diff options
| author | H. Peter Anvin <hpa@linux.intel.com> | 2012-09-21 15:43:12 -0400 |
|---|---|---|
| committer | H. Peter Anvin <hpa@linux.intel.com> | 2012-09-21 15:45:27 -0400 |
| commit | 63bcff2a307b9bcc712a8251eb27df8b2e117967 (patch) | |
| tree | 0a23a378d2c967edf63e9bb2b5df2288bf30859c /arch/x86/ia32/ia32entry.S | |
| parent | a052858fabb376b695f2c125633daa6728e0f284 (diff) | |
x86, smap: Add STAC and CLAC instructions to control user space access
When Supervisor Mode Access Prevention (SMAP) is enabled, access to
userspace from the kernel is controlled by the AC flag. To make the
performance of manipulating that flag acceptable, there are two new
instructions, STAC and CLAC, to set and clear it.
This patch adds those instructions, via alternative(), when the SMAP
feature is enabled. It also adds X86_EFLAGS_AC unconditionally to the
SYSCALL entry mask; there is simply no reason to make that one
conditional.
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Link: http://lkml.kernel.org/r/1348256595-29119-9-git-send-email-hpa@linux.intel.com
Diffstat (limited to 'arch/x86/ia32/ia32entry.S')
| -rw-r--r-- | arch/x86/ia32/ia32entry.S | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S index 20e5f7ba0e6b..9c289504e680 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S | |||
| @@ -14,6 +14,7 @@ | |||
| 14 | #include <asm/segment.h> | 14 | #include <asm/segment.h> |
| 15 | #include <asm/irqflags.h> | 15 | #include <asm/irqflags.h> |
| 16 | #include <asm/asm.h> | 16 | #include <asm/asm.h> |
| 17 | #include <asm/smap.h> | ||
| 17 | #include <linux/linkage.h> | 18 | #include <linux/linkage.h> |
| 18 | #include <linux/err.h> | 19 | #include <linux/err.h> |
| 19 | 20 | ||
| @@ -146,8 +147,10 @@ ENTRY(ia32_sysenter_target) | |||
| 146 | SAVE_ARGS 0,1,0 | 147 | SAVE_ARGS 0,1,0 |
| 147 | /* no need to do an access_ok check here because rbp has been | 148 | /* no need to do an access_ok check here because rbp has been |
| 148 | 32bit zero extended */ | 149 | 32bit zero extended */ |
| 150 | ASM_STAC | ||
| 149 | 1: movl (%rbp),%ebp | 151 | 1: movl (%rbp),%ebp |
| 150 | _ASM_EXTABLE(1b,ia32_badarg) | 152 | _ASM_EXTABLE(1b,ia32_badarg) |
| 153 | ASM_CLAC | ||
| 151 | orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) | 154 | orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) |
| 152 | testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) | 155 | testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) |
| 153 | CFI_REMEMBER_STATE | 156 | CFI_REMEMBER_STATE |
| @@ -301,8 +304,10 @@ ENTRY(ia32_cstar_target) | |||
| 301 | /* no need to do an access_ok check here because r8 has been | 304 | /* no need to do an access_ok check here because r8 has been |
| 302 | 32bit zero extended */ | 305 | 32bit zero extended */ |
| 303 | /* hardware stack frame is complete now */ | 306 | /* hardware stack frame is complete now */ |
| 307 | ASM_STAC | ||
| 304 | 1: movl (%r8),%r9d | 308 | 1: movl (%r8),%r9d |
| 305 | _ASM_EXTABLE(1b,ia32_badarg) | 309 | _ASM_EXTABLE(1b,ia32_badarg) |
| 310 | ASM_CLAC | ||
| 306 | orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) | 311 | orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) |
| 307 | testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) | 312 | testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) |
| 308 | CFI_REMEMBER_STATE | 313 | CFI_REMEMBER_STATE |
| @@ -365,6 +370,7 @@ cstar_tracesys: | |||
| 365 | END(ia32_cstar_target) | 370 | END(ia32_cstar_target) |
| 366 | 371 | ||
| 367 | ia32_badarg: | 372 | ia32_badarg: |
| 373 | ASM_CLAC | ||
| 368 | movq $-EFAULT,%rax | 374 | movq $-EFAULT,%rax |
| 369 | jmp ia32_sysret | 375 | jmp ia32_sysret |
| 370 | CFI_ENDPROC | 376 | CFI_ENDPROC |