06:00
|
|
|
static inline unsigned long native_read_cr3_pa(void)
|
|
|
|
|
{
|
|
|
|
|
return __native_read_cr3() & CR3_ADDR_MASK;
|
|
|
|
|
}
|
|
|
|
|
|
2008-01-30 05:31:27 -07:00
|
|
|
static inline void load_cr3(pgd_t *pgdir)
|
|
|
|
|
{
|
2017-07-17 15:10:07 -06:00
|
|
|
write_cr3(__sme_pa(pgdir));
|
2008-01-30 05:31:27 -07:00
|
|
|
}
|
2008-01-30 05:31:03 -07:00
|
|
|
|
2017-12-04 07:07:17 -07:00
|
|
|
/*
|
|
|
|
|
* Note that while the legacy 'TSS' name comes from 'Task State Segment',
|
|
|
|
|
* on modern x86 CPUs the TSS also holds information important to 64-bit mode,
|
|
|
|
|
* unrelated to the task-switch mechanism:
|
|
|
|
|
*/
|
2008-01-30 05:31:31 -07:00
|
|
|
#ifdef CONFIG_X86_32
|
|
|
|
|
/* This is the TSS defined by the hardware. */
|
|
|
|
|
struct x86_hw_tss {
|
2008-02-20 20:24:40 -07:00
|
|
|
unsigned short back_link, __blh;
|
|
|
|
|
unsigned long sp0;
|
|
|
|
|
unsigned short ss0, __ss0h;
|
2015-04-02 13:41:45 -06:00
|
|
|
unsigned long sp1;
|
2015-03-10 12:06:00 -06:00
|
|
|
|
|
|
|
|
/*
|
2015-04-02 13:41:45 -06:00
|
|
|
* We don't use ring 1, so ss1 is a convenient scratch space in
|
|
|
|
|
* the same cacheline as sp0. We use ss1 to cache the value in
|
|
|
|
|
* MSR_IA32_SYSENTER_CS. When we context switch
|
|
|
|
|
* MSR_IA32_SYSENTER_CS, we first check if the new value being
|
|
|
|
|
* written matches ss1, and, if it's not, then we wrmsr the new
|
|
|
|
|
* value and update ss1.
|
2015-03-10 12:06:00 -06:00
|
|
|
*
|
2015-04-02 13:41:45 -06:00
|
|
|
* The only reason we context switch MSR_IA32_SYSENTER_CS is
|
|
|
|
|
* that we set it to zero in vm86 tasks to avoid corrupting the
|
|
|
|
|
* stack if we were to go through the sysenter path from vm86
|
|
|
|
|
* mode.
|
2015-03-10 12:06:00 -06:00
|
|
|
*/
|
|
|
|
|
unsigned short ss1; /* MSR_IA32_SYSENTER_CS */
|
|
|
|
|
|
|
|
|
|
unsigned short __ss1h;
|
2008-02-20 20:24:40 -07:00
|
|
|
unsigned long sp2;
|
|
|
|
|
unsigned short ss2, __ss2h;
|
|
|
|
|
unsigned long __cr3;
|
|
|
|
|
unsigned long ip;
|
|
|
|
|
unsigned long flags;
|
|
|
|
|
unsigned long ax;
|
|
|
|
|
unsigned long cx;
|
|
|
|
|
unsigned long dx;
|
|
|
|
|
unsigned long bx;
|
|
|
|
|
unsigned long sp;
|
|
|
|
|
unsigned long bp;
|
|
|
|
|
unsigned long si;
|
|
|
|
|
unsigned long di;
|
|
|
|
|
unsigned short es, __esh;
|
|
|
|
|
unsigned short cs, __csh;
|
|
|
|
|
unsigned short ss, __ssh;
|
|
|
|
|
unsigned short ds, __dsh;
|
|
|
|
|
unsigned short fs, __fsh;
|
|
|
|
|
unsigned short gs, __gsh;
|
|
|
|
|
unsigned short ldt, __ldth;
|
|
|
|
|
unsigned short trace;
|
|
|
|
|
unsigned short io_bitmap_base;
|
|
|
|
|
|
2008-01-30 05:31:31 -07:00
|
|
|
} __attribute__((packed));
|
|
|
|
|
#else
|
|
|
|
|
struct x86_hw_tss {
|
2008-02-20 20:24:40 -07:00
|
|
|
u32 reserved1;
|
|
|
|
|
u64 sp0;
|
2017-12-04 07:07:21 -07:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We store cpu_current_top_of_stack in sp1 so it's always accessible.
|
|
|
|
|
* Linux does not use ring 1, so sp1 is not otherwise needed.
|
|
|
|
|
*/
|
2008-02-20 20:24:40 -07:00
|
|
|
u64 sp1;
|
2017-12-04 07:07:21 -07:00
|
|
|
|
2018-09-03 16:59:43 -06:00
|
|
|
/*
|
|
|
|
|
* Since Linux does not use ring 2, the 'sp2' slot is unused by
|
|
|
|
|
* hardware. entry_SYSCALL_64 uses it as scratch space to stash
|
|
|
|
|
* the user RSP value.
|
|
|
|
|
*/
|
2008-02-20 20:24:40 -07:00
|
|
|
u64 sp2;
|
2018-09-03 16:59:43 -06:00
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
u64 reserved2;
|
|
|
|
|
u64 ist[7];
|
|
|
|
|
u32 reserved3;
|
|
|
|
|
u32 reserved4;
|
|
|
|
|
u16 reserved5;
|
|
|
|
|
u16 io_bitmap_base;
|
|
|
|
|
|
2017-02-20 09:56:13 -07:00
|
|
|
} __attribute__((packed));
|
2008-01-30 05:31:31 -07:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/*
|
2008-02-20 20:24:40 -07:00
|
|
|
* IO-bitmap sizes:
|
2008-01-30 05:31:31 -07:00
|
|
|
*/
|
2008-02-20 20:24:40 -07:00
|
|
|
#define IO_BITMAP_BITS 65536
|
|
|
|
|
#define IO_BITMAP_BYTES (IO_BITMAP_BITS/8)
|
|
|
|
|
#define IO_BITMAP_LONGS (IO_BITMAP_BYTES/sizeof(long))
|
2017-12-04 07:07:17 -07:00
|
|
|
#define IO_BITMAP_OFFSET (offsetof(struct tss_struct, io_bitmap) - offsetof(struct tss_struct, x86_tss))
|
2008-02-20 20:24:40 -07:00
|
|
|
#define INVALID_IO_BITMAP_OFFSET 0x8000
|
2008-01-30 05:31:31 -07:00
|
|
|
|
2017-12-04 18:25:07 -07:00
|
|
|
struct entry_stack {
|
2017-12-04 07:07:28 -07:00
|
|
|
unsigned long words[64];
|
|
|
|
|
};
|
|
|
|
|
|
2017-12-04 18:25:07 -07:00
|
|
|
struct entry_stack_page {
|
|
|
|
|
struct entry_stack stack;
|
2017-12-04 07:07:29 -07:00
|
|
|
} __aligned(PAGE_SIZE);
|
2017-12-04 07:07:19 -07:00
|
|
|
|
2008-01-30 05:31:31 -07:00
|
|
|
struct tss_struct {
|
2008-02-20 20:24:40 -07:00
|
|
|
/*
|
2017-12-04 07:07:19 -07:00
|
|
|
* The fixed hardware portion. This must not cross a page boundary
|
|
|
|
|
* at risk of violating the SDM's advice and potentially triggering
|
|
|
|
|
* errata.
|
2008-02-20 20:24:40 -07:00
|
|
|
*/
|
|
|
|
|
struct x86_hw_tss x86_tss;
|
2008-01-30 05:31:31 -07:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The extra 1 is there because the CPU will access an
|
|
|
|
|
* additional byte beyond the end of the IO permission
|
|
|
|
|
* bitmap. The extra byte must be all 1 bits, and must
|
|
|
|
|
* be within the limit.
|
|
|
|
|
*/
|
2008-02-20 20:24:40 -07:00
|
|
|
unsigned long io_bitmap[IO_BITMAP_LONGS + 1];
|
2017-12-04 07:07:19 -07:00
|
|
|
} __aligned(PAGE_SIZE);
|
2008-02-20 20:24:40 -07:00
|
|
|
|
2017-12-04 07:07:29 -07:00
|
|
|
DECLARE_PER_CPU_PAGE_ALIGNED(struct tss_struct, cpu_tss_rw);
|
2008-01-30 05:31:31 -07:00
|
|
|
|
2017-02-20 09:56:09 -07:00
|
|
|
/*
|
|
|
|
|
* sizeof(unsigned long) coming from an extra "long" at the end
|
|
|
|
|
* of the iobitmap.
|
|
|
|
|
*
|
|
|
|
|
* -1? seg base+limit should be pointing to the address of the
|
|
|
|
|
* last valid byte
|
|
|
|
|
*/
|
|
|
|
|
#define __KERNEL_TSS_LIMIT \
|
|
|
|
|
(IO_BITMAP_OFFSET + IO_BITMAP_BYTES + sizeof(unsigned long) - 1)
|
|
|
|
|
|
2019-04-14 10:00:06 -06:00
|
|
|
/* Per CPU interrupt stacks */
|
|
|
|
|
struct irq_stack {
|
|
|
|
|
char stack[IRQ_STACK_SIZE];
|
|
|
|
|
} __aligned(IRQ_STACK_SIZE);
|
|
|
|
|
|
|
|
|
|
DECLARE_PER_CPU(struct irq_stack *, hardirq_stack_ptr);
|
|
|
|
|
|
2015-03-06 18:50:19 -07:00
|
|
|
#ifdef CONFIG_X86_32
|
|
|
|
|
DECLARE_PER_CPU(unsigned long, cpu_current_top_of_stack);
|
2017-12-04 07:07:21 -07:00
|
|
|
#else
|
2017-12-04 07:07:29 -07:00
|
|
|
/* The RO copy can't be accessed with this_cpu_xyz(), so use the RW copy. */
|
|
|
|
|
#define cpu_current_top_of_stack cpu_tss_rw.x86_tss.sp1
|
2015-03-06 18:50:19 -07:00
|
|
|
#endif
|
|
|
|
|
|
2008-03-03 10:12:56 -07:00
|
|
|
#ifdef CONFIG_X86_64
|
2019-04-14 10:00:06 -06:00
|
|
|
struct fixed_percpu_data {
|
2009-01-18 20:21:28 -07:00
|
|
|
/*
|
|
|
|
|
* GCC hardcodes the stack canary as %gs:40. Since the
|
|
|
|
|
* irq_stack is the object at %gs:0, we reserve the bottom
|
|
|
|
|
* 48 bytes of the irq stack for the canary.
|
|
|
|
|
*/
|
2019-04-14 10:00:06 -06:00
|
|
|
char gs_base[40];
|
|
|
|
|
unsigned long stack_canary;
|
2009-01-18 20:21:28 -07:00
|
|
|
};
|
|
|
|
|
|
2019-04-14 10:00:06 -06:00
|
|
|
DECLARE_PER_CPU_FIRST(struct fixed_percpu_data, fixed_percpu_data) __visible;
|
|
|
|
|
DECLARE_INIT_PER_CPU(fixed_percpu_data);
|
2009-02-08 07:58:39 -07:00
|
|
|
|
2018-03-13 11:48:05 -06:00
|
|
|
static inline unsigned long cpu_kernelmode_gs_base(int cpu)
|
|
|
|
|
{
|
2019-04-14 10:00:06 -06:00
|
|
|
return (unsigned long)per_cpu(fixed_percpu_data.gs_base, cpu);
|
2018-03-13 11:48:05 -06:00
|
|
|
}
|
|
|
|
|
|
2009-03-13 23:49:49 -06:00
|
|
|
DECLARE_PER_CPU(unsigned int, irq_count);
|
|
|
|
|
extern asmlinkage void ignore_sysret(void);
|
2018-03-13 11:48:04 -06:00
|
|
|
|
|
|
|
|
#if IS_ENABLED(CONFIG_KVM)
|
|
|
|
|
/* Save actual FS/GS selectors and bases to current->thread */
|
|
|
|
|
void save_fsgs_for_kvm(void);
|
|
|
|
|
#endif
|
2009-02-09 06:17:40 -07:00
|
|
|
#else /* X86_64 */
|
Kbuild: rename CC_STACKPROTECTOR[_STRONG] config variables
The changes to automatically test for working stack protector compiler
support in the Kconfig files removed the special STACKPROTECTOR_AUTO
option that picked the strongest stack protector that the compiler
supported.
