All of lore.kernel.org
 help / color / mirror / Atom feed
From: Mike Rapoport <rppt@linux.ibm.com>
To: linux-kernel@vger.kernel.org
Cc: Alexandre Chartre <alexandre.chartre@oracle.com>,
	Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
	James Bottomley <James.Bottomley@hansenpartnership.com>,
	Jonathan Adams <jwadams@google.com>,
	Kees Cook <keescook@chromium.org>, Paul Turner <pjt@google.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	linux-mm@kvack.org, linux-security-module@vger.kernel.org,
	x86@kernel.org, Mike Rapoport <rppt@linux.ibm.com>
Subject: [RFC PATCH 1/7] x86/cpufeatures: add X86_FEATURE_SCI
Date: Fri, 26 Apr 2019 00:45:48 +0300	[thread overview]
Message-ID: <1556228754-12996-2-git-send-email-rppt@linux.ibm.com> (raw)
In-Reply-To: <1556228754-12996-1-git-send-email-rppt@linux.ibm.com>

The X86_FEATURE_SCI will be set when system call isolation is enabled.

Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
---
 arch/x86/include/asm/cpufeatures.h       | 1 +
 arch/x86/include/asm/disabled-features.h | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 6d61225..a01c6dd 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -221,6 +221,7 @@
 #define X86_FEATURE_ZEN			( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */
 #define X86_FEATURE_L1TF_PTEINV		( 7*32+29) /* "" L1TF workaround PTE inversion */
 #define X86_FEATURE_IBRS_ENHANCED	( 7*32+30) /* Enhanced IBRS */
+#define X86_FEATURE_SCI			( 7*32+31) /* "" System call isolation */
 
 /* Virtualization flags: Linux defined, word 8 */
 #define X86_FEATURE_TPR_SHADOW		( 8*32+ 0) /* Intel TPR Shadow */
diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
index a5ea841..79947f0 100644
--- a/arch/x86/include/asm/disabled-features.h
+++ b/arch/x86/include/asm/disabled-features.h
@@ -62,6 +62,12 @@
 # define DISABLE_PTI		(1 << (X86_FEATURE_PTI & 31))
 #endif
 
+#ifdef CONFIG_SYSCALL_ISOLATION
+# define DISABLE_SCI		0
+#else
+# define DISABLE_SCI		(1 << (X86_FEATURE_SCI & 31))
+#endif
+
 /*
  * Make sure to add features to the correct mask
  */
@@ -72,7 +78,7 @@
 #define DISABLED_MASK4	(DISABLE_PCID)
 #define DISABLED_MASK5	0
 #define DISABLED_MASK6	0
-#define DISABLED_MASK7	(DISABLE_PTI)
+#define DISABLED_MASK7	(DISABLE_PTI|DISABLE_SCI)
 #define DISABLED_MASK8	0
 #define DISABLED_MASK9	(DISABLE_MPX|DISABLE_SMAP)
 #define DISABLED_MASK10	0
-- 
2.7.4


  reply	other threads:[~2019-04-25 21:46 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-25 21:45 [RFC PATCH 0/7] x86: introduce system calls addess space isolation Mike Rapoport
2019-04-25 21:45 ` Mike Rapoport [this message]
2019-04-25 21:45 ` [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation Mike Rapoport
2019-04-26  7:49   ` Peter Zijlstra
2019-04-28  5:45     ` Mike Rapoport
2019-04-26  8:31   ` Ingo Molnar
2019-04-26  9:58     ` Ingo Molnar
2019-04-26 21:26       ` Andy Lutomirski
2019-04-26 21:26         ` Andy Lutomirski
2019-04-27  8:47         ` Ingo Molnar
2019-04-27 10:46           ` Ingo Molnar
2019-04-29 18:26             ` James Morris
2019-04-29 18:43               ` Andy Lutomirski
2019-04-29 18:43                 ` Andy Lutomirski
2019-04-29 18:46             ` Andy Lutomirski
2019-04-29 18:46               ` Andy Lutomirski
2019-04-30  5:03               ` Ingo Molnar
2019-04-30  9:38                 ` Peter Zijlstra
2019-04-30 11:05                   ` Ingo Molnar
2019-05-02 11:35             ` Robert O'Callahan
2019-05-02 11:35               ` Robert O'Callahan
2019-05-02 15:20               ` Ingo Molnar
2019-05-02 21:07                 ` Robert O'Callahan
2019-05-02 21:07                   ` Robert O'Callahan
2019-04-26 14:44     ` James Bottomley
2019-04-26 14:44       ` James Bottomley
2019-04-26 14:46   ` Dave Hansen
2019-04-26 14:57     ` James Bottomley
2019-04-26 14:57       ` James Bottomley
2019-04-26 15:07       ` Andy Lutomirski
2019-04-26 15:19         ` James Bottomley
2019-04-26 15:19           ` James Bottomley
2019-04-26 17:40           ` Andy Lutomirski
2019-04-26 18:49             ` James Bottomley
2019-04-26 18:49               ` James Bottomley
2019-04-26 19:22               ` Andy Lutomirski
2019-04-25 21:45 ` [RFC PATCH 3/7] x86/entry/64: add infrastructure for switching to isolated syscall context Mike Rapoport
2019-04-25 21:45 ` [RFC PATCH 4/7] x86/sci: hook up isolated system call entry and exit Mike Rapoport
2019-04-25 21:45 ` [RFC PATCH 5/7] x86/mm/fault: hook up SCI verification Mike Rapoport
2019-04-26  7:42   ` Peter Zijlstra
2019-04-28  5:47     ` Mike Rapoport
2019-04-30 16:44       ` Andy Lutomirski
2019-04-30 16:44         ` Andy Lutomirski
2019-05-01  5:39         ` Mike Rapoport
2019-04-25 21:45 ` [RFC PATCH 6/7] security: enable system call isolation in kernel config Mike Rapoport
2019-04-25 21:45 ` [RFC PATCH 7/7] sci: add example system calls to exercse SCI Mike Rapoport
2019-04-26  0:30 ` [RFC PATCH 0/7] x86: introduce system calls addess space isolation Andy Lutomirski
2019-04-26  0:30   ` Andy Lutomirski
2019-04-26  8:07   ` Jiri Kosina
2019-04-28  6:01   ` Mike Rapoport
2019-04-26 14:41 ` Dave Hansen
2019-04-28  6:08   ` Mike Rapoport
2020-06-30  0:08 [RFC PATCH 1/7] x86/cpufeatures: add X86_FEATURE_SCI hackapple
2020-06-30 11:58 ` Mike Rapoport

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1556228754-12996-2-git-send-email-rppt@linux.ibm.com \
    --to=rppt@linux.ibm.com \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=alexandre.chartre@oracle.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=jwadams@google.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=pjt@google.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.