Historically, IDT entries from usermode have always gone directly
to the running task's kernel stack. Rearrange it so that we enter on
a percpu trampoline stack and then manually switch to the task's stack.
This touches a couple of extra cachelines, but it gives us a chance
to run some code before we touch the kernel stack.
XXX: The asm is gross and needs some significant cleanup.
Signed-off-by: Andy Lutomirski <l...@kernel.org>
---
arch/x86/entry/entry_64.S | 61 ++++++++++++++++++++++++++++++++--------
arch/x86/entry/entry_64_compat.S | 4 +++
arch/x86/include/asm/switch_to.h | 2 +-
arch/x86/include/asm/traps.h | 1 -
arch/x86/kernel/cpu/common.c | 6 ++--
arch/x86/kernel/traps.c | 17 +++++------
6 files changed, 68 insertions(+), 23 deletions(-)
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index a2b30ec69497..9bd49bd79e9b 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -560,6 +560,14 @@ END(irq_entries_start)
.macro interrupt func
cld
ALLOC_PT_GPREGS_ON_STACK
+
+ testb $3, CS(%rsp)
+ jz 1f
+ SWAPGS
+ call switch_to_thread_stack
+ SWAPGS
+1:
+
SAVE_C_REGS
SAVE_EXTRA_REGS
ENCODE_FRAME_POINTER
@@ -827,6 +835,33 @@ apicinterrupt IRQ_WORK_VECTOR
irq_work_interrupt smp_irq_work_interrupt
*/
#define CPU_TSS_IST(x) PER_CPU_VAR(cpu_tss) + (TSS_ist + ((x) - 1) * 8)
+/*
+ * Switch to the thread stack. This is called with the IRET frame and
+ * orig_ax in pt_regs and the rest of pt_regs allocated, but with all GPRs
+ * in the CPU registers.
+ */
+ENTRY(switch_to_thread_stack)
+ UNWIND_HINT_IRET_REGS offset=17*8
+
+ movq %rdi, RDI+8(%rsp)
+ movq %rsp, %rdi
+ movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
+ UNWIND_HINT_IRET_REGS offset=17*8 base=%rdi
+
+ pushq SS+8(%rdi) /* regs->ss */
+ pushq RSP+8(%rdi) /* regs->rsp */
+ pushq EFLAGS+8(%rdi) /* regs->eflags */
+ pushq CS+8(%rdi) /* regs->cs */
+ pushq RIP+8(%rdi) /* regs->ip */
+ pushq ORIG_RAX+8(%rdi) /* regs->orig_ax */
+ ALLOC_PT_GPREGS_ON_STACK /* allocate the rest of regs */
+ pushq (%rdi) /* return address */
+
+ movq RDI+8(%rdi), %rdi
+ UNWIND_HINT_IRET_REGS offset=17*8
+ ret
+END(switch_to_thread_stack)
+
.macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
ENTRY(\sym)
UNWIND_HINT_IRET_REGS offset=\has_error_code*8
@@ -844,11 +879,12 @@ ENTRY(\sym)
ALLOC_PT_GPREGS_ON_STACK
- .if \paranoid
- .if \paranoid == 1
+ .if \paranoid < 2
testb $3, CS(%rsp) /* If coming from userspace,
switch stacks */
- jnz 1f
+ jnz .Lfrom_usermode_switch_stack_\@
.endif
+
+ .if \paranoid
call paranoid_entry
.else
call error_entry
@@ -890,20 +926,15 @@ ENTRY(\sym)
jmp error_exit
.endif
- .if \paranoid == 1
+ .if \paranoid < 2
/*
- * Paranoid entry from userspace. Switch stacks and treat it
+ * Entry from userspace. Switch stacks and treat it
* as a normal entry. This means that paranoid handlers
* run in real process context if user_mode(regs).