That was all a nice cleanup - it makes no sense to have the AUTO case
now that the Kconfig phase can just determine the compiler support
directly.
HOWEVER.
It also meant that doing "make oldconfig" would now _disable_ the strong
stackprotector if you had AUTO enabled, because in a legacy config file,
the sane stack protector configuration would look like
CONFIG_HAVE_CC_STACKPROTECTOR=y
# CONFIG_CC_STACKPROTECTOR_NONE is not set
# CONFIG_CC_STACKPROTECTOR_REGULAR is not set
# CONFIG_CC_STACKPROTECTOR_STRONG is not set
CONFIG_CC_STACKPROTECTOR_AUTO=y
and when you ran this through "make oldconfig" with the Kbuild changes,
it would ask you about the regular CONFIG_CC_STACKPROTECTOR (that had
been renamed from CONFIG_CC_STACKPROTECTOR_REGULAR to just
CONFIG_CC_STACKPROTECTOR), but it would think that the STRONG version
used to be disabled (because it was really enabled by AUTO), and would
disable it in the new config, resulting in:
CONFIG_HAVE_CC_STACKPROTECTOR=y
CONFIG_CC_HAS_STACKPROTECTOR_NONE=y
CONFIG_CC_STACKPROTECTOR=y
# CONFIG_CC_STACKPROTECTOR_STRONG is not set
CONFIG_CC_HAS_SANE_STACKPROTECTOR=y
That's dangerously subtle - people could suddenly find themselves with
the weaker stack protector setup without even realizing.
The solution here is to just rename not just the old RECULAR stack
protector option, but also the strong one. This does that by just
removing the CC_ prefix entirely for the user choices, because it really
is not about the compiler support (the compiler support now instead
automatially impacts _visibility_ of the options to users).
This results in "make oldconfig" actually asking the user for their
choice, so that we don't have any silent subtle security model changes.
The end result would generally look like this:
CONFIG_HAVE_CC_STACKPROTECTOR=y
CONFIG_CC_HAS_STACKPROTECTOR_NONE=y
CONFIG_STACKPROTECTOR=y
CONFIG_STACKPROTECTOR_STRONG=y
CONFIG_CC_HAS_SANE_STACKPROTECTOR=y
where the "CC_" versions really are about internal compiler
infrastructure, not the user selections.
Acked-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-06-13 21:21:18 -06:00
|
|
|
#ifdef CONFIG_STACKPROTECTOR
|
2009-09-03 13:27:15 -06:00
|
|
|
/*
|
|
|
|
|
* Make sure stack canary segment base is cached-aligned:
|
|
|
|
|
* "For Intel Atom processors, avoid non zero segment base address
|
|
|
|
|
* that is not aligned to cache line boundary at all cost."
|
|
|
|
|
* (Optim Ref Manual Assembly/Compiler Coding Rule 15.)
|
|
|
|
|
*/
|
|
|
|
|
struct stack_canary {
|
|
|
|
|
char __pad[20]; /* canary at %gs:20 */
|
|
|
|
|
unsigned long canary;
|
|
|
|
|
};
|
2009-09-03 15:31:44 -06:00
|
|
|
DECLARE_PER_CPU_ALIGNED(struct stack_canary, stack_canary);
|
2007-10-11 03:20:03 -06:00
|
|
|
#endif
|
2019-04-14 10:00:06 -06:00
|
|
|
/* Per CPU softirq stack pointer */
|
2019-04-14 10:00:01 -06:00
|
|
|
DECLARE_PER_CPU(struct irq_stack *, softirq_stack_ptr);
|
2009-02-09 06:17:40 -07:00
|
|
|
#endif /* X86_64 */
|
2008-01-30 05:31:03 -07:00
|
|
|
|
2016-05-20 11:47:06 -06:00
|
|
|
extern unsigned int fpu_kernel_xstate_size;
|
2016-05-20 11:47:05 -06:00
|
|
|
extern unsigned int fpu_user_xstate_size;
|
2008-01-30 05:31:27 -07:00
|
|
|
|
2009-09-09 11:22:48 -06:00
|
|
|
struct perf_event;
|
|
|
|
|
|
2016-07-14 14:22:57 -06:00
|
|
|
typedef struct {
|
|
|
|
|
unsigned long seg;
|
|
|
|
|
} mm_segment_t;
|
|
|
|
|
|
2008-01-30 05:31:31 -07:00
|
|
|
struct thread_struct {
|
2008-02-20 20:24:40 -07:00
|
|
|
/* Cached TLS descriptors: */
|
|
|
|
|
struct desc_struct tls_array[GDT_ENTRY_TLS_ENTRIES];
|
2017-11-02 01:59:16 -06:00
|
|
|
#ifdef CONFIG_X86_32
|
2008-02-20 20:24:40 -07:00
|
|
|
unsigned long sp0;
|
2017-11-02 01:59:16 -06:00
|
|
|
#endif
|
2008-02-20 20:24:40 -07:00
|
|
|
unsigned long sp;
|
2008-01-30 05:31:31 -07:00
|
|
|
#ifdef CONFIG_X86_32
|
2008-02-20 20:24:40 -07:00
|
|
|
unsigned long sysenter_cs;
|
2008-01-30 05:31:31 -07:00
|
|
|
#else
|
2008-02-20 20:24:40 -07:00
|
|
|
unsigned short es;
|
|
|
|
|
unsigned short ds;
|
|
|
|
|
unsigned short fsindex;
|
|
|
|
|
unsigned short gsindex;
|
2008-01-30 05:31:31 -07:00
|
|
|
#endif
|
2016-09-13 15:29:21 -06:00
|
|
|
|
2009-05-03 17:29:52 -06:00
|
|
|
#ifdef CONFIG_X86_64
|
2016-04-26 13:23:29 -06:00
|
|
|
unsigned long fsbase;
|
|
|
|
|
unsigned long gsbase;
|
|
|
|
|
#else
|
|
|
|
|
/*
|
|
|
|
|
* XXX: this could presumably be unsigned short. Alternatively,
|
|
|
|
|
* 32-bit kernels could be taught to use fsindex instead.
|
|
|
|
|
*/
|
|
|
|
|
unsigned long fs;
|
|
|
|
|
unsigned long gs;
|
2009-05-03 17:29:52 -06:00
|
|
|
#endif
|
2015-04-23 04:49:20 -06:00
|
|
|
|
2009-09-09 11:22:48 -06:00
|
|
|
/* Save middle states of ptrace breakpoints */
|
|
|
|
|
struct perf_event *ptrace_bps[HBP_NUM];
|
|
|
|
|
/* Debug status used for traps, single steps, etc... */
|
|
|
|
|
unsigned long debugreg6;
|
2010-02-18 10:24:18 -07:00
|
|
|
/* Keep track of the exact dr7 value set by the user */
|
|
|
|
|
unsigned long ptrace_dr7;
|
2008-02-20 20:24:40 -07:00
|
|
|
/* Fault info: */
|
|
|
|
|
unsigned long cr2;
|
2012-03-12 03:25:55 -06:00
|
|
|
unsigned long trap_nr;
|
2008-02-20 20:24:40 -07:00
|
|
|
unsigned long error_code;
|
2015-07-28 23:41:16 -06:00
|
|
|
#ifdef CONFIG_VM86
|
2008-02-20 20:24:40 -07:00
|
|
|
/* Virtual 86 mode info */
|
2015-07-28 23:41:16 -06:00
|
|
|
struct vm86 *vm86;
|
2008-01-30 05:31:31 -07:00
|
|
|
#endif
|
2008-02-20 20:24:40 -07:00
|
|
|
/* IO permissions: */
|
|
|
|
|
unsigned long *io_bitmap_ptr;
|
|
|
|
|
unsigned long iopl;
|
|
|
|
|
/* Max allowed port in the bitmap, in bytes: */
|
|
|
|
|
unsigned io_bitmap_max;
|
2015-07-17 04:28:11 -06:00
|
|
|
|
2016-07-14 14:22:57 -06:00
|
|
|
mm_segment_t addr_limit;
|
|
|
|
|
|
2016-07-15 02:21:11 -06:00
|
|
|
unsigned int sig_on_uaccess_err:1;
|
2016-07-14 14:22:56 -06:00
|
|
|
unsigned int uaccess_err:1; /* uaccess failed */
|
|
|
|
|
|
2015-07-17 04:28:11 -06:00
|
|
|
/* Floating point and extended processor state */
|
|
|
|
|
struct fpu fpu;
|
|
|
|
|
/*
|
|
|
|
|
* WARNING: 'fpu' is dynamically-sized. It *MUST* be at
|
|
|
|
|
* the end.
|
|
|
|
|
*/
|
2008-01-30 05:31:31 -07:00
|
|
|
};
|
|
|
|
|
|
2017-08-16 14:26:03 -06:00
|
|
|
/* Whitelist the FPU state from the task_struct for hardened usercopy. */
|
|
|
|
|
static inline void arch_thread_struct_whitelist(unsigned long *offset,
|
|
|
|
|
unsigned long *size)
|
|
|
|
|
{
|
|
|
|
|
*offset = offsetof(struct thread_struct, fpu.state);
|
|
|
|
|
*size = fpu_kernel_xstate_size;
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-13 15:29:21 -06:00
|
|
|
/*
|
|
|
|
|
* Thread-synchronous status.
|
|
|
|
|
*
|
|
|
|
|
* This is different from the flags in that nobody else
|
|
|
|
|
* ever touches our thread-synchronous status, so we don't
|
|
|
|
|
* have to worry about atomic accesses.
