Merge branch 'x86/cpu' into perf/core, to pick up revert

perf/core has an earlier version of the x86/cpu tree merged, to avoid
conflicts, and due to this we want to pick up this ABI impacting
revert as well:

  049331f277fe: ("x86/fsgsbase: Revert FSGSBASE support")

Signed-off-by: Ingo Molnar <mingo@kernel.org>

3 files changed, 150 insertions, 41 deletions

diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile
index 186520198de7..fa07d526fe39 100644
--- a/tools/testing/selftests/x86/Makefile
+++ b/tools/testing/selftests/x86/Makefile
@@ -12,8 +12,9 @@ CAN_BUILD_WITH_NOPIE := $(shell ./check_cc.sh $(CC) trivial_program.c -no-pie)
 
 TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt test_mremap_vdso \
                         check_initial_reg_state sigreturn iopl mpx-mini-test ioperm \
-                        protection_keys test_vdso test_vsyscall mov_ss_trap
-TARGETS_C_32BIT_ONLY := entry_from_vm86 syscall_arg_fault test_syscall_vdso unwind_vdso \
+                        protection_keys test_vdso test_vsyscall mov_ss_trap \
+                        syscall_arg_fault
+TARGETS_C_32BIT_ONLY := entry_from_vm86 test_syscall_vdso unwind_vdso \
                         test_FCMOV test_FCOMI test_FISTTP \
                         vdso_restorer
 TARGETS_C_64BIT_ONLY := fsgsbase sysret_rip
diff --git a/tools/testing/selftests/x86/fsgsbase.c b/tools/testing/selftests/x86/fsgsbase.c
index 21fd4f94b5b0..5ab4c60c100e 100644
--- a/tools/testing/selftests/x86/fsgsbase.c
+++ b/tools/testing/selftests/x86/fsgsbase.c
@@ -35,6 +35,8 @@
 static volatile sig_atomic_t want_segv;
 static volatile unsigned long segv_addr;
 
+static unsigned short *shared_scratch;
+
 static int nerrs;
 
 static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
@@ -242,16 +244,11 @@ static void do_remote_base()
 
 static __thread int set_thread_area_entry_number = -1;
 
-static void do_unexpected_base(void)
+static unsigned short load_gs(void)
 {
         /*
-         * The goal here is to try to arrange for GS == 0, GSBASE !=
-         * 0, and for the the kernel the think that GSBASE == 0.
-         *
-         * To make the test as reliable as possible, this uses
-         * explicit descriptors.  (This is not the only way.  This
-         * could use ARCH_SET_GS with a low, nonzero base, but the
-         * relevant side effect of ARCH_SET_GS could change.)
+         * Sets GS != 0 and GSBASE != 0 but arranges for the kernel to think
+         * that GSBASE == 0 (i.e. thread.gsbase == 0).
          */
 
         /* Step 1: tell the kernel that we have GSBASE == 0. */
@@ -271,8 +268,9 @@ static void do_unexpected_base(void)
                 .useable         = 0
         };
         if (syscall(SYS_modify_ldt, 1, &desc, sizeof(desc)) == 0) {
-                printf("\tother thread: using LDT slot 0\n");
+                printf("\tusing LDT slot 0\n");
                 asm volatile ("mov %0, %%gs" : : "rm" ((unsigned short)0x7));
+                return 0x7;
         } else {
                 /* No modify_ldt for us (configured out, perhaps) */
 
@@ -294,20 +292,15 @@ static void do_unexpected_base(void)
 
                 if (ret != 0) {
                         printf("[NOTE]\tcould not create a segment -- test won't do anything\n");
-                        return;
+                        return 0;
                 }
-                printf("\tother thread: using GDT slot %d\n", desc.entry_number);
+                printf("\tusing GDT slot %d\n", desc.entry_number);
                 set_thread_area_entry_number = desc.entry_number;
 
-                asm volatile ("mov %0, %%gs" : : "rm" ((unsigned short)((desc.entry_number << 3) | 0x3)));
+                unsigned short gs = (unsigned short)((desc.entry_number << 3) | 0x3);
+                asm volatile ("mov %0, %%gs" : : "rm" (gs));
+                return gs;
         }
-
-        /*
-         * Step 3: set the selector back to zero.  On AMD chips, this will
-         * preserve GSBASE.
-         */
-
-        asm volatile ("mov %0, %%gs" : : "rm" ((unsigned short)0));
 }
 
 void test_wrbase(unsigned short index, unsigned long base)
@@ -346,12 +339,19 @@ static void *threadproc(void *ctx)
                 if (ftx == 3)
                         return NULL;
 
