Home Explore Help
Register Sign In
Apq
/
pve-edge-kernel
mirror of https://github.com/fabianishere/pve-edge-kernel.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 633c5ed17f
Branches Tags
pve-edge-kernel
/
patches
/
kernel
/
0210-x86-mm-Optimize-RESTORE_CR3.patch

0210-x86-mm-Optimize-RESTORE_CR3.patch 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127 
  1. From eb4a670cb54266bfab7bb4d9fd9e5da7b296ecdf Mon Sep 17 00:00:00 2001
    2. 

  2. From: Peter Zijlstra <[email protected]>
    3. 

  3. Date: Mon, 4 Dec 2017 15:08:00 +0100
    4. 

  4. Subject: [PATCH 210/242] x86/mm: Optimize RESTORE_CR3
    5. 

  5. MIME-Version: 1.0
    6. 

  6. Content-Type: text/plain; charset=UTF-8
    7. 

  7. Content-Transfer-Encoding: 8bit
    8. 

  8. 

  9. CVE-2017-5754
    10. 

  10. 

  11. Most NMI/paranoid exceptions will not in fact change pagetables and would
    12. 

  12. thus not require TLB flushing, however RESTORE_CR3 uses flushing CR3
    13. 

  13. writes.
    14. 

  14. 

  15. Restores to kernel PCIDs can be NOFLUSH, because we explicitly flush the
    16. 

  16. kernel mappings and now that we track which user PCIDs need flushing we can
    17. 

  17. avoid those too when possible.
    18. 

  18. 

  19. This does mean RESTORE_CR3 needs an additional scratch_reg, luckily both
    20. 

  20. sites have plenty available.
    21. 

  21. 

  22. Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
    23. 

  23. Signed-off-by: Thomas Gleixner <[email protected]>
    24. 

  24. Cc: Andy Lutomirski <[email protected]>
    25. 

  25. Cc: Boris Ostrovsky <[email protected]>
    26. 

  26. Cc: Borislav Petkov <[email protected]>
    27. 

  27. Cc: Brian Gerst <[email protected]>
    28. 

  28. Cc: Dave Hansen <[email protected]>
    29. 

  29. Cc: David Laight <[email protected]>
    30. 

  30. Cc: Denys Vlasenko <[email protected]>
    31. 

  31. Cc: Eduardo Valentin <[email protected]>
    32. 

  32. Cc: Greg KH <[email protected]>
    33. 

  33. Cc: H. Peter Anvin <[email protected]>
    34. 

  34. Cc: Josh Poimboeuf <[email protected]>
    35. 

  35. Cc: Juergen Gross <[email protected]>
    36. 

  36. Cc: Linus Torvalds <[email protected]>
    37. 

  37. Cc: Peter Zijlstra <[email protected]>
    38. 

  38. Cc: Will Deacon <[email protected]>
    39. 

  39. Cc: [email protected]
    40. 

  40. Cc: [email protected]
    41. 

  41. Cc: [email protected]
    42. 

  42. Cc: [email protected]
    43. 

  43. Signed-off-by: Ingo Molnar <[email protected]>
    44. 

  44. (cherry picked from commit 21e94459110252d41b45c0c8ba50fd72a664d50c)
    45. 

  45. Signed-off-by: Andy Whitcroft <[email protected]>
    46. 

  46. Signed-off-by: Kleber Sacilotto de Souza <[email protected]>
    47. 

  47. (cherry picked from commit 6ebe6e2896841282357d43c09394b0ca47c41e4a)
    48. 

  48. Signed-off-by: Fabian Grünbichler <[email protected]>
    49. 

  49. ---
    50. 

  50.  arch/x86/entry/calling.h  | 30 ++++++++++++++++++++++++++++--
    51. 

  51.  arch/x86/entry/entry_64.S |  4 ++--
    52. 

  52.  2 files changed, 30 insertions(+), 4 deletions(-)
    53. 

  53. 

  54. diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h
    55. 

  55. index ce5fb309926d..015e0a84bb99 100644
    56. 

  56. --- a/arch/x86/entry/calling.h
    57. 

  57. +++ b/arch/x86/entry/calling.h
    58. 

