mirror of
https://github.com/torvalds/linux.git
synced 2026-05-31 02:24:24 +02:00
8376b503b0
Background
==========
The vsyscall page is located in the high/kernel part of the address
space. Prior to LASS, a vsyscall page access from userspace would always
generate a #PF. The kernel emulates the accesses in the #PF handler and
returns the appropriate values to userspace.
Vsyscall emulation has two modes of operation, specified by the
vsyscall={xonly, emulate} kernel command line option. The vsyscall page
behaves as execute-only in XONLY mode or read-execute in EMULATE mode.
XONLY mode is the default and the only one expected to be commonly used.
The EMULATE mode has been deprecated since 2022 and is considered
insecure.
With LASS, a vsyscall page access triggers a #GP instead of a #PF.
Currently, LASS is only enabled when all vsyscall modes are disabled.
LASS with XONLY mode
====================
Now add support for LASS specifically with XONLY vsyscall emulation. For
XONLY mode, all that is needed is the faulting RIP, which is trivially
available regardless of the type of fault. Reuse the #PF emulation code
during the #GP when the fault address points to the vsyscall page.
As multiple fault handlers will now be using the emulation code, add a
sanity check to ensure that the fault truly happened in 64-bit user
mode.
LASS with EMULATE mode
======================
Supporting vsyscall=emulate with LASS is much harder because the #GP
doesn't provide enough error information (such as PFEC and CR2 as in
case of a #PF). So, complex instruction decoding would be required to
emulate this mode in the #GP handler.
This isn't worth the effort as remaining users of EMULATE mode can be
reasonably assumed to be niche users, who are already trading off
security for compatibility. LASS and vsyscall=emulate will be kept
mutually exclusive for simplicity.
Signed-off-by: Sohil Mehta <sohil.mehta@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: H. Peter Anvin (Intel) <hpa@zytor.com>
Tested-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
Link: https://patch.msgid.link/20260309181029.398498-4-sohil.mehta@intel.com
43 lines
1.1 KiB
C
43 lines
1.1 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _ASM_X86_VSYSCALL_H
|
|
#define _ASM_X86_VSYSCALL_H
|
|
|
|
#include <linux/seqlock.h>
|
|
#include <uapi/asm/vsyscall.h>
|
|
#include <asm/page_types.h>
|
|
|
|
#ifdef CONFIG_X86_VSYSCALL_EMULATION
|
|
extern void map_vsyscall(void);
|
|
extern void set_vsyscall_pgtable_user_bits(pgd_t *root);
|
|
|
|
/*
|
|
* Called on instruction fetch fault in vsyscall page.
|
|
* Returns true if handled.
|
|
*/
|
|
bool emulate_vsyscall_pf(unsigned long error_code, struct pt_regs *regs, unsigned long address);
|
|
bool emulate_vsyscall_gp(struct pt_regs *regs);
|
|
#else
|
|
static inline void map_vsyscall(void) {}
|
|
static inline bool emulate_vsyscall_pf(unsigned long error_code,
|
|
struct pt_regs *regs, unsigned long address)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
static inline bool emulate_vsyscall_gp(struct pt_regs *regs)
|
|
{
|
|
return false;
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* The (legacy) vsyscall page is the long page in the kernel portion
|
|
* of the address space that has user-accessible permissions.
|
|
*/
|
|
static inline bool is_vsyscall_vaddr(unsigned long vaddr)
|
|
{
|
|
return unlikely((vaddr & PAGE_MASK) == VSYSCALL_ADDR);
|
|
}
|
|
|
|
#endif /* _ASM_X86_VSYSCALL_H */
|