-                if (ftx == 1)
+                if (ftx == 1) {
                         do_remote_base();
-                else if (ftx == 2)
-                        do_unexpected_base();
-                else
+                } else if (ftx == 2) {
+                        /*
+                         * On AMD chips, this causes GSBASE != 0, GS == 0, and
+                         * thread.gsbase == 0.
+                         */
+
+                        load_gs();
+                        asm volatile ("mov %0, %%gs" : : "rm" ((unsigned short)0));
+                } else {
                         errx(1, "helper thread got bad command");
+                }
 
                 ftx = 0;
                 syscall(SYS_futex, &ftx, FUTEX_WAKE, 0, NULL, NULL, 0);
@@ -453,12 +453,7 @@ static void test_ptrace_write_gsbase(void)
         if (child == 0) {
                 printf("[RUN]\tPTRACE_POKE(), write GSBASE from ptracer\n");
 
-                /*
-                 * Use the LDT setup and fetch the GSBASE from the LDT
-                 * by switching to the (nonzero) selector (again)
-                 */
-                do_unexpected_base();
-                asm volatile ("mov %0, %%gs" : : "rm" ((unsigned short)0x7));
+                *shared_scratch = load_gs();
 
                 if (ptrace(PTRACE_TRACEME, 0, NULL, NULL) != 0)
                         err(1, "PTRACE_TRACEME");
@@ -476,7 +471,7 @@ static void test_ptrace_write_gsbase(void)
 
                 gs = ptrace(PTRACE_PEEKUSER, child, gs_offset, NULL);
 
-                if (gs != 0x7) {
+                if (gs != *shared_scratch) {
                         nerrs++;
                         printf("[FAIL]\tGS is not prepared with nonzero\n");
                         goto END;
@@ -494,16 +489,24 @@ static void test_ptrace_write_gsbase(void)
                  * selector value is changed or not by the GSBASE write in
                  * a ptracer.
                  */
-                if (gs != 0x7) {
+                if (gs != *shared_scratch) {
                         nerrs++;
                         printf("[FAIL]\tGS changed to %lx\n", gs);
+
+                        /*
+                         * On older kernels, poking a nonzero value into the
+                         * base would zero the selector.  On newer kernels,
+                         * this behavior has changed -- poking the base
+                         * changes only the base and, if FSGSBASE is not
+                         * available, this may have no effect.
+                         */
+                        if (gs == 0)
+                                printf("\tNote: this is expected behavior on older kernels.\n");
                 } else if (have_fsgsbase && (base != 0xFF)) {
                         nerrs++;
                         printf("[FAIL]\tGSBASE changed to %lx\n", base);
                 } else {
-                        printf("[OK]\tGS remained 0x7 %s");
-                        if (have_fsgsbase)
-                                printf("and GSBASE changed to 0xFF");
+                        printf("[OK]\tGS remained 0x%hx%s", *shared_scratch, have_fsgsbase ? " and GSBASE changed to 0xFF" : "");
                         printf("\n");
                 }
         }
@@ -516,6 +519,9 @@ int main()
 {
         pthread_t thread;
 
+        shared_scratch = mmap(NULL, 4096, PROT_READ | PROT_WRITE,
+                              MAP_ANONYMOUS | MAP_SHARED, -1, 0);
+
         /* Probe FSGSBASE */
         sethandler(SIGILL, sigill, 0);
         if (sigsetjmp(jmpbuf, 1) == 0) {
diff --git a/tools/testing/selftests/x86/syscall_arg_fault.c b/tools/testing/selftests/x86/syscall_arg_fault.c
index 4e25d38c8bbd..bc0ecc2e862e 100644
--- a/tools/testing/selftests/x86/syscall_arg_fault.c
+++ b/tools/testing/selftests/x86/syscall_arg_fault.c
@@ -15,9 +15,30 @@
 #include <setjmp.h>
 #include <errno.h>
 
+#ifdef __x86_64__
+# define WIDTH "q"
+#else
+# define WIDTH "l"
+#endif
+
 /* Our sigaltstack scratch space. */
 static unsigned char altstack_data[SIGSTKSZ];
 
+static unsigned long get_eflags(void)
+{
+        unsigned long eflags;
+        asm volatile ("pushf" WIDTH "\n\tpop" WIDTH " %0" : "=rm" (eflags));
+        return eflags;
+}
+
+static void set_eflags(unsigned long eflags)
+{
+        asm volatile ("push" WIDTH " %0\n\tpopf" WIDTH
+                      : : "rm" (eflags) : "flags");
+}
+
+#define X86_EFLAGS_TF (1UL << 8)
+
 static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
                        int flags)
 {
@@ -35,13 +56,22 @@ static sigjmp_buf jmpbuf;
 
 static volatile sig_atomic_t n_errs;
 
+#ifdef __x86_64__
+#define REG_AX REG_RAX
+#define REG_IP REG_RIP
+#else
+#define REG_AX REG_EAX
+#define REG_IP REG_EIP
+#endif
+
 static void sigsegv_or_sigbus(int sig, siginfo_t *info, void *ctx_void)
 {
         ucontext_t *ctx = (ucontext_t*)ctx_void;
+        long ax = (long)ctx->uc_mcontext.gregs[REG_AX];
 
