1 files changed, 53 insertions, 29 deletions
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index cc16fa882e3e..d3a67fba200a 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -163,9 +163,9 @@ enum cpuid_regs_idx {
 extern struct cpuinfo_x86       boot_cpu_data;
 extern struct cpuinfo_x86       new_cpu_data;
-extern struct tss_struct        doublefault_tss;
+extern struct x86_hw_tss        doublefault_tss;
-extern __u32                    cpu_caps_cleared[NCAPINTS];
+extern __u32                    cpu_caps_cleared[NCAPINTS + NBUGINTS];
-extern __u32                    cpu_caps_set[NCAPINTS];
+extern __u32                    cpu_caps_set[NCAPINTS + NBUGINTS];
 #ifdef CONFIG_SMP
 DECLARE_PER_CPU_READ_MOSTLY(struct cpuinfo_x86, cpu_info);
@@ -253,6 +253,11 @@ static inline void load_cr3(pgd_t *pgdir)
        write_cr3(__sme_pa(pgdir));
 }
+/*
+ * Note that while the legacy 'TSS' name comes from 'Task State Segment',
+ * on modern x86 CPUs the TSS also holds information important to 64-bit mode,
+ * unrelated to the task-switch mechanism:
+ */
 #ifdef CONFIG_X86_32
 /* This is the TSS defined by the hardware. */
 struct x86_hw_tss {
@@ -305,7 +310,13 @@ struct x86_hw_tss {
 struct x86_hw_tss {
        u32                     reserved1;
        u64                     sp0;
+        /*
+         * We store cpu_current_top_of_stack in sp1 so it's always accessible.
+         * Linux does not use ring 1, so sp1 is not otherwise needed.
+         */
        u64                     sp1;
        u64                     sp2;
        u64                     reserved2;
        u64                     ist[7];
@@ -323,12 +334,22 @@ struct x86_hw_tss {
 #define IO_BITMAP_BITS                  65536
 #define IO_BITMAP_BYTES                 (IO_BITMAP_BITS/8)
 #define IO_BITMAP_LONGS                 (IO_BITMAP_BYTES/sizeof(long))
-#define IO_BITMAP_OFFSET                offsetof(struct tss_struct, io_bitmap)
+#define IO_BITMAP_OFFSET                (offsetof(struct tss_struct, io_bitmap) - offsetof(struct tss_struct, x86_tss))
 #define INVALID_IO_BITMAP_OFFSET        0x8000
+struct entry_stack {
+        unsigned long           words[64];
+};
+struct entry_stack_page {
+        struct entry_stack stack;
+} __aligned(PAGE_SIZE);
 struct tss_struct {
        /*
-         * The hardware state:
+         * The fixed hardware portion.  This must not cross a page boundary
+         * at risk of violating the SDM's advice and potentially triggering
+         * errata.
         */
        struct x86_hw_tss       x86_tss;
@@ -339,18 +360,9 @@ struct tss_struct {
         * be within the limit.
         */
        unsigned long           io_bitmap[IO_BITMAP_LONGS + 1];
+} __aligned(PAGE_SIZE);
-#ifdef CONFIG_X86_32
+DECLARE_PER_CPU_PAGE_ALIGNED(struct tss_struct, cpu_tss_rw);
-        /*
-         * Space for the temporary SYSENTER stack.
-         */
-        unsigned long           SYSENTER_stack_canary;
-        unsigned long           SYSENTER_stack[64];
-#endif
-} ____cacheline_aligned;
-DECLARE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss);
 /*
 * sizeof(unsigned long) coming from an extra "long" at the end
@@ -364,6 +376,9 @@ DECLARE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss);
 #ifdef CONFIG_X86_32
 DECLARE_PER_CPU(unsigned long, cpu_current_top_of_stack);
+#else
+/* The RO copy can't be accessed with this_cpu_xyz(), so use the RW copy. */
+#define cpu_current_top_of_stack cpu_tss_rw.x86_tss.sp1
 #endif
 /*
@@ -523,7 +538,7 @@ static inline void native_set_iopl_mask(unsigned mask)
 static inline void
 native_load_sp0(unsigned long sp0)
 {
-        this_cpu_write(cpu_tss.x86_tss.sp0, sp0);
+        this_cpu_write(cpu_tss_rw.x86_tss.sp0, sp0);
 }
 static inline void native_swapgs(void)
@@ -535,12 +550,12 @@ static inline void native_swapgs(void)
 static inline unsigned long current_top_of_stack(void)
 {
-#ifdef CONFIG_X86_64
+        /*
-        return this_cpu_read_stable(cpu_tss.x86_tss.sp0);
+         *  We can't read directly from tss.sp0: sp0 on x86_32 is special in
-#else
+         *  and around vm86 mode and sp0 on x86_64 is special because of the
-        /* sp0 on x86_32 is special in and around vm86 mode. */
+         *  entry trampoline.
+         */
        return this_cpu_read_stable(cpu_current_top_of_stack);
-#endif
 }
 static inline bool on_thread_stack(void)
@@ -837,13 +852,22 @@ static inline void spin_lock_prefetch(const void *x)
 #else
 /*
- * User space process size. 47bits minus one guard page.  The guard
+ * User space process size.  This is the first address outside the user range.
- * page is necessary on Intel CPUs: if a SYSCALL instruction is at
+ * There are a few constraints that determine this:
- * the highest possible canonical userspace address, then that
+ *
- * syscall will enter the kernel with a non-canonical return
+ * On Intel CPUs, if a SYSCALL instruction is at the highest canonical
- * address, and SYSRET will explode dangerously.  We avoid this
+ * address, then that syscall will enter the kernel with a
- * particular problem by preventing anything from being mapped
+ * non-canonical return address, and SYSRET will explode dangerously.
- * at the maximum canonical address.
+ * We avoid this particular problem by preventing anything executable
+ * from being mapped at the maximum canonical address.
+ *
+ * On AMD CPUs in the Ryzen family, there's a nasty bug in which the
+ * CPUs malfunction if they execute code from the highest canonical page.
+ * They'll speculate right off the end of the canonical space, and
+ * bad things happen.  This is worked around in the same way as the
+ * Intel problem.
+ *
+ * With page table isolation enabled, we map the LDT in ... [stay tuned]
 */
 #define TASK_SIZE_MAX   ((1UL << __VIRTUAL_MASK_SHIFT) - PAGE_SIZE)