From: Xin Li <xin3.li@intel.com>
To: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-edac@vger.kernel.org, linux-hyperv@vger.kernel.org,
kvm@vger.kernel.org, xen-devel@lists.xenproject.org
Cc: Jonathan Corbet <corbet@lwn.net>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H . Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>,
Oleg Nesterov <oleg@redhat.com>, Tony Luck <tony.luck@intel.com>,
"K . Y . Srinivasan" <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Sean Christopherson <seanjc@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Juergen Gross <jgross@suse.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>,
Josh Poimboeuf <jpoimboe@kernel.org>,
"Paul E . McKenney" <paulmck@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Randy Dunlap <rdunlap@infradead.org>,
Steven Rostedt <rostedt@goodmis.org>,
Kim Phillips <kim.phillips@amd.com>, Xin Li <xin3.li@intel.com>,
Hyeonggon Yoo <42.hyeyoo@gmail.com>,
"Liam R . Howlett" <Liam.Howlett@Oracle.com>,
Sebastian Reichel <sebastian.reichel@collabora.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Suren Baghdasaryan <surenb@google.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Jiaxi Chen <jiaxi.chen@linux.intel.com>,
Babu Moger <babu.moger@amd.com>,
Jim Mattson <jmattson@google.com>,
Sandipan Das <sandipan.das@amd.com>,
Lai Jiangshan <jiangshanlai@gmail.com>,
Hans de Goede <hdegoede@redhat.com>,
Reinette Chatre <reinette.chatre@intel.com>,
Daniel Sneddon <daniel.sneddon@linux.intel.com>,
Breno Leitao <leitao@debian.org>,
Nikunj A Dadhania <nikunj@amd.com>,
Brian Gerst <brgerst@gmail.com>,
Sami Tolvanen <samitolvanen@google.com>,
Alexander Potapenko <glider@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Arnd Bergmann <arnd@arndb.de>,
"Eric W . Biederman" <ebiederm@xmission.com>,
Kees Cook <keescook@chromium.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
Masahiro Yamada <masahiroy@kernel.org>,
Ze Gao <zegao2021@gmail.com>, Fei Li <fei1.li@intel.com>,
Conghui <conghui.chen@intel.com>, Ashok Raj <ashok.raj@intel.com>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Mark Rutland <mark.rutland@arm.com>,
Jacob Pan <jacob.jun.pan@linux.intel.com>,
Jiapeng Chong <jiapeng.chong@linux.alibaba.com>,
Jane Malalane <jane.malalane@citrix.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Yantengsi <siyanteng@loongson.cn>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Sathvika Vasireddy <sv@linux.ibm.com>
Subject: [PATCH v9 07/36] x86/cpu: Add X86_CR4_FRED macro
Date: Sun, 30 Jul 2023 23:32:48 -0700 [thread overview]
Message-ID: <20230731063317.3720-8-xin3.li@intel.com> (raw)
In-Reply-To: <20230731063317.3720-1-xin3.li@intel.com>
From: "H. Peter Anvin (Intel)" <hpa@zytor.com>
Add X86_CR4_FRED macro for the FRED bit in %cr4. This bit should be a
pinned bit, not to be changed after initialization.
CR4 macros are defined in arch/x86/include/uapi/asm/processor-flags.h,
which is uapi, and thus cannot depend on CONFIG_X86_64.
Using _BITUL() causes build errors on 32 bits, and there is no
guarantee that user space applications (e.g. something like Qemu)
might not want to use this declaration even when building for i386 or
x32.
However, %cr4 is a machine word (unsigned long), so to avoid build
warnings on 32 bits, explicitly cast the value to unsigned long,
truncating upper 32 bits.
The other alternative would be to use CONFIG_X86_64 around the
definition of cr4_pinned_mask. It is probably not desirable to make
cr4_pinned_mask non-const.
Another option, which may be preferable, to be honest: explicitly
enumerate the CR4 bits which *may* be changed (a whitelist), instead
of the ones that may not. That would be a separate, pre-FRED, patch,
and would automatically resolve this problem as a side effect.