  58. @@ -280,8 +280,34 @@ For 32-bit we have the following conventions - kernel is built with
    59. 

  59.  .Ldone_\@:
    60. 

  60.  .endm
    61. 

  61.  
    62. 

  62. -.macro RESTORE_CR3 save_reg:req
    63. 

  63. +.macro RESTORE_CR3 scratch_reg:req save_reg:req
    64. 

  64.  	ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_PTI
    65. 

  65. +
    66. 

  66. +	ALTERNATIVE "jmp .Lwrcr3_\@", "", X86_FEATURE_PCID
    67. 

  67. +
    68. 

  68. +	/*
    69. 

  69. +	 * KERNEL pages can always resume with NOFLUSH as we do
    70. 

  70. +	 * explicit flushes.
    71. 

  71. +	 */
    72. 

  72. +	bt	$X86_CR3_PTI_SWITCH_BIT, \save_reg
    73. 

  73. +	jnc	.Lnoflush_\@
    74. 

  74. +
    75. 

  75. +	/*
    76. 

  76. +	 * Check if there's a pending flush for the user ASID we're
    77. 

  77. +	 * about to set.
    78. 

  78. +	 */
    79. 

  79. +	movq	\save_reg, \scratch_reg
    80. 

  80. +	andq	$(0x7FF), \scratch_reg
    81. 

  81. +	bt	\scratch_reg, THIS_CPU_user_pcid_flush_mask
    82. 

  82. +	jnc	.Lnoflush_\@
    83. 

  83. +
    84. 

  84. +	btr	\scratch_reg, THIS_CPU_user_pcid_flush_mask
    85. 

  85. +	jmp	.Lwrcr3_\@
    86. 

  86. +
    87. 

  87. +.Lnoflush_\@:
    88. 

  88. +	SET_NOFLUSH_BIT \save_reg
    89. 

  89. +
    90. 

  90. +.Lwrcr3_\@:
    91. 

  91.  	/*
    92. 

  92.  	 * The CR3 write could be avoided when not changing its value,
    93. 

  93.  	 * but would require a CR3 read *and* a scratch register.
    94. 

  94. @@ -300,7 +326,7 @@ For 32-bit we have the following conventions - kernel is built with
    95. 

  95.  .endm
    96. 

  96.  .macro SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg:req save_reg:req
    97. 

  97.  .endm
    98. 

  98. -.macro RESTORE_CR3 save_reg:req
    99. 

  99. +.macro RESTORE_CR3 scratch_reg:req save_reg:req
    100. 

  100.  .endm
    101. 

  101.  
    102. 

  102.  #endif
    103. 

  103. diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
    104. 

  104. index fb43f14ed299..b48f2c78a9bf 100644
    105. 

  105. --- a/arch/x86/entry/entry_64.S
    106. 

  106. +++ b/arch/x86/entry/entry_64.S
    107. 

  107. @@ -1300,7 +1300,7 @@ ENTRY(paranoid_exit)
    108. 

  108.  	testl	%ebx, %ebx			/* swapgs needed? */
    109. 

  109.  	jnz	.Lparanoid_exit_no_swapgs
    110. 

  110.  	TRACE_IRQS_IRETQ
    111. 

  111. -	RESTORE_CR3	save_reg=%r14
    112. 

  112. +	RESTORE_CR3	scratch_reg=%rbx save_reg=%r14
    113. 

  113.  	SWAPGS_UNSAFE_STACK
    114. 

  114.  	jmp	.Lparanoid_exit_restore
    115. 

  115.  .Lparanoid_exit_no_swapgs:
    116. 

  116. @@ -1742,7 +1742,7 @@ end_repeat_nmi:
    117. 

  117.  	movq	$-1, %rsi
    118. 

  118.  	call	do_nmi
    119. 

  119.  
    120. 

  120. -	RESTORE_CR3 save_reg=%r14
    121. 

  121. +	RESTORE_CR3 scratch_reg=%r15 save_reg=%r14
    122. 

  122.  
    123. 

  123.  	testl	%ebx, %ebx			/* swapgs needed? */
    124. 

  124.  	jnz	nmi_restore
    125. 

  125. -- 
    126. 

  126. 2.14.2
    127. 

  127.