|
|
|
|
|
*/
|
|
|
|
|
#define TS_COMPAT 0x0002 /* 32bit syscall active (64BIT)*/
|
|
|
|
|
|
2008-01-30 05:31:27 -07:00
|
|
|
/*
|
|
|
|
|
* Set IOPL bits in EFLAGS from given mask
|
|
|
|
|
*/
|
|
|
|
|
static inline void native_set_iopl_mask(unsigned mask)
|
|
|
|
|
{
|
|
|
|
|
#ifdef CONFIG_X86_32
|
|
|
|
|
unsigned int reg;
|
2008-02-20 20:24:40 -07:00
|
|
|
|
2008-03-23 02:03:15 -06:00
|
|
|
asm volatile ("pushfl;"
|
|
|
|
|
"popl %0;"
|
|
|
|
|
"andl %1, %0;"
|
|
|
|
|
"orl %2, %0;"
|
|
|
|
|
"pushl %0;"
|
|
|
|
|
"popfl"
|
|
|
|
|
: "=&r" (reg)
|
|
|
|
|
: "i" (~X86_EFLAGS_IOPL), "r" (mask));
|
2008-01-30 05:31:27 -07:00
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
static inline void
|
2017-11-02 01:59:10 -06:00
|
|
|
native_load_sp0(unsigned long sp0)
|
2008-01-30 05:31:31 -07:00
|
|
|
{
|
2017-12-04 07:07:29 -07:00
|
|
|
this_cpu_write(cpu_tss_rw.x86_tss.sp0, sp0);
|
2008-01-30 05:31:31 -07:00
|
|
|
}
|
2008-01-30 05:31:27 -07:00
|
|
|
|
2008-01-30 05:32:08 -07:00
|
|
|
static inline void native_swapgs(void)
|
|
|
|
|
{
|
|
|
|
|
#ifdef CONFIG_X86_64
|
|
|
|
|
asm volatile("swapgs" ::: "memory");
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-06 18:50:19 -07:00
|
|
|
static inline unsigned long current_top_of_stack(void)
|
2015-03-05 20:19:02 -07:00
|
|
|
{
|
2017-12-04 07:07:21 -07:00
|
|
|
/*
|
|
|
|
|
* We can't read directly from tss.sp0: sp0 on x86_32 is special in
|
|
|
|
|
* and around vm86 mode and sp0 on x86_64 is special because of the
|
|
|
|
|
* entry trampoline.
|
|
|
|
|
*/
|
2015-03-06 18:50:19 -07:00
|
|
|
return this_cpu_read_stable(cpu_current_top_of_stack);
|
2015-03-05 20:19:02 -07:00
|
|
|
}
|
|
|
|
|
|
2017-11-02 01:59:17 -06:00
|
|
|
static inline bool on_thread_stack(void)
|
|
|
|
|
{
|
|
|
|
|
return (unsigned long)(current_top_of_stack() -
|
|
|
|
|
current_stack_pointer) < THREAD_SIZE;
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-28 01:40:23 -06:00
|
|
|
#ifdef CONFIG_PARAVIRT_XXL
|
2008-01-30 05:31:31 -07:00
|
|
|
#include <asm/paravirt.h>
|
|
|
|
|
#else
|
2008-02-20 20:24:40 -07:00
|
|
|
#define __cpuid native_cpuid
|
2008-01-30 05:31:27 -07:00
|
|
|
|
2017-11-02 01:59:10 -06:00
|
|
|
static inline void load_sp0(unsigned long sp0)
|
2008-01-30 05:31:31 -07:00
|
|
|
{
|
2017-11-02 01:59:10 -06:00
|
|
|
native_load_sp0(sp0);
|
2008-01-30 05:31:31 -07:00
|
|
|
}
|
|
|
|
|
|
2008-01-30 05:31:27 -07:00
|
|
|
#define set_iopl_mask native_set_iopl_mask
|
2018-08-28 01:40:23 -06:00
|
|
|
#endif /* CONFIG_PARAVIRT_XXL */
|
2008-01-30 05:31:27 -07:00
|
|
|
|
2008-01-30 05:31:27 -07:00
|
|
|
/* Free all resources held by a thread. */
|
|
|
|
|
extern void release_thread(struct task_struct *);
|
|
|
|
|
|
|
|
|
|
unsigned long get_wchan(struct task_struct *p);
|
2008-01-30 05:31:03 -07:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Generic CPUID function
|
|
|
|
|
* clear %ecx since some cpus (Cyrix MII) do not set or clear %ecx
|
|
|
|
|
* resulting in stale register contents being returned.
|
|
|
|
|
*/
|
|
|
|
|
static inline void cpuid(unsigned int op,
|
|
|
|
|
unsigned int *eax, unsigned int *ebx,
|
|
|
|
|
unsigned int *ecx, unsigned int *edx)
|
|
|
|
|
{
|
|
|
|
|
*eax = op;
|
|
|
|
|
*ecx = 0;
|
|
|
|
|
__cpuid(eax, ebx, ecx, edx);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Some CPUID calls want 'count' to be placed in ecx */
|
|
|
|
|
static inline void cpuid_count(unsigned int op, int count,
|
|
|
|
|
unsigned int *eax, unsigned int *ebx,
|
|
|
|
|
unsigned int *ecx, unsigned int *edx)
|
|
|
|
|
{
|
|
|
|
|
*eax = op;
|
|
|
|
|
*ecx = count;
|
|
|
|
|
__cpuid(eax, ebx, ecx, edx);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* CPUID functions returning a single datum
|
|
|
|
|
*/
|
|
|
|
|
static inline unsigned int cpuid_eax(unsigned int op)
|
|
|
|
|
{
|
|
|
|
|
unsigned int eax, ebx, ecx, edx;
|
|
|
|
|
|
|
|
|
|
cpuid(op, &eax, &ebx, &ecx, &edx);
|
2008-02-20 20:24:40 -07:00
|
|
|
|
2008-01-30 05:31:03 -07:00
|
|
|
return eax;
|
|
|
|
|
}
|
2008-02-20 20:24:40 -07:00
|
|
|
|
2008-01-30 05:31:03 -07:00
|
|
|
static inline unsigned int cpuid_ebx(unsigned int op)
|
|
|
|
|
{
|
|
|
|
|
unsigned int eax, ebx, ecx, edx;
|
|
|
|
|
|
|
|
|
|
cpuid(op, &eax, &ebx, &ecx, &edx);
|
2008-02-20 20:24:40 -07:00
|
|
|
|
2008-01-30 05:31:03 -07:00
|
|
|
return ebx;
|
|
|
|
|
}
|
2008-02-20 20:24:40 -07:00
|
|
|
|
2008-01-30 05:31:03 -07:00
|
|
|
static inline unsigned int cpuid_ecx(unsigned int op)
|
|
|
|
|
{
|
|
|
|
|
unsigned int eax, ebx, ecx, edx;
|
|
|
|
|
|
|
|
|
|
cpuid(op, &eax, &ebx, &ecx, &edx);
|
2008-02-20 20:24:40 -07:00
|
|
|
|
2008-01-30 05:31:03 -07:00
|
|
|
return ecx;
|
|
|
|
|
}
|
2008-02-20 20:24:40 -07:00
|
|
|
|
2008-01-30 05:31:03 -07:00
|
|
|
static inline unsigned int cpuid_edx(unsigned int op)
|
|
|
|
|
{
|
|
|
|
|
unsigned int eax, ebx, ecx, edx;
|
|
|
|
|
|
|
|
|
|
cpuid(op, &eax, &ebx, &ecx, &edx);
|
2008-02-20 20:24:40 -07:00
|
|
|
|
2008-01-30 05:31:03 -07:00
|
|
|
return edx;
|
|
|
|
|
}
|
|
|
|
|
|
2008-01-30 05:31:27 -07:00
|
|
|
/* REP NOP (PAUSE) is a good thing to insert into busy-wait loops. */
|
2015-09-24 06:02:29 -06:00
|
|
|
static __always_inline void rep_nop(void)
|
2008-01-30 05:31:27 -07:00
|
|
|
{
|
2008-03-23 02:03:15 -06:00
|
|
|
asm volatile("rep; nop" ::: "memory");
|
2008-01-30 05:31:27 -07:00
|
|
|
}
|
|
|
|
|
|
2015-09-24 06:02:29 -06:00
|
|
|
static __always_inline void cpu_relax(void)
|
2008-02-20 20:24:40 -07:00
|
|
|
{
|
|
|
|
|
rep_nop();
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-09 11:24:08 -07:00
|
|
|
/*
|
|
|
|
|
* This function forces the icache and prefetched instruction stream to
|
|
|
|
|
* catch up with reality in two very specific cases:
|
|
|
|
|
*
|
|
|
|
|
* a) Text was modified using one virtual address and is about to be executed
|
|
|
|
|
* from the same physical page at a different virtual address.
|
|
|
|
|
*
|
|
|
|
|
* b) Text was modified on a different CPU, may subsequently be
|
|
|
|
|
* executed on this CPU, and you want to make sure the new version
|
|
|
|
|
* gets executed. This generally means you're calling this in a IPI.
|
|
|
|
|
*
|
|
|
|
|
* If you're calling this for a different reason, you're probably doing
|
|
|
|
|
* it wrong.
|
|
|
|
|
*/
|
2008-01-30 05:31:27 -07:00
|
|
|
static inline void sync_core(void)
|
|
|
|
|
{
|
2012-11-28 12:50:30 -07:00
|
|
|
/*
|
2016-12-09 11:24:08 -07:00
|
|
|
* There are quite a few ways to do this. IRET-to-self is nice
|
|
|
|
|
* because it works on every CPU, at any CPL (so it's compatible
|
|
|
|
|
* with paravirtualization), and it never exits to a hypervisor.
|
|
|
|
|
* The only down sides are that it's a bit slow (it seems to be
|
|
|
|
|
* a bit more than 2x slower than the fastest options) and that
|
|
|
|
|
* it unmasks NMIs. The "push %cs" is needed because, in
|
|
|
|
|
* paravirtual environments, __KERNEL_CS may not be a valid CS
|
|
|
|
|
* value when we do IRET directly.
|
|
|
|
|
*
|
|
|
|
|
* In case NMI unmasking or performance ever becomes a problem,
|
|
|
|
|
* the next best option appears to be MOV-to-CR2 and an
|
|
|
|
|
* unconditional jump. That sequence also works on all CPUs,
|
2017-08-16 11:31:57 -06:00
|
|
|
* but it will fault at CPL3 (i.e. Xen PV).
|
2016-12-09 11:24:08 -07:00
|
|
|
*
|
|
|
|
|
* CPUID is the conventional way, but it's nasty: it doesn't
|
|
|
|
|
* exist on some 486-like CPUs, and it usually exits to a
|
|
|
|
|
* hypervisor.
|
|
|
|
|
*
|
|
|
|
|
* Like all of Linux's memory ordering operations, this is a
|
|
|
|
|
* compiler barrier as well.
|
2012-11-28 12:50:30 -07:00
|
|
|
*/
|
2016-12-09 11:24:08 -07:00
|
|
|
#ifdef CONFIG_X86_32
|
|
|
|
|
asm volatile (
|
|
|
|
|
"pushfl\n\t"
|
|
|
|
|
"pushl %%cs\n\t"
|
|
|
|
|
"pushl $1f\n\t"
|
|
|
|
|
"iret\n\t"
|
|
|
|
|
"1:"
|
x86/asm: Fix inline asm call constraints for Clang
For inline asm statements which have a CALL instruction, we list the
stack pointer as a constraint to convince GCC to ensure the frame
pointer is set up first:
static inline void foo()
{
register void *__sp asm(_ASM_SP);
asm("call bar" : "+r" (__sp))
}
Unfortunately, that pattern causes Clang to corrupt the stack pointer.
