diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-01 16:59:17 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-01 16:59:17 -0400 |
| commit | 15385dfe7e0fa6866b204dd0d14aec2cc48fc0a7 (patch) | |
| tree | 3ddcb000ec3b82f672fa892e8e44b1be4a5ebb33 /arch/x86/kernel/cpu/common.c | |
| parent | a57d985e378ca69f430b85852e4187db3698a89e (diff) | |
| parent | b2cc2a074de75671bbed5e2dda67a9252ef353ea (diff) | |
Merge branch 'x86-smap-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86/smap support from Ingo Molnar:
"This adds support for the SMAP (Supervisor Mode Access Prevention) CPU
feature on Intel CPUs: a hardware feature that prevents unintended
user-space data access from kernel privileged code.
It's turned on automatically when possible.
This, in combination with SMEP, makes it even harder to exploit kernel
bugs such as NULL pointer dereferences."
Fix up trivial conflict in arch/x86/kernel/entry_64.S due to newly added
includes right next to each other.
* 'x86-smap-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86, smep, smap: Make the switching functions one-way
x86, suspend: On wakeup always initialize cr4 and EFER
x86-32: Start out eflags and cr4 clean
x86, smap: Do not abuse the [f][x]rstor_checking() functions for user space
x86-32, smap: Add STAC/CLAC instructions to 32-bit kernel entry
x86, smap: Reduce the SMAP overhead for signal handling
x86, smap: A page fault due to SMAP is an oops
x86, smap: Turn on Supervisor Mode Access Prevention
x86, smap: Add STAC and CLAC instructions to control user space access
x86, uaccess: Merge prototypes for clear_user/__clear_user
x86, smap: Add a header file with macros for STAC/CLAC
x86, alternative: Add header guards to <asm/alternative-asm.h>
x86, alternative: Use .pushsection/.popsection
x86, smap: Add CR4 bit for SMAP
x86-32, mm: The WP test should be done on a kernel page
Diffstat (limited to 'arch/x86/kernel/cpu/common.c')
| -rw-r--r-- | arch/x86/kernel/cpu/common.c | 44 |
1 files changed, 29 insertions, 15 deletions
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 532691b6c8fe..7505f7b13e71 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c | |||
| @@ -259,23 +259,36 @@ static inline void squash_the_stupid_serial_number(struct cpuinfo_x86 *c) | |||
| 259 | } | 259 | } |
| 260 | #endif | 260 | #endif |
| 261 | 261 | ||
| 262 | static int disable_smep __cpuinitdata; | ||
| 263 | static __init int setup_disable_smep(char *arg) | 262 | static __init int setup_disable_smep(char *arg) |
| 264 | { | 263 | { |
| 265 | disable_smep = 1; | 264 | setup_clear_cpu_cap(X86_FEATURE_SMEP); |
| 266 | return 1; | 265 | return 1; |
| 267 | } | 266 | } |
| 268 | __setup("nosmep", setup_disable_smep); | 267 | __setup("nosmep", setup_disable_smep); |
| 269 | 268 | ||
| 270 | static __cpuinit void setup_smep(struct cpuinfo_x86 *c) | 269 | static __always_inline void setup_smep(struct cpuinfo_x86 *c) |
| 271 | { | 270 | { |
| 272 | if (cpu_has(c, X86_FEATURE_SMEP)) { | 271 | if (cpu_has(c, X86_FEATURE_SMEP)) |
| 273 | if (unlikely(disable_smep)) { | 272 | set_in_cr4(X86_CR4_SMEP); |
| 274 | setup_clear_cpu_cap(X86_FEATURE_SMEP); | 273 | } |
| 275 | clear_in_cr4(X86_CR4_SMEP); | 274 | |
| 276 | } else | 275 | static __init int setup_disable_smap(char *arg) |
| 277 | set_in_cr4(X86_CR4_SMEP); | 276 | { |
| 278 | } | 277 | setup_clear_cpu_cap(X86_FEATURE_SMAP); |
| 278 | return 1; | ||
| 279 | } | ||
| 280 | __setup("nosmap", setup_disable_smap); | ||
| 281 | |||
| 282 | static __always_inline void setup_smap(struct cpuinfo_x86 *c) | ||
| 283 | { | ||
| 284 | unsigned long eflags; | ||
| 285 | |||
| 286 | /* This should have been cleared long ago */ | ||
| 287 | raw_local_save_flags(eflags); | ||
| 288 | BUG_ON(eflags & X86_EFLAGS_AC); | ||
| 289 | |||
| 290 | if (cpu_has(c, X86_FEATURE_SMAP)) | ||
| 291 | set_in_cr4(X86_CR4_SMAP); | ||
| 279 | } | 292 | } |
| 280 | 293 | ||
| 281 | /* | 294 | /* |
| @@ -712,8 +725,6 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) | |||
| 712 | c->cpu_index = 0; | 725 | c->cpu_index = 0; |
| 713 | filter_cpuid_features(c, false); | 726 | filter_cpuid_features(c, false); |
| 714 | 727 | ||
| 715 | setup_smep(c); | ||
| 716 | |||
| 717 | if (this_cpu->c_bsp_init) | 728 | if (this_cpu->c_bsp_init) |
| 718 | this_cpu->c_bsp_init(c); | 729 | this_cpu->c_bsp_init(c); |
| 719 | } | 730 | } |
| @@ -798,8 +809,6 @@ static void __cpuinit generic_identify(struct cpuinfo_x86 *c) | |||
| 798 | c->phys_proc_id = c->initial_apicid; | 809 | c->phys_proc_id = c->initial_apicid; |
| 799 | } | 810 | } |
| 800 | 811 | ||
| 801 | setup_smep(c); | ||
| 802 | |||
| 803 | get_model_name(c); /* Default name */ | 812 | get_model_name(c); /* Default name */ |
| 804 | 813 | ||
| 805 | detect_nopl(c); | 814 | detect_nopl(c); |
| @@ -864,6 +873,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) | |||
| 864 | /* Disable the PN if appropriate */ | 873 | /* Disable the PN if appropriate */ |
| 865 | squash_the_stupid_serial_number(c); | 874 | squash_the_stupid_serial_number(c); |
| 866 | 875 | ||
| 876 | /* Set up SMEP/SMAP */ | ||
| 877 | setup_smep(c); | ||
| 878 | setup_smap(c); | ||
| 879 | |||
| 867 | /* | 880 | /* |
| 868 | * The vendor-specific functions might have changed features. | 881 | * The vendor-specific functions might have changed features. |
| 869 | * Now we do "generic changes." | 882 | * Now we do "generic changes." |
| @@ -1114,7 +1127,8 @@ void syscall_init(void) | |||
| 1114 | 1127 | ||
| 1115 | /* Flags to clear on syscall */ | 1128 | /* Flags to clear on syscall */ |
| 1116 | wrmsrl(MSR_SYSCALL_MASK, | 1129 | wrmsrl(MSR_SYSCALL_MASK, |
| 1117 | X86_EFLAGS_TF|X86_EFLAGS_DF|X86_EFLAGS_IF|X86_EFLAGS_IOPL); | 1130 | X86_EFLAGS_TF|X86_EFLAGS_DF|X86_EFLAGS_IF| |
| 1131 | X86_EFLAGS_IOPL|X86_EFLAGS_AC); | ||
| 1118 | } | 1132 | } |
| 1119 | 1133 | ||
| 1120 | /* | 1134 | /* |