x86/entry: Move SYSENTER_stack to the beginning of struct tss_struct

SYSENTER_stack should have reliable overflow detection, which means that it needs to be at the bottom of a page, not the top. Move it to the beginning of struct tss_struct and page-align it. Also add an assertion to make sure that the fixed hardware TSS doesn't cross a page boundary. Signed-off-by: Andy Lutomirski <luto@kernel.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Borislav Petkov <bp@suse.de> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Borislav Petkov <bpetkov@suse.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: David Laight <David.Laight@aculab.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: Eduardo Valentin <eduval@amazon.com> Cc: Greg KH <gregkh@linuxfoundation.org> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Juergen Gross <jgross@suse.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Rik van Riel <riel@redhat.com> Cc: Will Deacon <will.deacon@arm.com> Cc: aliguori@amazon.com Cc: daniel.gruss@iaik.tugraz.at Cc: hughd@google.com Cc: keescook@google.com Link: https://lkml.kernel.org/r/20171204150605.881827433@linutronix.de Signed-off-by: Ingo Molnar <mingo@kernel.org>
2025-01-09 19:10:45 +00:00 · 2017-12-04 15:07:19 +01:00 · 2017-12-04 15:07:19 +01:00 · 1a935bc3d4
commit 1a935bc3d4
parent 6e60e58342
2 changed files with 33 additions and 9 deletions
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@ -332,7 +332,16 @@ struct x86_hw_tss {
 struct tss_struct {
 	/*
-	 * The hardware state:
+	 * Space for the temporary SYSENTER stack, used for SYSENTER
 	 * and the entry trampoline as well.
 	 */
 	unsigned long		SYSENTER_stack_canary;
 	unsigned long		SYSENTER_stack[64];
 	/*
 	 * The fixed hardware portion.  This must not cross a page boundary
 	 * at risk of violating the SDM's advice and potentially triggering
 	 * errata.
 	 */
 	struct x86_hw_tss	x86_tss;
@ -343,15 +352,9 @@ struct tss_struct {
 	 * be within the limit.
 	 */
 	unsigned long		io_bitmap[IO_BITMAP_LONGS + 1];
 } __aligned(PAGE_SIZE);
-	/*
+DECLARE_PER_CPU_PAGE_ALIGNED(struct tss_struct, cpu_tss);
 	 * Space for the temporary SYSENTER stack.
 	 */
 	unsigned long		SYSENTER_stack_canary;
 	unsigned long		SYSENTER_stack[64];
 } ____cacheline_aligned;
 DECLARE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss);
 /*
 * sizeof(unsigned long) coming from an extra "long" at the end
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@ -487,6 +487,27 @@ static inline void setup_cpu_entry_area(int cpu)
 #endif
 	__set_fixmap(get_cpu_entry_area_index(cpu, gdt), get_cpu_gdt_paddr(cpu), gdt_prot);
 	/*
 	 * The Intel SDM says (Volume 3, 7.2.1):
 	 *
 	 *  Avoid placing a page boundary in the part of the TSS that the
 	 *  processor reads during a task switch (the first 104 bytes). The
 	 *  processor may not correctly perform address translations if a
 	 *  boundary occurs in this area. During a task switch, the processor
 	 *  reads and writes into the first 104 bytes of each TSS (using
 	 *  contiguous physical addresses beginning with the physical address
 	 *  of the first byte of the TSS). So, after TSS access begins, if
 	 *  part of the 104 bytes is not physically contiguous, the processor
 	 *  will access incorrect information without generating a page-fault
 	 *  exception.
 	 *
 	 * There are also a lot of errata involving the TSS spanning a page
 	 * boundary.  Assert that we're not doing that.
 	 */
 	BUILD_BUG_ON((offsetof(struct tss_struct, x86_tss) ^
 		      offsetofend(struct tss_struct, x86_tss)) & PAGE_MASK);
 }
 /* Load the original GDT from the per-cpu structure */