The fix is easy: convert the stack pointer register variable to a global
variable.
It should be noted that the end result is different based on the GCC
version. With GCC 6.4, this patch has exactly the same result as
before:
defconfig defconfig-nofp distro distro-nofp
before 9820389 9491555 8816046 8516940
after 9820389 9491555 8816046 8516940
With GCC 7.2, however, GCC's behavior has changed. It now changes its
behavior based on the conversion of the register variable to a global.
That somehow convinces it to *always* set up the frame pointer before
inserting *any* inline asm. (Therefore, listing the variable as an
output constraint is a no-op and is no longer necessary.) It's a bit
overkill, but the performance impact should be negligible. And in fact,
there's a nice improvement with frame pointers disabled:
defconfig defconfig-nofp distro distro-nofp
before 9796316 9468236 9076191 8790305
after 9796957 9464267 9076381 8785949
So in summary, while listing the stack pointer as an output constraint
is no longer necessary for newer versions of GCC, it's still needed for
older versions.
Suggested-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Dmitriy Vyukov <dvyukov@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/3db862e970c432ae823cf515c52b54fec8270e0e.1505942196.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-09-20 15:24:33 -06:00
|
|
|
: ASM_CALL_CONSTRAINT : : "memory");
|
2012-11-28 12:50:30 -07:00
|
|
|
#else
|
2016-12-09 11:24:08 -07:00
|
|
|
unsigned int tmp;
|
|
|
|
|
|
|
|
|
|
asm volatile (
|
2017-07-11 09:33:45 -06:00
|
|
|
UNWIND_HINT_SAVE
|
2016-12-09 11:24:08 -07:00
|
|
|
"mov %%ss, %0\n\t"
|
|
|
|
|
"pushq %q0\n\t"
|
|
|
|
|
"pushq %%rsp\n\t"
|
|
|
|
|
"addq $8, (%%rsp)\n\t"
|
|
|
|
|
"pushfq\n\t"
|
|
|
|
|
"mov %%cs, %0\n\t"
|
|
|
|
|
"pushq %q0\n\t"
|
|
|
|
|
"pushq $1f\n\t"
|
|
|
|
|
"iretq\n\t"
|
2017-07-11 09:33:45 -06:00
|
|
|
UNWIND_HINT_RESTORE
|
2016-12-09 11:24:08 -07:00
|
|
|
"1:"
|
x86/asm: Fix inline asm call constraints for Clang
For inline asm statements which have a CALL instruction, we list the
stack pointer as a constraint to convince GCC to ensure the frame
pointer is set up first:
static inline void foo()
{
register void *__sp asm(_ASM_SP);
asm("call bar" : "+r" (__sp))
}
Unfortunately, that pattern causes Clang to corrupt the stack pointer.
The fix is easy: convert the stack pointer register variable to a global
variable.
It should be noted that the end result is different based on the GCC
version. With GCC 6.4, this patch has exactly the same result as
before:
defconfig defconfig-nofp distro distro-nofp
before 9820389 9491555 8816046 8516940
after 9820389 9491555 8816046 8516940
With GCC 7.2, however, GCC's behavior has changed. It now changes its
behavior based on the conversion of the register variable to a global.
That somehow convinces it to *always* set up the frame pointer before
inserting *any* inline asm. (Therefore, listing the variable as an
output constraint is a no-op and is no longer necessary.) It's a bit
overkill, but the performance impact should be negligible. And in fact,
there's a nice improvement with frame pointers disabled:
defconfig defconfig-nofp distro distro-nofp
before 9796316 9468236 9076191 8790305
after 9796957 9464267 9076381 8785949
So in summary, while listing the stack pointer as an output constraint
is no longer necessary for newer versions of GCC, it's still needed for
older versions.
Suggested-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Dmitriy Vyukov <dvyukov@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/3db862e970c432ae823cf515c52b54fec8270e0e.1505942196.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-09-20 15:24:33 -06:00
|
|
|
: "=&r" (tmp), ASM_CALL_CONSTRAINT : : "cc", "memory");
|
2009-09-09 19:53:50 -06:00
|
|
|
#endif
|
2008-01-30 05:31:27 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
extern void select_idle_routine(const struct cpuinfo_x86 *c);
|
2016-12-09 11:29:11 -07:00
|
|
|
extern void amd_e400_c1e_apic_setup(void);
|
2008-01-30 05:31:27 -07:00
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
extern unsigned long boot_option_idle_override;
|
2008-01-30 05:31:27 -07:00
|
|
|
|
2010-11-03 10:06:14 -06:00
|
|
|
enum idle_boot_override {IDLE_NO_OVERRIDE=0, IDLE_HALT, IDLE_NOMWAIT,
|
2013-02-09 23:38:39 -07:00
|
|
|
IDLE_POLL};
|
2010-11-03 10:06:14 -06:00
|
|
|
|
2008-01-30 05:31:39 -07:00
|
|
|
extern void enable_sep_cpu(void);
|
|
|
|
|
extern int sysenter_setup(void);
|
|
|
|
|
|
2010-05-20 20:04:29 -06:00
|
|
|
|
2008-01-30 05:31:39 -07:00
|
|
|
/* Defined in head.S */
|
2008-02-20 20:24:40 -07:00
|
|
|
extern struct desc_ptr early_gdt_descr;
|
2008-01-30 05:31:39 -07:00
|
|
|
|
2009-01-30 01:47:53 -07:00
|
|
|
extern void switch_to_new_gdt(int);
|
2017-03-14 11:05:08 -06:00
|
|
|
extern void load_direct_gdt(int);
|
2017-03-14 11:05:07 -06:00
|
|
|
extern void load_fixmap_gdt(int);
|
2009-01-30 01:47:54 -07:00
|
|
|
extern void load_percpu_segment(int);
|
2008-01-30 05:31:39 -07:00
|
|
|
extern void cpu_init(void);
|
|
|
|
|
|
2008-12-11 05:49:59 -07:00
|
|
|
static inline unsigned long get_debugctlmsr(void)
|
|
|
|
|
{
|
2010-03-25 07:51:51 -06:00
|
|
|
unsigned long debugctlmsr = 0;
|
2008-12-11 05:49:59 -07:00
|
|
|
|
|
|
|
|
#ifndef CONFIG_X86_DEBUGCTLMSR
|
|
|
|
|
if (boot_cpu_data.x86 < 6)
|
|
|
|
|
return 0;
|
|
|
|
|
#endif
|
|
|
|
|
rdmsrl(MSR_IA32_DEBUGCTLMSR, debugctlmsr);
|
|
|
|
|
|
2010-03-25 07:51:51 -06:00
|
|
|
return debugctlmsr;
|
2008-12-11 05:49:59 -07:00
|
|
|
}
|
|
|
|
|
|
2008-03-10 07:11:17 -06:00
|
|
|
static inline void update_debugctlmsr(unsigned long debugctlmsr)
|
|
|
|
|
{
|
|
|
|
|
#ifndef CONFIG_X86_DEBUGCTLMSR
|
|
|
|
|
if (boot_cpu_data.x86 < 6)
|
|
|
|
|
return;
|
|
|
|
|
#endif
|
|
|
|
|
wrmsrl(MSR_IA32_DEBUGCTLMSR, debugctlmsr);
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-03 07:24:17 -06:00
|
|
|
extern void set_task_blockstep(struct task_struct *task, bool on);
|
|
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
/* Boot loader type from the setup header: */
|
|
|
|
|
extern int bootloader_type;
|
2009-05-07 17:54:11 -06:00
|
|
|
extern int bootloader_version;
|
2008-01-30 05:31:39 -07:00
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
extern char ignore_fpu_irq;
|
2008-01-30 05:31:27 -07:00
|
|
|
|
|
|
|
|
#define HAVE_ARCH_PICK_MMAP_LAYOUT 1
|
|
|
|
|
#define ARCH_HAS_PREFETCHW
|
|
|
|
|
#define ARCH_HAS_SPINLOCK_PREFETCH
|
|
|
|
|
|
2008-01-30 05:31:40 -07:00
|
|
|
#ifdef CONFIG_X86_32
|
x86/asm: Cleanup prefetch primitives
This is based on a patch originally by hpa.
With the current improvements to the alternatives, we can simply use %P1
as a mem8 operand constraint and rely on the toolchain to generate the
proper instruction sizes. For example, on 32-bit, where we use an empty
old instruction we get:
apply_alternatives: feat: 6*32+8, old: (c104648b, len: 4), repl: (c195566c, len: 4)
c104648b: alt_insn: 90 90 90 90
c195566c: rpl_insn: 0f 0d 4b 5c
...
apply_alternatives: feat: 6*32+8, old: (c18e09b4, len: 3), repl: (c1955948, len: 3)
c18e09b4: alt_insn: 90 90 90
c1955948: rpl_insn: 0f 0d 08
...
apply_alternatives: feat: 6*32+8, old: (c1190cf9, len: 7), repl: (c1955a79, len: 7)
c1190cf9: alt_insn: 90 90 90 90 90 90 90
c1955a79: rpl_insn: 0f 0d 0d a0 d4 85 c1
all with the proper padding done depending on the size of the
replacement instruction the compiler generates.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: H. Peter Anvin <hpa@linux.intel.com>
2015-01-18 09:48:18 -07:00
|
|
|
# define BASE_PREFETCH ""
|
2008-02-20 20:24:40 -07:00
|
|
|
# define ARCH_HAS_PREFETCH
|
2008-01-30 05:31:40 -07:00
|
|
|
#else
|
x86/asm: Cleanup prefetch primitives
This is based on a patch originally by hpa.
With the current improvements to the alternatives, we can simply use %P1
as a mem8 operand constraint and rely on the toolchain to generate the
proper instruction sizes. For example, on 32-bit, where we use an empty
old instruction we get:
apply_alternatives: feat: 6*32+8, old: (c104648b, len: 4), repl: (c195566c, len: 4)
c104648b: alt_insn: 90 90 90 90
c195566c: rpl_insn: 0f 0d 4b 5c
...
apply_alternatives: feat: 6*32+8, old: (c18e09b4, len: 3), repl: (c1955948, len: 3)
c18e09b4: alt_insn: 90 90 90
c1955948: rpl_insn: 0f 0d 08
...
apply_alternatives: feat: 6*32+8, old: (c1190cf9, len: 7), repl: (c1955a79, len: 7)
c1190cf9: alt_insn: 90 90 90 90 90 90 90
c1955a79: rpl_insn: 0f 0d 0d a0 d4 85 c1
all with the proper padding done depending on the size of the
replacement instruction the compiler generates.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: H. Peter Anvin <hpa@linux.intel.com>
2015-01-18 09:48:18 -07:00
|
|
|
# define BASE_PREFETCH "prefetcht0 %P1"
|
2008-01-30 05:31:40 -07:00
|
|
|
#endif
|
|
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
/*
|
|
|
|
|
* Prefetch instructions for Pentium III (+) and AMD Athlon (+)
|
|
|
|
|
*
|
|
|
|
|
* It's not worth to care about 3dnow prefetches for the K6
|
|
|
|
|
* because they are microcoded there and very slow.
|
|
|
|
|
*/
|
2008-01-30 05:31:40 -07:00
|
|
|
static inline void prefetch(const void *x)
|
|
|
|
|
{
|
x86/asm: Cleanup prefetch primitives
This is based on a patch originally by hpa.