The following flags probably should have been in this set all along,
as they are all controls affecting the kernel runtime environment as
opposed to user space:
X86_CR4_DE, X86_CR4_PAE, X86_CR4_PSE, X86_CR4_MCE, X86_CR4_PGE,
X86_CR4_OSFXSR, X86_CR4_OSXMMEXCPT, X86_CR4_LA57, X86_CR4_PCIDE,
X86_CR4_LAM_SUP
Possibly X86_CR4_VMXE as well, which seems harmless even if KVM is
not loaded; X86_CR4_PKE can be fixed as long as the PKE configuration
registers are at least initialized to disabled.
It is relatively simple to do an audit of which flags are allowed to
be modified at runtime and whitelist only those. There is no reason
why we should allow bits in CR4 to be toggled by default.
Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
Tested-by: Shan Kang <shan.kang@intel.com>
Signed-off-by: Xin Li <xin3.li@intel.com>
---
arch/x86/include/uapi/asm/processor-flags.h | 2 ++
arch/x86/kernel/cpu/common.c | 5 +++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/uapi/asm/processor-flags.h b/arch/x86/include/uapi/asm/processor-flags.h
index d898432947ff..ce08c2ca70b5 100644
--- a/arch/x86/include/uapi/asm/processor-flags.h
+++ b/arch/x86/include/uapi/asm/processor-flags.h
@@ -138,6 +138,8 @@
#define X86_CR4_CET _BITUL(X86_CR4_CET_BIT)
#define X86_CR4_LAM_SUP_BIT 28 /* LAM for supervisor pointers */
#define X86_CR4_LAM_SUP _BITUL(X86_CR4_LAM_SUP_BIT)
+#define X86_CR4_FRED_BIT 32 /* enable FRED kernel entry */
+#define X86_CR4_FRED _BITULL(X86_CR4_FRED_BIT)
/*
* x86-64 Task Priority Register, CR8
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 0ba1067f4e5f..331b06d19f7f 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -402,8 +402,9 @@ static __always_inline void setup_umip(struct cpuinfo_x86 *c)
/* These bits should not change their value after CPU init is finished. */
static const unsigned long cr4_pinned_mask =
- X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP |
- X86_CR4_FSGSBASE | X86_CR4_CET;
+ (unsigned long)
+ (X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP |
+ X86_CR4_FSGSBASE | X86_CR4_CET | X86_CR4_FRED);
static DEFINE_STATIC_KEY_FALSE_RO(cr_pinning);
static unsigned long cr4_pinned_bits __ro_after_init;
--
2.34.1
next prev parent reply other threads:[~2023-07-31 7:02 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-31 6:32 [PATCH v9 00/36] x86: enable FRED for x86-64 Xin Li
2023-07-31 6:32 ` [PATCH v9 01/36] Documentation/x86/64: Add documentation for FRED Xin Li
2023-07-31 6:32 ` [PATCH v9 02/36] x86/fred: Add Kconfig option for FRED (CONFIG_X86_FRED) Xin Li
2023-07-31 6:32 ` [PATCH v9 03/36] x86/fred: Disable FRED support if CONFIG_X86_FRED is disabled Xin Li
2023-07-31 6:32 ` [PATCH v9 04/36] x86/cpufeatures: Add the cpu feature bit for FRED Xin Li
2023-07-31 6:32 ` [PATCH v9 05/36] x86/opcode: Add ERETU, ERETS instructions to x86-opcode-map Xin Li
2023-07-31 9:43 ` Masami Hiramatsu
2023-07-31 16:36 ` Li, Xin3
2023-07-31 6:32 ` [PATCH v9 06/36] x86/objtool: Teach objtool about ERETU and ERETS Xin Li
2023-07-31 6:32 ` Xin Li [this message]
2023-07-31 6:32 ` [PATCH v9 08/36] x86/cpu: Add MSR numbers for FRED configuration Xin Li
2023-07-31 6:32 ` [PATCH v9 09/36] x86/fred: Make unions for the cs and ss fields in struct pt_regs Xin Li
2023-07-31 6:32 ` [PATCH v9 10/36] x86/fred: Add a new header file for FRED definitions Xin Li