-        if (ctx->uc_mcontext.gregs[REG_EAX] != -EFAULT) {
-                printf("[FAIL]\tAX had the wrong value: 0x%x\n",
-                       ctx->uc_mcontext.gregs[REG_EAX]);
+        if (ax != -EFAULT && ax != -ENOSYS) {
+                printf("[FAIL]\tAX had the wrong value: 0x%lx\n",
+                       (unsigned long)ax);
                 n_errs++;
         } else {
                 printf("[OK]\tSeems okay\n");
@@ -50,9 +80,42 @@ static void sigsegv_or_sigbus(int sig, siginfo_t *info, void *ctx_void)
         siglongjmp(jmpbuf, 1);
 }
 
+static volatile sig_atomic_t sigtrap_consecutive_syscalls;
+
+static void sigtrap(int sig, siginfo_t *info, void *ctx_void)
+{
+        /*
+         * KVM has some bugs that can cause us to stop making progress.
+         * detect them and complain, but don't infinite loop or fail the
+         * test.
+         */
+
+        ucontext_t *ctx = (ucontext_t*)ctx_void;
+        unsigned short *ip = (unsigned short *)ctx->uc_mcontext.gregs[REG_IP];
+
+        if (*ip == 0x340f || *ip == 0x050f) {
+                /* The trap was on SYSCALL or SYSENTER */
+                sigtrap_consecutive_syscalls++;
+                if (sigtrap_consecutive_syscalls > 3) {
+                        printf("[WARN]\tGot stuck single-stepping -- you probably have a KVM bug\n");
+                        siglongjmp(jmpbuf, 1);
+                }
+        } else {
+                sigtrap_consecutive_syscalls = 0;
+        }
+}
+
 static void sigill(int sig, siginfo_t *info, void *ctx_void)
 {
-        printf("[SKIP]\tIllegal instruction\n");
+        ucontext_t *ctx = (ucontext_t*)ctx_void;
+        unsigned short *ip = (unsigned short *)ctx->uc_mcontext.gregs[REG_IP];
+
+        if (*ip == 0x0b0f) {
+                /* one of the ud2 instructions faulted */
+                printf("[OK]\tSYSCALL returned normally\n");
+        } else {
+                printf("[SKIP]\tIllegal instruction\n");
+        }
         siglongjmp(jmpbuf, 1);
 }
 
@@ -120,9 +183,48 @@ int main()
                         "movl $-1, %%ebp\n\t"
                         "movl $-1, %%esp\n\t"
                         "syscall\n\t"
-                        "pushl $0"      /* make sure we segfault cleanly */
+                        "ud2"           /* make sure we recover cleanly */
+                        : : : "memory", "flags");
+        }
+
+        printf("[RUN]\tSYSENTER with TF and invalid state\n");
+        sethandler(SIGTRAP, sigtrap, SA_ONSTACK);
+
+        if (sigsetjmp(jmpbuf, 1) == 0) {
+                sigtrap_consecutive_syscalls = 0;
+                set_eflags(get_eflags() | X86_EFLAGS_TF);
+                asm volatile (
+                        "movl $-1, %%eax\n\t"
+                        "movl $-1, %%ebx\n\t"
+                        "movl $-1, %%ecx\n\t"
+                        "movl $-1, %%edx\n\t"
+                        "movl $-1, %%esi\n\t"
+                        "movl $-1, %%edi\n\t"
+                        "movl $-1, %%ebp\n\t"
+                        "movl $-1, %%esp\n\t"
+                        "sysenter"
+                        : : : "memory", "flags");
+        }
+        set_eflags(get_eflags() & ~X86_EFLAGS_TF);
+
+        printf("[RUN]\tSYSCALL with TF and invalid state\n");
+        if (sigsetjmp(jmpbuf, 1) == 0) {
+                sigtrap_consecutive_syscalls = 0;
+                set_eflags(get_eflags() | X86_EFLAGS_TF);
+                asm volatile (
+                        "movl $-1, %%eax\n\t"
+                        "movl $-1, %%ebx\n\t"
+                        "movl $-1, %%ecx\n\t"
+                        "movl $-1, %%edx\n\t"
+                        "movl $-1, %%esi\n\t"
+                        "movl $-1, %%edi\n\t"
+                        "movl $-1, %%ebp\n\t"
+                        "movl $-1, %%esp\n\t"
+                        "syscall\n\t"
+                        "ud2"           /* make sure we recover cleanly */
                         : : : "memory", "flags");
         }
+        set_eflags(get_eflags() & ~X86_EFLAGS_TF);
 
         return 0;
 }