*/
-1:
+.Lfrom_usermode_switch_stack_\@:
call error_entry
-
- movq %rsp, %rdi /* pt_regs pointer */
- call sync_regs
- movq %rax, %rsp /* switch stack */
-
movq %rsp, %rdi /* pt_regs pointer */
.if \has_error_code
@@ -1164,6 +1195,14 @@ ENTRY(error_entry)
SWAPGS
.Lerror_entry_from_usermode_after_swapgs:
+ /* Put us onto the real thread stack. */
+ leaq 8(%rsp), %rdi /* pt_regs pointer */
+ movq (%rsp), %r12
+ call sync_regs
+ movq %rax, %rsp /* switch stack */
+ ENCODE_FRAME_POINTER
+ pushq %r12
+
/*
* We need to tell lockdep that IRQs are off. We can't do this until
* we fix gsbase, and we should do it before enter_from_user_mode
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
index dcc6987f9bae..20398e3c5e2e 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -297,6 +297,10 @@ ENTRY(entry_INT80_compat)
ASM_CLAC /* Do this early to minimize exposure */
SWAPGS
+ subq $16*8, %rsp
+ call switch_to_thread_stack
+ addq $16*8, %rsp
+
/*
* User tracing code (ptrace or signal handlers) might assume that
* the saved RAX contains a 32-bit number when we're invoking a 32-bit
diff --git a/arch/x86/include/asm/switch_to.h b/arch/x86/include/asm/switch_to.h
index 8c6bd6863db9..a6796ac8d311 100644
--- a/arch/x86/include/asm/switch_to.h
+++ b/arch/x86/include/asm/switch_to.h
@@ -93,7 +93,7 @@ static inline void update_sp0(struct task_struct *task)
#ifdef CONFIG_X86_32
load_sp0(task->thread.sp0);
#else
- load_sp0(task_top_of_stack(task));
+ /* On x86_64, sp0 always points to the entry trampoline stack. */
#endif
}
diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h
index 1fadd310ff68..31051f35cbb7 100644
--- a/arch/x86/include/asm/traps.h
+++ b/arch/x86/include/asm/traps.h
@@ -75,7 +75,6 @@ dotraplinkage void do_segment_not_present(struct pt_regs *,
long);
dotraplinkage void do_stack_segment(struct pt_regs *, long);
#ifdef CONFIG_X86_64
dotraplinkage void do_double_fault(struct pt_regs *, long);
-asmlinkage struct pt_regs *sync_regs(struct pt_regs *);
#endif
dotraplinkage void do_general_protection(struct pt_regs *, long);
dotraplinkage void do_page_fault(struct pt_regs *, unsigned long);
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index d551bb4339ec..ddf99d50c26c 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1646,11 +1646,13 @@ void cpu_init(void)
setup_cpu_entry_area(cpu);
/*
- * Initialize the TSS. Don't bother initializing sp0, as the initial
- * task never enters user mode.
+ * Initialize the TSS. sp0 points to the entry trampoline stack
+ * regardless of what task is running.
*/
set_tss_desc(cpu, &get_cpu_entry_area(cpu)->tss.x86_tss);
load_TR_desc();
+ load_sp0((unsigned long)&get_cpu_entry_area(cpu)->tss +
+ offsetofend(struct tss_struct, SYSENTER_stack));
load_mm_ldt(&init_mm);
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 1ea03027a4a9..e4a941be96cf 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -610,9 +610,10 @@ NOKPROBE_SYMBOL(do_int3);
* interrupted code was in user mode. The actual stack switch is done in
* entry_64.S
*/
-asmlinkage __visible notrace struct pt_regs *sync_regs(struct pt_regs *eregs)
+asmlinkage __visible notrace __no_sanitize_address
+struct pt_regs *sync_regs(struct pt_regs *eregs)
{
- struct pt_regs *regs = task_pt_regs(current);
+ struct pt_regs *regs = (struct pt_regs
*)this_cpu_read(cpu_current_top_of_stack) - 1;
*regs = *eregs;
return regs;
}
@@ -623,19 +624,19 @@ struct bad_iret_stack {
struct pt_regs regs;
};
-asmlinkage __visible notrace
+asmlinkage __visible notrace __no_sanitize_address
struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s)
{
/*
* This is called from entry_64.S early in handling a fault
* caused by a bad iret to user mode. To handle the fault
- * correctly, we want move our stack frame to task_pt_regs
- * and we want to pretend that the exception came from the
- * iret target.
+ * correctly, we want move our stack frame to where it would
+ * be had we entered directly on the entry stack (rather than
+ * just below the IRET frame) and we want to pretend that the
+ * exception came from the iret target.
*/
struct bad_iret_stack *new_stack =
- container_of(task_pt_regs(current),
- struct bad_iret_stack, regs);
+ (struct bad_iret_stack *)this_cpu_read(cpu_tss.x86_tss.sp0) - 1;
/* Copy the IRET target to the new stack. */
memmove(&new_stack->regs.ip, (void *)s->regs.sp, 5*8);
--
2.13.6