With the current improvements to the alternatives, we can simply use %P1
as a mem8 operand constraint and rely on the toolchain to generate the
proper instruction sizes. For example, on 32-bit, where we use an empty
old instruction we get:
apply_alternatives: feat: 6*32+8, old: (c104648b, len: 4), repl: (c195566c, len: 4)
c104648b: alt_insn: 90 90 90 90
c195566c: rpl_insn: 0f 0d 4b 5c
...
apply_alternatives: feat: 6*32+8, old: (c18e09b4, len: 3), repl: (c1955948, len: 3)
c18e09b4: alt_insn: 90 90 90
c1955948: rpl_insn: 0f 0d 08
...
apply_alternatives: feat: 6*32+8, old: (c1190cf9, len: 7), repl: (c1955a79, len: 7)
c1190cf9: alt_insn: 90 90 90 90 90 90 90
c1955a79: rpl_insn: 0f 0d 0d a0 d4 85 c1
all with the proper padding done depending on the size of the
replacement instruction the compiler generates.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: H. Peter Anvin <hpa@linux.intel.com>
2015-01-18 09:48:18 -07:00
|
|
|
alternative_input(BASE_PREFETCH, "prefetchnta %P1",
|
2008-01-30 05:31:40 -07:00
|
|
|
X86_FEATURE_XMM,
|
x86/asm: Cleanup prefetch primitives
This is based on a patch originally by hpa.
With the current improvements to the alternatives, we can simply use %P1
as a mem8 operand constraint and rely on the toolchain to generate the
proper instruction sizes. For example, on 32-bit, where we use an empty
old instruction we get:
apply_alternatives: feat: 6*32+8, old: (c104648b, len: 4), repl: (c195566c, len: 4)
c104648b: alt_insn: 90 90 90 90
c195566c: rpl_insn: 0f 0d 4b 5c
...
apply_alternatives: feat: 6*32+8, old: (c18e09b4, len: 3), repl: (c1955948, len: 3)
c18e09b4: alt_insn: 90 90 90
c1955948: rpl_insn: 0f 0d 08
...
apply_alternatives: feat: 6*32+8, old: (c1190cf9, len: 7), repl: (c1955a79, len: 7)
c1190cf9: alt_insn: 90 90 90 90 90 90 90
c1955a79: rpl_insn: 0f 0d 0d a0 d4 85 c1
all with the proper padding done depending on the size of the
replacement instruction the compiler generates.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: H. Peter Anvin <hpa@linux.intel.com>
2015-01-18 09:48:18 -07:00
|
|
|
"m" (*(const char *)x));
|
2008-01-30 05:31:40 -07:00
|
|
|
}
|
|
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
/*
|
|
|
|
|
* 3dnow prefetch to get an exclusive cache line.
|
|
|
|
|
* Useful for spinlocks to avoid one state transition in the
|
|
|
|
|
* cache coherency protocol:
|
|
|
|
|
*/
|
2008-01-30 05:31:40 -07:00
|
|
|
static inline void prefetchw(const void *x)
|
|
|
|
|
{
|
x86/asm: Cleanup prefetch primitives
This is based on a patch originally by hpa.
With the current improvements to the alternatives, we can simply use %P1
as a mem8 operand constraint and rely on the toolchain to generate the
proper instruction sizes. For example, on 32-bit, where we use an empty
old instruction we get:
apply_alternatives: feat: 6*32+8, old: (c104648b, len: 4), repl: (c195566c, len: 4)
c104648b: alt_insn: 90 90 90 90
c195566c: rpl_insn: 0f 0d 4b 5c
...
apply_alternatives: feat: 6*32+8, old: (c18e09b4, len: 3), repl: (c1955948, len: 3)
c18e09b4: alt_insn: 90 90 90
c1955948: rpl_insn: 0f 0d 08
...
apply_alternatives: feat: 6*32+8, old: (c1190cf9, len: 7), repl: (c1955a79, len: 7)
c1190cf9: alt_insn: 90 90 90 90 90 90 90
c1955a79: rpl_insn: 0f 0d 0d a0 d4 85 c1
all with the proper padding done depending on the size of the
replacement instruction the compiler generates.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: H. Peter Anvin <hpa@linux.intel.com>
2015-01-18 09:48:18 -07:00
|
|
|
alternative_input(BASE_PREFETCH, "prefetchw %P1",
|
|
|
|
|
X86_FEATURE_3DNOWPREFETCH,
|
|
|
|
|
"m" (*(const char *)x));
|
2008-01-30 05:31:40 -07:00
|
|
|
}
|
|
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
static inline void spin_lock_prefetch(const void *x)
|
|
|
|
|
{
|
|
|
|
|
prefetchw(x);
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-10 12:05:59 -06:00
|
|
|
#define TOP_OF_INIT_STACK ((unsigned long)&init_stack + sizeof(init_stack) - \
|
|
|
|
|
TOP_OF_KERNEL_STACK_PADDING)
|
|
|
|
|
|
2017-11-02 01:59:11 -06:00
|
|
|
#define task_top_of_stack(task) ((unsigned long)(task_pt_regs(task) + 1))
|
|
|
|
|
|
2017-11-02 01:59:16 -06:00
|
|
|
#define task_pt_regs(task) \
|
|
|
|
|
({ \
|
|
|
|
|
unsigned long __ptr = (unsigned long)task_stack_page(task); \
|
|
|
|
|
__ptr += THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING; \
|
|
|
|
|
((struct pt_regs *)__ptr) - 1; \
|
|
|
|
|
})
|
|
|
|
|
|
2008-01-30 05:31:57 -07:00
|
|
|
#ifdef CONFIG_X86_32
|
|
|
|
|
/*
|
|
|
|
|
* User space process size: 3GB (default).
|
|
|
|
|
*/
|
2017-03-06 07:17:18 -07:00
|
|
|
#define IA32_PAGE_OFFSET PAGE_OFFSET
|
2008-02-20 20:24:40 -07:00
|
|
|
#define TASK_SIZE PAGE_OFFSET
|
2017-07-16 16:59:52 -06:00
|
|
|
#define TASK_SIZE_LOW TASK_SIZE
|
2009-02-20 15:32:28 -07:00
|
|
|
#define TASK_SIZE_MAX TASK_SIZE
|
2017-07-16 16:59:51 -06:00
|
|
|
#define DEFAULT_MAP_WINDOW TASK_SIZE
|
2008-02-20 20:24:40 -07:00
|
|
|
#define STACK_TOP TASK_SIZE
|
|
|
|
|
#define STACK_TOP_MAX STACK_TOP
|
|
|
|
|
|
|
|
|
|
#define INIT_THREAD { \
|
2015-03-10 12:05:59 -06:00
|
|
|
.sp0 = TOP_OF_INIT_STACK, \
|
2008-02-20 20:24:40 -07:00
|
|
|
.sysenter_cs = __KERNEL_CS, \
|
|
|
|
|
.io_bitmap_ptr = NULL, \
|
2016-07-14 14:22:57 -06:00
|
|
|
.addr_limit = KERNEL_DS, \
|
2008-01-30 05:31:57 -07:00
|
|
|
}
|
|
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
#define KSTK_ESP(task) (task_pt_regs(task)->sp)
|
2008-01-30 05:31:57 -07:00
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
/*
|
x86/pti: Put the LDT in its own PGD if PTI is on
With PTI enabled, the LDT must be mapped in the usermode tables somewhere.
The LDT is per process, i.e. per mm.
An earlier approach mapped the LDT on context switch into a fixmap area,
but that's a big overhead and exhausted the fixmap space when NR_CPUS got
big.
Take advantage of the fact that there is an address space hole which
provides a completely unused pgd. Use this pgd to manage per-mm LDT
mappings.
This has a down side: the LDT isn't (currently) randomized, and an attack
that can write the LDT is instant root due to call gates (thanks, AMD, for
leaving call gates in AMD64 but designing them wrong so they're only useful
for exploits). This can be mitigated by making the LDT read-only or
randomizing the mapping, either of which is strightforward on top of this
patch.
This will significantly slow down LDT users, but that shouldn't matter for
important workloads -- the LDT is only used by DOSEMU(2), Wine, and very
old libc implementations.
[ tglx: Cleaned it up. ]
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Kirill A. Shutemov <kirill@shutemov.name>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-12-12 08:56:45 -07:00
|
|
|
* User space process size. This is the first address outside the user range.
|
|
|
|
|
* There are a few constraints that determine this:
|
|
|
|
|
*
|
|
|
|
|
* On Intel CPUs, if a SYSCALL instruction is at the highest canonical
|
|
|
|
|
* address, then that syscall will enter the kernel with a
|
|
|
|
|
* non-canonical return address, and SYSRET will explode dangerously.
|
|
|
|
|
* We avoid this particular problem by preventing anything executable
|
|
|
|
|
* from being mapped at the maximum canonical address.
|
|
|
|
|
*
|
|
|
|
|
* On AMD CPUs in the Ryzen family, there's a nasty bug in which the
|
|
|
|
|
* CPUs malfunction if they execute code from the highest canonical page.
|
|
|
|
|
* They'll speculate right off the end of the canonical space, and
|
|
|
|
|
* bad things happen. This is worked around in the same way as the
|
|
|
|
|
* Intel problem.
|
|
|
|
|
*
|
|
|
|
|
* With page table isolation enabled, we map the LDT in ... [stay tuned]
|
2008-01-30 05:31:57 -07:00
|
|
|
*/
|
2017-07-16 16:59:53 -06:00
|
|
|
#define TASK_SIZE_MAX ((1UL << __VIRTUAL_MASK_SHIFT) - PAGE_SIZE)
|
2008-01-30 05:31:57 -07:00
|
|
|
|
2017-07-16 16:59:53 -06:00
|
|
|
#define DEFAULT_MAP_WINDOW ((1UL << 47) - PAGE_SIZE)
|
2008-01-30 05:31:57 -07:00
|
|
|
|
|
|
|
|
/* This decides where the kernel will search for a free chunk of vm
|
|
|
|
|
* space during mmap's.
