Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
* Re: [RFC PATCH 1/7] x86/cpufeatures: add X86_FEATURE_SCI
@ 2020-06-30  0:08 hackapple
  2020-06-30 11:58 ` Mike Rapoport
  0 siblings, 1 reply; 3+ messages in thread
From: hackapple @ 2020-06-30  0:08 UTC (permalink / raw)
  To: rppt
  Cc: James.Bottomley, alexandre.chartre, bp, dave.hansen, hpa,
	jwadams, keescook, linux-kernel, linux-mm, linux-security-module,
	luto, mingo, peterz, pjt, tglx, x86

What’s the version of kernel?

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [RFC PATCH 1/7] x86/cpufeatures: add X86_FEATURE_SCI
  2020-06-30  0:08 [RFC PATCH 1/7] x86/cpufeatures: add X86_FEATURE_SCI hackapple
@ 2020-06-30 11:58 ` Mike Rapoport
  0 siblings, 0 replies; 3+ messages in thread
From: Mike Rapoport @ 2020-06-30 11:58 UTC (permalink / raw)
  To: hackapple
  Cc: James.Bottomley, alexandre.chartre, bp, dave.hansen, hpa,
	jwadams, keescook, linux-kernel, linux-mm, linux-security-module,
	luto, mingo, peterz, pjt, tglx, x86

On Tue, Jun 30, 2020 at 08:08:59AM +0800, hackapple wrote:
> What’s the version of kernel?

It was around 5.2 time frame, I think.

-- 
Sincerely yours,
Mike.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [RFC PATCH 1/7] x86/cpufeatures: add X86_FEATURE_SCI
  2019-04-25 21:45 [RFC PATCH 0/7] x86: introduce system calls addess space isolation Mike Rapoport
@ 2019-04-25 21:45 ` Mike Rapoport
  0 siblings, 0 replies; 3+ messages in thread
From: Mike Rapoport @ 2019-04-25 21:45 UTC (permalink / raw)
  To: linux-kernel
  Cc: Alexandre Chartre, Andy Lutomirski, Borislav Petkov, Dave Hansen,
	H. Peter Anvin, Ingo Molnar, James Bottomley, Jonathan Adams,
	Kees Cook, Paul Turner, Peter Zijlstra, Thomas Gleixner,
	linux-mm, linux-security-module, x86, Mike Rapoport

The X86_FEATURE_SCI will be set when system call isolation is enabled.

Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
---
 arch/x86/include/asm/cpufeatures.h       | 1 +
 arch/x86/include/asm/disabled-features.h | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 6d61225..a01c6dd 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -221,6 +221,7 @@
 #define X86_FEATURE_ZEN			( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */
 #define X86_FEATURE_L1TF_PTEINV		( 7*32+29) /* "" L1TF workaround PTE inversion */
 #define X86_FEATURE_IBRS_ENHANCED	( 7*32+30) /* Enhanced IBRS */
+#define X86_FEATURE_SCI			( 7*32+31) /* "" System call isolation */
 
 /* Virtualization flags: Linux defined, word 8 */
 #define X86_FEATURE_TPR_SHADOW		( 8*32+ 0) /* Intel TPR Shadow */
diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
index a5ea841..79947f0 100644
--- a/arch/x86/include/asm/disabled-features.h
+++ b/arch/x86/include/asm/disabled-features.h
@@ -62,6 +62,12 @@
 # define DISABLE_PTI		(1 << (X86_FEATURE_PTI & 31))
 #endif
 
+#ifdef CONFIG_SYSCALL_ISOLATION
+# define DISABLE_SCI		0
+#else
+# define DISABLE_SCI		(1 << (X86_FEATURE_SCI & 31))
+#endif
+
 /*
  * Make sure to add features to the correct mask
  */
@@ -72,7 +78,7 @@
 #define DISABLED_MASK4	(DISABLE_PCID)
 #define DISABLED_MASK5	0
 #define DISABLED_MASK6	0
-#define DISABLED_MASK7	(DISABLE_PTI)
+#define DISABLED_MASK7	(DISABLE_PTI|DISABLE_SCI)
 #define DISABLED_MASK8	0
 #define DISABLED_MASK9	(DISABLE_MPX|DISABLE_SMAP)
 #define DISABLED_MASK10	0
-- 
2.7.4


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-30  0:08 [RFC PATCH 1/7] x86/cpufeatures: add X86_FEATURE_SCI hackapple
2020-06-30 11:58 ` Mike Rapoport
  -- strict thread matches above, loose matches on Subject: below --
2019-04-25 21:45 [RFC PATCH 0/7] x86: introduce system calls addess space isolation Mike Rapoport
2019-04-25 21:45 ` [RFC PATCH 1/7] x86/cpufeatures: add X86_FEATURE_SCI Mike Rapoport

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org
	public-inbox-index linux-security-module

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git