From patchwork Mon Apr 10 08:14:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Xin3" X-Patchwork-Id: 13206192 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 887A0C77B61 for ; Mon, 10 Apr 2023 08:43:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229708AbjDJInO (ORCPT ); Mon, 10 Apr 2023 04:43:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50624 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230000AbjDJIm3 (ORCPT ); Mon, 10 Apr 2023 04:42:29 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1BEE5FCD; Mon, 10 Apr 2023 01:41:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1681116077; x=1712652077; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=YkOYUeaNmXvaQHTm0febRcu8lP7lpU11uM/4zVeP9Zg=; b=F65AZPl4n5TPU/WE2Y7862BqXmYW+iWW1XpaexFWFjJTS3EX8yks7xrd vtXRNgdDGqDJAr4/sg+vOpjBizujb3amHljVjsp+CSvNz24anmZrhYUKO ASMlmIgq3+on+VPoUfHCuHmp6Blck/70b+q+dIWO7aYhW3I2418n/nbY7 y254PTa8u9wJcGp3Pbvzro8ESSBAVKkIRoV/mwxO+/aKeJ+7/BVQBTuGX woi0f+InuUhsaH2fdddn67CJyFkkJIpo/2oEXXFUHb6yBgQ5mQ6P+3zkn Xi0Y9Bo7G+3xAu32N256l+fEyCO1GFJ2/gYxaV497LermEd6ihtsZxzik A==; X-IronPort-AV: E=McAfee;i="6600,9927,10675"; a="342078205" X-IronPort-AV: E=Sophos;i="5.98,333,1673942400"; d="scan'208";a="342078205" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Apr 2023 01:41:08 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10675"; a="799436365" X-IronPort-AV: E=Sophos;i="5.98,333,1673942400"; d="scan'208";a="799436365" Received: from unknown (HELO fred..) ([172.25.112.68]) by fmsmga002.fm.intel.com with ESMTP; 10 Apr 2023 01:41:08 -0700 From: Xin Li To: linux-kernel@vger.kernel.org, x86@kernel.org, kvm@vger.kernel.org Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, peterz@infradead.org, andrew.cooper3@citrix.com, seanjc@google.com, pbonzini@redhat.com, ravi.v.shankar@intel.com, jiangshanlai@gmail.com, shan.kang@intel.com Subject: [PATCH v8 31/33] x86/fred: BUG() when ERETU with %rsp not equal to that when the ring 3 event was just delivered Date: Mon, 10 Apr 2023 01:14:36 -0700 Message-Id: <20230410081438.1750-32-xin3.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230410081438.1750-1-xin3.li@intel.com> References: <20230410081438.1750-1-xin3.li@intel.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org A FRED stack frame generated by a ring 3 event should never be messed up, and the first thing we must make sure is that at the time an ERETU instruction is executed, %rsp must have the same address as that when the user level event was just delivered. However we don't want to bother the normal code path of ERETU because it's on the hotest code path, a good choice is to do this check when ERETU faults. Suggested-by: H. Peter Anvin (Intel) Tested-by: Shan Kang Signed-off-by: Xin Li --- arch/x86/mm/extable.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c index 9d82193adf3c..be297d4b137b 100644 --- a/arch/x86/mm/extable.c +++ b/arch/x86/mm/extable.c @@ -204,6 +204,14 @@ static bool ex_handler_eretu(const struct exception_table_entry *fixup, unsigned short ss = uregs->ss; unsigned short cs = uregs->cs; + /* + * A FRED stack frame generated by a ring 3 event should never be + * messed up, and the first thing we must make sure is that at the + * time an ERETU instruction is executed, %rsp must have the same + * address as that when the user level event was just delivered. + */ + BUG_ON(uregs != current->thread_info.user_pt_regs); + /* * Move the NMI bit from the invalid stack frame, which caused ERETU * to fault, to the fault handler's stack frame, thus to unblock NMI