|
|
|
|
|
*/
|
2008-02-20 20:24:40 -07:00
|
|
|
#define IA32_PAGE_OFFSET ((current->personality & ADDR_LIMIT_3GB) ? \
|
|
|
|
|
0xc0000000 : 0xFFFFe000)
|
2008-01-30 05:31:57 -07:00
|
|
|
|
2017-07-16 16:59:52 -06:00
|
|
|
#define TASK_SIZE_LOW (test_thread_flag(TIF_ADDR32) ? \
|
|
|
|
|
IA32_PAGE_OFFSET : DEFAULT_MAP_WINDOW)
|
2012-02-06 14:03:09 -07:00
|
|
|
#define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \
|
2009-02-20 15:32:28 -07:00
|
|
|
IA32_PAGE_OFFSET : TASK_SIZE_MAX)
|
2012-02-06 14:03:09 -07:00
|
|
|
#define TASK_SIZE_OF(child) ((test_tsk_thread_flag(child, TIF_ADDR32)) ? \
|
2009-02-20 15:32:28 -07:00
|
|
|
IA32_PAGE_OFFSET : TASK_SIZE_MAX)
|
2008-01-30 05:31:57 -07:00
|
|
|
|
2017-07-16 16:59:52 -06:00
|
|
|
#define STACK_TOP TASK_SIZE_LOW
|
2009-02-20 15:32:28 -07:00
|
|
|
#define STACK_TOP_MAX TASK_SIZE_MAX
|
2008-02-08 05:19:26 -07:00
|
|
|
|
2016-07-14 14:22:57 -06:00
|
|
|
#define INIT_THREAD { \
|
|
|
|
|
.addr_limit = KERNEL_DS, \
|
2008-01-30 05:31:57 -07:00
|
|
|
}
|
|
|
|
|
|
2009-11-03 02:22:40 -07:00
|
|
|
extern unsigned long KSTK_ESP(struct task_struct *task);
|
2012-02-14 14:49:48 -07:00
|
|
|
|
2008-01-30 05:31:57 -07:00
|
|
|
#endif /* CONFIG_X86_64 */
|
|
|
|
|
|
2008-02-20 21:18:40 -07:00
|
|
|
extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
|
|
|
|
|
unsigned long new_sp);
|
|
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
/*
|
|
|
|
|
* This decides where the kernel will search for a free chunk of vm
|
2008-01-30 05:31:27 -07:00
|
|
|
* space during mmap's.
|
|
|
|
|
*/
|
2017-03-06 07:17:18 -07:00
|
|
|
#define __TASK_UNMAPPED_BASE(task_size) (PAGE_ALIGN(task_size / 3))
|
2017-07-16 16:59:52 -06:00
|
|
|
#define TASK_UNMAPPED_BASE __TASK_UNMAPPED_BASE(TASK_SIZE_LOW)
|
2008-01-30 05:31:27 -07:00
|
|
|
|
2008-02-20 20:24:40 -07:00
|
|
|
#define KSTK_EIP(task) (task_pt_regs(task)->ip)
|
2008-01-30 05:31:27 -07:00
|
|
|
|
2008-04-13 16:24:18 -06:00
|
|
|
/* Get/set a process' ability to use the timestamp counter instruction */
|
|
|
|
|
#define GET_TSC_CTL(adr) get_tsc_mode((adr))
|
|
|
|
|
#define SET_TSC_CTL(val) set_tsc_mode((val))
|
|
|
|
|
|
|
|
|
|
extern int get_tsc_mode(unsigned long adr);
|
|
|
|
|
extern int set_tsc_mode(unsigned int val);
|
|
|
|
|
|
2017-03-20 02:16:26 -06:00
|
|
|
DECLARE_PER_CPU(u64, msr_misc_features_shadow);
|
|
|
|
|
|
x86, mpx: On-demand kernel allocation of bounds tables
This is really the meat of the MPX patch set. If there is one patch to
review in the entire series, this is the one. There is a new ABI here
and this kernel code also interacts with userspace memory in a
relatively unusual manner. (small FAQ below).
Long Description:
This patch adds two prctl() commands to provide enable or disable the
management of bounds tables in kernel, including on-demand kernel
allocation (See the patch "on-demand kernel allocation of bounds tables")
and cleanup (See the patch "cleanup unused bound tables"). Applications
do not strictly need the kernel to manage bounds tables and we expect
some applications to use MPX without taking advantage of this kernel
support. This means the kernel can not simply infer whether an application
needs bounds table management from the MPX registers. The prctl() is an
explicit signal from userspace.
PR_MPX_ENABLE_MANAGEMENT is meant to be a signal from userspace to
require kernel's help in managing bounds tables.
PR_MPX_DISABLE_MANAGEMENT is the opposite, meaning that userspace don't
want kernel's help any more. With PR_MPX_DISABLE_MANAGEMENT, the kernel
won't allocate and free bounds tables even if the CPU supports MPX.
PR_MPX_ENABLE_MANAGEMENT will fetch the base address of the bounds
directory out of a userspace register (bndcfgu) and then cache it into
a new field (->bd_addr) in the 'mm_struct'. PR_MPX_DISABLE_MANAGEMENT
will set "bd_addr" to an invalid address. Using this scheme, we can
use "bd_addr" to determine whether the management of bounds tables in
kernel is enabled.
Also, the only way to access that bndcfgu register is via an xsaves,
which can be expensive. Caching "bd_addr" like this also helps reduce
the cost of those xsaves when doing table cleanup at munmap() time.
Unfortunately, we can not apply this optimization to #BR fault time
because we need an xsave to get the value of BNDSTATUS.
==== Why does the hardware even have these Bounds Tables? ====
MPX only has 4 hardware registers for storing bounds information.
If MPX-enabled code needs more than these 4 registers, it needs to
spill them somewhere. It has two special instructions for this
which allow the bounds to be moved between the bounds registers
and some new "bounds tables".
They are similar conceptually to a page fault and will be raised by
the MPX hardware during both bounds violations or when the tables
are not present. This patch handles those #BR exceptions for
not-present tables by carving the space out of the normal processes
address space (essentially calling the new mmap() interface indroduced
earlier in this patch set.) and then pointing the bounds-directory
over to it.
The tables *need* to be accessed and controlled by userspace because
the instructions for moving bounds in and out of them are extremely
frequent. They potentially happen every time a register pointing to
memory is dereferenced. Any direct kernel involvement (like a syscall)
to access the tables would obviously destroy performance.
==== Why not do this in userspace? ====
This patch is obviously doing this allocation in the kernel.
However, MPX does not strictly *require* anything in the kernel.
It can theoretically be done completely from userspace. Here are
a few ways this *could* be done. I don't think any of them are
practical in the real-world, but here they are.
Q: Can virtual space simply be reserved for the bounds tables so
that we never have to allocate them?
A: As noted earlier, these tables are *HUGE*. An X-GB virtual
area needs 4*X GB of virtual space, plus 2GB for the bounds
directory. If we were to preallocate them for the 128TB of
user virtual address space, we would need to reserve 512TB+2GB,
which is larger than the entire virtual address space today.
This means they can not be reserved ahead of time. Also, a
single process's pre-popualated bounds directory consumes 2GB
of virtual *AND* physical memory. IOW, it's completely
infeasible to prepopulate bounds directories.
Q: Can we preallocate bounds table space at the same time memory
is allocated which might contain pointers that might eventually
need bounds tables?
A: This would work if we could hook the site of each and every
memory allocation syscall. This can be done for small,
constrained applications. But, it isn't practical at a larger
scale since a given app has no way of controlling how all the
parts of the app might allocate memory (think libraries). The
kernel is really the only place to intercept these calls.
Q: Could a bounds fault be handed to userspace and the tables
allocated there in a signal handler instead of in the kernel?
A: (thanks to tglx) mmap() is not on the list of safe async
handler functions and even if mmap() would work it still
requires locking or nasty tricks to keep track of the
allocation state there.
Having ruled out all of the userspace-only approaches for managing
bounds tables that we could think of, we create them on demand in
the kernel.
Based-on-patch-by: Qiaowei Ren <qiaowei.ren@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: linux-mm@kvack.org
Cc: linux-mips@linux-mips.org
Cc: Dave Hansen <dave@sr71.net>
Link: http://lkml.kernel.org/r/20141114151829.AD4310DE@viggo.jf.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-14 08:18:29 -07:00
|
|
|
/* Register/unregister a process' MPX related resource */
|
2015-06-07 12:37:02 -06:00
|
|
|
#define MPX_ENABLE_MANAGEMENT() mpx_enable_management()
|
|
|
|
|
#define MPX_DISABLE_MANAGEMENT() mpx_disable_management()
|
x86, mpx: On-demand kernel allocation of bounds tables
This is really the meat of the MPX patch set. If there is one patch to
review in the entire series, this is the one. There is a new ABI here
and this kernel code also interacts with userspace memory in a
relatively unusual manner. (small FAQ below).
Long Description:
This patch adds two prctl() commands to provide enable or disable the
management of bounds tables in kernel, including on-demand kernel
allocation (See the patch "on-demand kernel allocation of bounds tables")
and cleanup (See the patch "cleanup unused bound tables"). Applications
do not strictly need the kernel to manage bounds tables and we expect
some applications to use MPX without taking advantage of this kernel
support. This means the kernel can not simply infer whether an application
needs bounds table management from the MPX registers. The prctl() is an
explicit signal from userspace.
PR_MPX_ENABLE_MANAGEMENT is meant to be a signal from userspace to
require kernel's help in managing bounds tables.
PR_MPX_DISABLE_MANAGEMENT is the opposite, meaning that userspace don't
want kernel's help any more. With PR_MPX_DISABLE_MANAGEMENT, the kernel
won't allocate and free bounds tables even if the CPU supports MPX.
PR_MPX_ENABLE_MANAGEMENT will fetch the base address of the bounds
directory out of a userspace register (bndcfgu) and then cache it into
a new field (->bd_addr) in the 'mm_struct'. PR_MPX_DISABLE_MANAGEMENT
will set "bd_addr" to an invalid address. Using this scheme, we can
use "bd_addr" to determine whether the management of bounds tables in
kernel is enabled.
Also, the only way to access that bndcfgu register is via an xsaves,
which can be expensive. Caching "bd_addr" like this also helps reduce
the cost of those xsaves when doing table cleanup at munmap() time.
Unfortunately, we can not apply this optimization to #BR fault time
because we need an xsave to get the value of BNDSTATUS.
==== Why does the hardware even have these Bounds Tables? ====
MPX only has 4 hardware registers for storing bounds information.
If MPX-enabled code needs more than these 4 registers, it needs to
spill them somewhere. It has two special instructions for this
which allow the bounds to be moved between the bounds registers
and some new "bounds tables".
They are similar conceptually to a page fault and will be raised by
the MPX hardware during both bounds violations or when the tables
are not present. This patch handles those #BR exceptions for
not-present tables by carving the space out of the normal processes
address space (essentially calling the new mmap() interface indroduced
earlier in this patch set.) and then pointing the bounds-directory
over to it.
The tables *need* to be accessed and controlled by userspace because
the instructions for moving bounds in and out of them are extremely
frequent. They potentially happen every time a register pointing to
memory is dereferenced. Any direct kernel involvement (like a syscall)
to access the tables would obviously destroy performance.