2023-07-31 6:32 ` [PATCH v9 11/36] x86/fred: Reserve space for the FRED stack frame Xin Li
2023-07-31 6:32 ` [PATCH v9 12/36] x86/fred: Update MSR_IA32_FRED_RSP0 during task switch Xin Li
2023-07-31 6:32 ` [PATCH v9 13/36] x86/fred: Let ret_from_fork_asm() jmp to fred_exit_user when FRED is enabled Xin Li
2023-07-31 6:32 ` [PATCH v9 14/36] x86/fred: Disallow the swapgs instruction " Xin Li
2023-07-31 6:32 ` [PATCH v9 15/36] x86/fred: No ESPFIX needed " Xin Li
2023-07-31 6:32 ` [PATCH v9 16/36] x86/fred: Allow single-step trap and NMI when starting a new task Xin Li
2023-07-31 6:32 ` [PATCH v9 17/36] x86/fred: Define a common function type fred_handler Xin Li
2023-07-31 6:32 ` [PATCH v9 18/36] x86/fred: Add a page fault entry stub for FRED Xin Li
2023-07-31 6:33 ` [PATCH v9 19/36] x86/fred: Add a debug " Xin Li
2023-07-31 6:33 ` [PATCH v9 20/36] x86/fred: Add a NMI " Xin Li
2023-07-31 6:33 ` [PATCH v9 21/36] x86/fred: Add a machine check " Xin Li
2023-07-31 6:33 ` [PATCH v9 22/36] x86/fred: Add a double fault " Xin Li
2023-07-31 6:33 ` [PATCH v9 23/36] x86/entry: Remove idtentry_sysvec from entry_{32,64}.S Xin Li
2023-07-31 6:33 ` [PATCH v9 24/36] x86/idtentry: Incorporate definitions/declarations of the FRED external interrupt handler type Xin Li
2023-07-31 6:33 ` [PATCH v9 25/36] x86/traps: Add a system interrupt handler table for system interrupt dispatch Xin Li
2023-07-31 22:29 ` [PATCH v9 00/36] x86: enable FRED for x86-64 Sean Christopherson
2023-07-31 23:10 ` Li, Xin3
2023-07-31 23:17 ` Sean Christopherson
2023-07-31 23:56 ` Li, Xin3
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230731063317.3720-8-xin3.li@intel.com \
--to=xin3.li@intel.com \
--cc=42.hyeyoo@gmail.com \
--cc=Jason@zx2c4.com \
--cc=Liam.Howlett@Oracle.com \
--cc=acme@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=ashok.raj@intel.com \
--cc=babu.moger@amd.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=catalin.marinas@arm.com \
--cc=christophe.leroy@csgroup.eu \
--cc=conghui.chen@intel.com \
--cc=corbet@lwn.net \
--cc=daniel.sneddon@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=dwmw@amazon.co.uk \
--cc=ebiederm@xmission.com \
--cc=fei1.li@intel.com \
--cc=glider@google.com \
--cc=haiyangz@microsoft.com \
--cc=hdegoede@redhat.com \
--cc=hpa@zytor.com \
--cc=jacob.jun.pan@linux.intel.com \
--cc=jane.malalane@citrix.com \
--cc=jgross@suse.com \
--cc=jiangshanlai@gmail.com \
--cc=jiapeng.chong@linux.alibaba.com \
--cc=jiaxi.chen@linux.intel.com \
--cc=jmattson@google.com \
--cc=jpoimboe@kernel.org \
--cc=keescook@chromium.org \
--cc=kim.phillips@amd.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=kys@microsoft.com \
--cc=leitao@debian.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-edac@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=oleg@redhat.com \
--cc=oleksandr_tyshchenko@epam.com \
--cc=paulmck@kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rdunlap@infradead.org \
--cc=reinette.chatre@intel.com \
--cc=rostedt@goodmis.org \
--cc=samitolvanen@google.com \
--cc=sandipan.das@amd.com \
--cc=seanjc@google.com \
--cc=sebastian.reichel@collabora.com \
--cc=siyanteng@loongson.cn \
--cc=sstabellini@kernel.org \
--cc=surenb@google.com \
--cc=sv@linux.ibm.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
--cc=zegao2021@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).