diff options
| author | Jeremy Fitzhardinge <jeremy@goop.org> | 2008-06-25 00:19:30 -0400 |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2008-07-08 07:15:56 -0400 |
| commit | a00394f81f419beb6fb9f7023bd4d15913dc625d (patch) | |
| tree | 0faef5a52c4244173a3669bc646ef12bb79d6bc6 | |
| parent | 6680415481c7bd38967cf7488787f509f17ba307 (diff) | |
x86, 64-bit: swapgs pvop with a user-stack can never be called
It's never safe to call a swapgs pvop when the user stack is current -
it must be inline replaced. Rather than making a call, the
SWAPGS_UNSAFE_STACK pvop always just puts "swapgs" as a placeholder,
which must either be replaced inline or trap'n'emulated (somehow).
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Cc: xen-devel <xen-devel@lists.xensource.com>
Cc: Stephen Tweedie <sct@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Mark McLoughlin <markmc@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
| -rw-r--r-- | include/asm-x86/irqflags.h | 2 | ||||
| -rw-r--r-- | include/asm-x86/paravirt.h | 10 |
2 files changed, 11 insertions, 1 deletions
diff --git a/include/asm-x86/irqflags.h b/include/asm-x86/irqflags.h index ea9bd2635d59..d17e1f623dbb 100644 --- a/include/asm-x86/irqflags.h +++ b/include/asm-x86/irqflags.h | |||
| @@ -111,6 +111,7 @@ static inline unsigned long __raw_local_irq_save(void) | |||
| 111 | #define DISABLE_INTERRUPTS(x) cli | 111 | #define DISABLE_INTERRUPTS(x) cli |
| 112 | 112 | ||
| 113 | #ifdef CONFIG_X86_64 | 113 | #ifdef CONFIG_X86_64 |
| 114 | #define SWAPGS_UNSAFE_STACK swapgs | ||
| 114 | #define INTERRUPT_RETURN iretq | 115 | #define INTERRUPT_RETURN iretq |
| 115 | #define USERGS_SYSRET64 \ | 116 | #define USERGS_SYSRET64 \ |
| 116 | swapgs; \ | 117 | swapgs; \ |
| @@ -185,7 +186,6 @@ static inline void trace_hardirqs_fixup(void) | |||
| 185 | * Either way, this is a good way to document that we don't | 186 | * Either way, this is a good way to document that we don't |
| 186 | * have a reliable stack. x86_64 only. | 187 | * have a reliable stack. x86_64 only. |
| 187 | */ | 188 | */ |
| 188 | #define SWAPGS_UNSAFE_STACK swapgs | ||
| 189 | #define ARCH_TRACE_IRQS_ON call trace_hardirqs_on_thunk | 189 | #define ARCH_TRACE_IRQS_ON call trace_hardirqs_on_thunk |
| 190 | #define ARCH_TRACE_IRQS_OFF call trace_hardirqs_off_thunk | 190 | #define ARCH_TRACE_IRQS_OFF call trace_hardirqs_off_thunk |
| 191 | #define ARCH_LOCKDEP_SYS_EXIT call lockdep_sys_exit_thunk | 191 | #define ARCH_LOCKDEP_SYS_EXIT call lockdep_sys_exit_thunk |
diff --git a/include/asm-x86/paravirt.h b/include/asm-x86/paravirt.h index 33f72f8fe757..3286a0c63b42 100644 --- a/include/asm-x86/paravirt.h +++ b/include/asm-x86/paravirt.h | |||
| @@ -1522,6 +1522,16 @@ static inline unsigned long __raw_local_irq_save(void) | |||
| 1522 | 1522 | ||
| 1523 | 1523 | ||
| 1524 | #else /* !CONFIG_X86_32 */ | 1524 | #else /* !CONFIG_X86_32 */ |
| 1525 | |||
| 1526 | /* | ||
| 1527 | * If swapgs is used while the userspace stack is still current, | ||
| 1528 | * there's no way to call a pvop. The PV replacement *must* be | ||
| 1529 | * inlined, or the swapgs instruction must be trapped and emulated. | ||
| 1530 | */ | ||
| 1531 | #define SWAPGS_UNSAFE_STACK \ | ||
| 1532 | PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_swapgs), CLBR_NONE, \ | ||
| 1533 | swapgs) | ||
| 1534 | |||
| 1525 | #define SWAPGS \ | 1535 | #define SWAPGS \ |
| 1526 | PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_swapgs), CLBR_NONE, \ | 1536 | PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_swapgs), CLBR_NONE, \ |
| 1527 | PV_SAVE_REGS; \ | 1537 | PV_SAVE_REGS; \ |