==== Why not do this in userspace? ====
This patch is obviously doing this allocation in the kernel.
However, MPX does not strictly *require* anything in the kernel.
It can theoretically be done completely from userspace. Here are
a few ways this *could* be done. I don't think any of them are
practical in the real-world, but here they are.
Q: Can virtual space simply be reserved for the bounds tables so
that we never have to allocate them?
A: As noted earlier, these tables are *HUGE*. An X-GB virtual
area needs 4*X GB of virtual space, plus 2GB for the bounds
directory. If we were to preallocate them for the 128TB of
user virtual address space, we would need to reserve 512TB+2GB,
which is larger than the entire virtual address space today.
This means they can not be reserved ahead of time. Also, a
single process's pre-popualated bounds directory consumes 2GB
of virtual *AND* physical memory. IOW, it's completely
infeasible to prepopulate bounds directories.
Q: Can we preallocate bounds table space at the same time memory
is allocated which might contain pointers that might eventually
need bounds tables?
A: This would work if we could hook the site of each and every
memory allocation syscall. This can be done for small,
constrained applications. But, it isn't practical at a larger
scale since a given app has no way of controlling how all the
parts of the app might allocate memory (think libraries). The
kernel is really the only place to intercept these calls.
Q: Could a bounds fault be handed to userspace and the tables
allocated there in a signal handler instead of in the kernel?
A: (thanks to tglx) mmap() is not on the list of safe async
handler functions and even if mmap() would work it still
requires locking or nasty tricks to keep track of the
allocation state there.
Having ruled out all of the userspace-only approaches for managing
bounds tables that we could think of, we create them on demand in
the kernel.
Based-on-patch-by: Qiaowei Ren <qiaowei.ren@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: linux-mm@kvack.org
Cc: linux-mips@linux-mips.org
Cc: Dave Hansen <dave@sr71.net>
Link: http://lkml.kernel.org/r/20141114151829.AD4310DE@viggo.jf.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-14 08:18:29 -07:00
|
|
|
|
|
|
|
|
#ifdef CONFIG_X86_INTEL_MPX
|
2015-06-07 12:37:02 -06:00
|
|
|
extern int mpx_enable_management(void);
|
|
|
|
|
extern int mpx_disable_management(void);
|
x86, mpx: On-demand kernel allocation of bounds tables
This is really the meat of the MPX patch set. If there is one patch to
review in the entire series, this is the one. There is a new ABI here
and this kernel code also interacts with userspace memory in a
relatively unusual manner. (small FAQ below).
Long Description:
This patch adds two prctl() commands to provide enable or disable the
management of bounds tables in kernel, including on-demand kernel
allocation (See the patch "on-demand kernel allocation of bounds tables")
and cleanup (See the patch "cleanup unused bound tables"). Applications
do not strictly need the kernel to manage bounds tables and we expect
some applications to use MPX without taking advantage of this kernel
support. This means the kernel can not simply infer whether an application
needs bounds table management from the MPX registers. The prctl() is an
explicit signal from userspace.
PR_MPX_ENABLE_MANAGEMENT is meant to be a signal from userspace to
require kernel's help in managing bounds tables.
PR_MPX_DISABLE_MANAGEMENT is the opposite, meaning that userspace don't
want kernel's help any more. With PR_MPX_DISABLE_MANAGEMENT, the kernel
won't allocate and free bounds tables even if the CPU supports MPX.
PR_MPX_ENABLE_MANAGEMENT will fetch the base address of the bounds
directory out of a userspace register (bndcfgu) and then cache it into
a new field (->bd_addr) in the 'mm_struct'. PR_MPX_DISABLE_MANAGEMENT
will set "bd_addr" to an invalid address. Using this scheme, we can
use "bd_addr" to determine whether the management of bounds tables in
kernel is enabled.
Also, the only way to access that bndcfgu register is via an xsaves,
which can be expensive. Caching "bd_addr" like this also helps reduce
the cost of those xsaves when doing table cleanup at munmap() time.
Unfortunately, we can not apply this optimization to #BR fault time
because we need an xsave to get the value of BNDSTATUS.
==== Why does the hardware even have these Bounds Tables? ====
MPX only has 4 hardware registers for storing bounds information.
If MPX-enabled code needs more than these 4 registers, it needs to
spill them somewhere. It has two special instructions for this
which allow the bounds to be moved between the bounds registers
and some new "bounds tables".
They are similar conceptually to a page fault and will be raised by
the MPX hardware during both bounds violations or when the tables
are not present. This patch handles those #BR exceptions for
not-present tables by carving the space out of the normal processes
address space (essentially calling the new mmap() interface indroduced
earlier in this patch set.) and then pointing the bounds-directory
over to it.
The tables *need* to be accessed and controlled by userspace because
the instructions for moving bounds in and out of them are extremely
frequent. They potentially happen every time a register pointing to
memory is dereferenced. Any direct kernel involvement (like a syscall)
to access the tables would obviously destroy performance.
==== Why not do this in userspace? ====
This patch is obviously doing this allocation in the kernel.
However, MPX does not strictly *require* anything in the kernel.
It can theoretically be done completely from userspace. Here are
a few ways this *could* be done. I don't think any of them are
practical in the real-world, but here they are.
Q: Can virtual space simply be reserved for the bounds tables so
that we never have to allocate them?
A: As noted earlier, these tables are *HUGE*. An X-GB virtual
area needs 4*X GB of virtual space, plus 2GB for the bounds
directory. If we were to preallocate them for the 128TB of
user virtual address space, we would need to reserve 512TB+2GB,
which is larger than the entire virtual address space today.
This means they can not be reserved ahead of time. Also, a
single process's pre-popualated bounds directory consumes 2GB
of virtual *AND* physical memory. IOW, it's completely
infeasible to prepopulate bounds directories.
Q: Can we preallocate bounds table space at the same time memory
is allocated which might contain pointers that might eventually
need bounds tables?
A: This would work if we could hook the site of each and every
memory allocation syscall. This can be done for small,
constrained applications. But, it isn't practical at a larger
scale since a given app has no way of controlling how all the
parts of the app might allocate memory (think libraries). The
kernel is really the only place to intercept these calls.
Q: Could a bounds fault be handed to userspace and the tables
allocated there in a signal handler instead of in the kernel?
A: (thanks to tglx) mmap() is not on the list of safe async
handler functions and even if mmap() would work it still
requires locking or nasty tricks to keep track of the
allocation state there.
Having ruled out all of the userspace-only approaches for managing
bounds tables that we could think of, we create them on demand in
the kernel.
Based-on-patch-by: Qiaowei Ren <qiaowei.ren@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: linux-mm@kvack.org
Cc: linux-mips@linux-mips.org
Cc: Dave Hansen <dave@sr71.net>
Link: http://lkml.kernel.org/r/20141114151829.AD4310DE@viggo.jf.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-14 08:18:29 -07:00
|
|
|
#else
|
2015-06-07 12:37:02 -06:00
|
|
|
static inline int mpx_enable_management(void)
|
x86, mpx: On-demand kernel allocation of bounds tables
This is really the meat of the MPX patch set. If there is one patch to
review in the entire series, this is the one. There is a new ABI here
and this kernel code also interacts with userspace memory in a
relatively unusual manner. (small FAQ below).
Long Description:
This patch adds two prctl() commands to provide enable or disable the
management of bounds tables in kernel, including on-demand kernel
allocation (See the patch "on-demand kernel allocation of bounds tables")
and cleanup (See the patch "cleanup unused bound tables"). Applications
do not strictly need the kernel to manage bounds tables and we expect
some applications to use MPX without taking advantage of this kernel
support. This means the kernel can not simply infer whether an application
needs bounds table management from the MPX registers. The prctl() is an
explicit signal from userspace.
PR_MPX_ENABLE_MANAGEMENT is meant to be a signal from userspace to
require kernel's help in managing bounds tables.
PR_MPX_DISABLE_MANAGEMENT is the opposite, meaning that userspace don't
want kernel's help any more. With PR_MPX_DISABLE_MANAGEMENT, the kernel
won't allocate and free bounds tables even if the CPU supports MPX.
PR_MPX_ENABLE_MANAGEMENT will fetch the base address of the bounds
directory out of a userspace register (bndcfgu) and then cache it into
a new field (->bd_addr) in the 'mm_struct'. PR_MPX_DISABLE_MANAGEMENT
will set "bd_addr" to an invalid address. Using this scheme, we can
use "bd_addr" to determine whether the management of bounds tables in
kernel is enabled.
Also, the only way to access that bndcfgu register is via an xsaves,
which can be expensive. Caching "bd_addr" like this also helps reduce
the cost of those xsaves when doing table cleanup at munmap() time.
Unfortunately, we can not apply this optimization to #BR fault time
because we need an xsave to get the value of BNDSTATUS.
==== Why does the hardware even have these Bounds Tables? ====
MPX only has 4 hardware registers for storing bounds information.
If MPX-enabled code needs more than these 4 registers, it needs to
spill them somewhere. It has two special instructions for this
which allow the bounds to be moved between the bounds registers
and some new "bounds tables".
They are similar conceptually to a page fault and will be raised by
the MPX hardware during both bounds violations or when the tables
are not present. This patch handles those #BR exceptions for
not-present tables by carving the space out of the normal processes
address space (essentially calling the new mmap() interface indroduced
earlier in this patch set.) and then pointing the bounds-directory
over to it.
The tables *need* to be accessed and controlled by userspace because
the instructions for moving bounds in and out of them are extremely
frequent. They potentially happen every time a register pointing to
memory is dereferenced. Any direct kernel involvement (like a syscall)
to access the tables would obviously destroy performance.
==== Why not do this in userspace? ====
This patch is obviously doing this allocation in the kernel.
However, MPX does not strictly *require* anything in the kernel.
It can theoretically be done completely from userspace. Here are
a few ways this *could* be done. I don't think any of them are
practical in the real-world, but here they are.
Q: Can virtual space simply be reserved for the bounds tables so
that we never have to allocate them?
A: As noted earlier, these tables are *HUGE*. An X-GB virtual
area needs 4*X GB of virtual space, plus 2GB for the bounds
directory. If we were to preallocate them for the 128TB of
user virtual address space, we would need to reserve 512TB+2GB,
which is larger than the entire virtual address space today.
This means they can not be reserved ahead of time. Also, a
single process's pre-popualated bounds directory consumes 2GB
of virtual *AND* physical memory. IOW, it's completely
infeasible to prepopulate bounds directories.
Q: Can we preallocate bounds table space at the same time memory
is allocated which might contain pointers that might eventually
need bounds tables?
A: This would work if we could hook the site of each and every
memory allocation syscall. This can be done for small,
constrained applications. But, it isn't practical at a larger
scale since a given app has no way of controlling how all the
parts of the app might allocate memory (think libraries). The
kernel is really the only place to intercept these calls.
Q: Could a bounds fault be handed to userspace and the tables
allocated there in a signal handler instead of in the kernel?
A: (thanks to tglx) mmap() is not on the list of safe async
handler functions and even if mmap() would work it still
requires locking or nasty tricks to keep track of the
allocation state there.
Having ruled out all of the userspace-only approaches for managing
bounds tables that we could think of, we create them on demand in
the kernel.
Based-on-patch-by: Qiaowei Ren <qiaowei.ren@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: linux-mm@kvack.org
Cc: linux-mips@linux-mips.org
Cc: Dave Hansen <dave@sr71.net>
Link: http://lkml.kernel.org/r/20141114151829.AD4310DE@viggo.jf.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-14 08:18:29 -07:00
|
|
|
{
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
2015-06-07 12:37:02 -06:00
|
|
|
static inline int mpx_disable_management(void)
|
x86, mpx: On-demand kernel allocation of bounds tables
This is really the meat of the MPX patch set. If there is one patch to
review in the entire series, this is the one. There is a new ABI here
and this kernel code also interacts with userspace memory in a
relatively unusual manner. (small FAQ below).
Long Description:
This patch adds two prctl() commands to provide enable or disable the
management of bounds tables in kernel, including on-demand kernel
allocation (See the patch "on-demand kernel allocation of bounds tables")
and cleanup (See the patch "cleanup unused bound tables"). Applications
do not strictly need the kernel to manage bounds tables and we expect
some applications to use MPX without taking advantage of this kernel
support. This means the kernel can not simply infer whether an application
needs bounds table management from the MPX registers. The prctl() is an
explicit signal from userspace.
PR_MPX_ENABLE_MANAGEMENT is meant to be a signal from userspace to
require kernel's help in managing bounds tables.
PR_MPX_DISABLE_MANAGEMENT is the opposite, meaning that userspace don't
want kernel's help any more. With PR_MPX_DISABLE_MANAGEMENT, the kernel
won't allocate and free bounds tables even if the CPU supports MPX.
PR_MPX_ENABLE_MANAGEMENT will fetch the base address of the bounds
directory out of a userspace register (bndcfgu) and then cache it into
a new field (->bd_addr) in the 'mm_struct'. PR_MPX_DISABLE_MANAGEMENT
will set "bd_addr" to an invalid address. Using this scheme, we can
use "bd_addr" to determine whether the management of bounds tables in
kernel is enabled.
Also, the only way to access that bndcfgu register is via an xsaves,
which can be expensive. Caching "bd_addr" like this also helps reduce
the cost of those xsaves when doing table cleanup at munmap() time.
Unfortunately, we can not apply this optimization to #BR fault time
because we need an xsave to get the value of BNDSTATUS.
==== Why does the hardware even have these Bounds Tables? ====
MPX only has 4 hardware registers for storing bounds information.
If MPX-enabled code needs more than these 4 registers, it needs to
spill them somewhere. It has two special instructions for this
which allow the bounds to be moved between the bounds registers
and some new "bounds tables".
They are similar conceptually to a page fault and will be raised by
the MPX hardware during both bounds violations or when the tables
are not present. This patch handles those #BR exceptions for
not-present tables by carving the space out of the normal processes
address space (essentially calling the new mmap() interface indroduced
earlier in this patch set.) and then pointing the bounds-directory
over to it.
The tables *need* to be accessed and controlled by userspace because
the instructions for moving bounds in and out of them are extremely
frequent. They potentially happen every time a register pointing to
memory is dereferenced. Any direct kernel involvement (like a syscall)
to access the tables would obviously destroy performance.
==== Why not do this in userspace? ====
This patch is obviously doing this allocation in the kernel.
However, MPX does not strictly *require* anything in the kernel.
It can theoretically be done completely from userspace. Here are
a few ways this *could* be done. I don't think any of them are
practical in the real-world, but here they are.
Q: Can virtual space simply be reserved for the bounds tables so
that we never have to allocate them?
A: As noted earlier, these tables are *HUGE*. An X-GB virtual
area needs 4*X GB of virtual space, plus 2GB for the bounds
directory. If we were to preallocate them for the 128TB of
user virtual address space, we would need to reserve 512TB+2GB,
which is larger than the entire virtual address space today.
This means they can not be reserved ahead of time. Also, a
single process's pre-popualated bounds directory consumes 2GB
of virtual *AND* physical memory. IOW, it's completely
infeasible to prepopulate bounds directories.
Q: Can we preallocate bounds table space at the same time memory
is allocated which might contain pointers that might eventually
need bounds tables?
A: This would work if we could hook the site of each and every
memory allocation syscall. This can be done for small,
constrained applications. But, it isn't practical at a larger
scale since a given app has no way of controlling how all the
parts of the app might allocate memory (think libraries). The
kernel is really the only place to intercept these calls.
Q: Could a bounds fault be handed to userspace and the tables
allocated there in a signal handler instead of in the kernel?
A: (thanks to tglx) mmap() is not on the list of safe async
handler functions and even if mmap() would work it still
requires locking or nasty tricks to keep track of the
allocation state there.
Having ruled out all of the userspace-only approaches for managing
bounds tables that we could think of, we create them on demand in
the kernel.
Based-on-patch-by: Qiaowei Ren <qiaowei.ren@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: linux-mm@kvack.org
Cc: linux-mips@linux-mips.org
Cc: Dave Hansen <dave@sr71.net>
Link: http://lkml.kernel.org/r/20141114151829.AD4310DE@viggo.jf.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-14 08:18:29 -07:00
|
|
|
{
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
#endif /* CONFIG_X86_INTEL_MPX */
|
|
|
|
|
|
2017-06-13 10:28:30 -06:00
|
|
|
#ifdef CONFIG_CPU_SUP_AMD
|
2012-11-26 23:32:10 -07:00
|
|
|
extern u16 amd_get_nb_id(int cpu);
|
2015-06-15 02:28:15 -06:00
|
|
|
extern u32 amd_get_nodes_per_socket(void);
|
2017-06-13 10:28:30 -06:00
|
|
|
#else
|
|
|
|
|
static inline u16 amd_get_nb_id(int cpu) { return 0; }
|
|
|
|
|
static inline u32 amd_get_nodes_per_socket(void) { return 0; }
|
|
|
|
|
#endif
|
2009-09-16 03:33:40 -06:00
|
|
|
|
2013-07-25 02:54:32 -06:00
|
|
|
static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
|
|
|
|
|
{
|
|
|
|
|
uint32_t base, eax, signature[3];
|
|
|
|
|
|
|
|
|
|
for (base = 0x40000000; base < 0x40010000; base += 0x100) {
|
|
|
|
|
cpuid(base, &eax, &signature[0], &signature[1], &signature[2]);
|
|
|
|
|
|
|
|
|
|
if (!memcmp(sig, signature, 12) &&
|
|
|
|
|
(leaves == 0 || ((eax - base) >= leaves)))
|
|
|
|
|
return base;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-28 11:11:12 -06:00
|
|
|
extern unsigned long arch_align_stack(unsigned long sp);
|
2018-12-28 01:36:03 -07:00
|
|
|
void free_init_pages(const char *what, unsigned long begin, unsigned long end);
|
2018-08-02 16:58:29 -06:00
|
|
|
extern void free_kernel_image_pages(void *begin, void *end);
|
2012-03-28 11:11:12 -06:00
|
|
|
|
|
|
|
|
void default_idle(void);
|
2013-02-09 21:08:07 -07:00
|
|
|
#ifdef CONFIG_XEN
|
|
|
|
|
bool xen_set_default_idle(void);
|
|
|
|
|
#else
|
|
|
|
|
#define xen_set_default_idle 0
|
|
|
|
|
#endif
|
2012-03-28 11:11:12 -06:00
|
|
|
|
|
|
|
|
void stop_this_cpu(void *dummy);
|
2013-05-09 04:02:29 -06:00
|
|
|
void df_debug(struct pt_regs *regs, long error_code);
|
2018-02-16 04:26:39 -07:00
|
|
|
void microcode_check(void);
|
x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
Introduce the 'l1tf=' kernel command line option to allow for boot-time
switching of mitigation that is used on processors affected by L1TF.
The possible values are:
full
Provides all available mitigations for the L1TF vulnerability. Disables
SMT and enables all mitigations in the hypervisors. SMT control via
/sys/devices/system/cpu/smt/control is still possible after boot.
Hypervisors will issue a warning when the first VM is started in
a potentially insecure configuration, i.e. SMT enabled or L1D flush
disabled.
full,force
Same as 'full', but disables SMT control. Implies the 'nosmt=force'
command line option. sysfs control of SMT and the hypervisor flush
control is disabled.
flush
Leaves SMT enabled and enables the conditional hypervisor mitigation.
Hypervisors will issue a warning when the first VM is started in a
potentially insecure configuration, i.e. SMT enabled or L1D flush
disabled.
flush,nosmt
Disables SMT and enables the conditional hypervisor mitigation. SMT
control via /sys/devices/system/cpu/smt/control is still possible
after boot. If SMT is reenabled or flushing disabled at runtime
hypervisors will issue a warning.
flush,nowarn
Same as 'flush', but hypervisors will not warn when
a VM is started in a potentially insecure configuration.
off
Disables hypervisor mitigations and doesn't emit any warnings.
Default is 'flush'.
Let KVM adhere to these semantics, which means:
- 'lt1f=full,force' : Performe L1D flushes. No runtime control
possible.
- 'l1tf=full'
- 'l1tf-flush'
- 'l1tf=flush,nosmt' : Perform L1D flushes and warn on VM start if
SMT has been runtime enabled or L1D flushing
has been run-time enabled
- 'l1tf=flush,nowarn' : Perform L1D flushes and no warnings are emitted.
- 'l1tf=off' : L1D flushes are not performed and no warnings
are emitted.
KVM can always override the L1D flushing behavior using its 'vmentry_l1d_flush'
module parameter except when lt1f=full,force is set.
This makes KVM's private 'nosmt' option redundant, and as it is a bit
non-systematic anyway (this is something to control globally, not on
hypervisor level), remove that option.
Add the missing Documentation entry for the l1tf vulnerability sysfs file
while at it.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/20180713142323.202758176@linutronix.de
2018-07-13 08:23:25 -06:00
|
|
|
|
|
|
|
|
enum l1tf_mitigations {
|
|
|
|
|
L1TF_MITIGATION_OFF,
|
|
|
|
|
L1TF_MITIGATION_FLUSH_NOWARN,
|
|
|
|
|
L1TF_MITIGATION_FLUSH,
|
|
|
|
|
L1TF_MITIGATION_FLUSH_NOSMT,
|
|
|
|
|
L1TF_MITIGATION_FULL,
|
|
|
|
|
L1TF_MITIGATION_FULL_FORCE
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
extern enum l1tf_mitigations l1tf_mitigation;
|
|
|
|
|
|
2019-02-18 14:04:08 -07:00
|
|
|
enum mds_mitigations {
|
|
|
|
|
MDS_MITIGATION_OFF,
|
|
|
|
|
MDS_MITIGATION_FULL,
|
2019-02-20 01:40:40 -07:00
|
|
|
MDS_MITIGATION_VMWERV,
|
2019-02-18 14:04:08 -07:00
|
|
|
};
|
|
|
|
|
|
2008-10-22 23:26:29 -06:00
|
|
|
#endif /* _ASM_X86_PROCESSOR_H */
|