Ensure that a core serializing instruction is issued before returning to user-mode. x86 implements return to user-space through sysexit, sysrel, and sysretq, which are not core serializing.
Signed-off-by: Mathieu Desnoyers <[email protected]> Acked-by: Peter Zijlstra (Intel) <[email protected]> CC: Thomas Gleixner <[email protected]> CC: Andy Lutomirski <[email protected]> CC: Paul E. McKenney <[email protected]> CC: Boqun Feng <[email protected]> CC: Andrew Hunter <[email protected]> CC: Maged Michael <[email protected]> CC: Avi Kivity <[email protected]> CC: Benjamin Herrenschmidt <[email protected]> CC: Paul Mackerras <[email protected]> CC: Michael Ellerman <[email protected]> CC: Dave Watson <[email protected]> CC: Ingo Molnar <[email protected]> CC: "H. Peter Anvin" <[email protected]> CC: Andrea Parri <[email protected]> CC: Russell King <[email protected]> CC: Greg Hackmann <[email protected]> CC: Will Deacon <[email protected]> CC: David Sehr <[email protected]> CC: Linus Torvalds <[email protected]> CC: Arnd Bergmann <[email protected]> CC: [email protected] CC: [email protected] --- Changes since v1: - Fix prototype of sync_core_before_usermode in generic code (missing return type). - Add linux/processor.h include to sched/core.c. - Add ARCH_HAS_SYNC_CORE_BEFORE_USERMODE to init/Kconfig. - Fix linux/processor.h ifdef to target CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE rather than ARCH_HAS_SYNC_CORE_BEFORE_USERMODE. - Move empty static inline in processor.h to generic patch. Changes since v2: - Introduce arch/x86/include/asm/sync_core.h - Don't sync_core when KPTI is enabled, and when invoked from irq and nmi context. - Note: v2 was reviewed by Thomas Gleixner, but changes were introduced since. --- arch/x86/Kconfig | 1 + arch/x86/include/asm/sync_core.h | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 arch/x86/include/asm/sync_core.h diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 20da391b5f32..0b44c8dd0e95 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -61,6 +61,7 @@ config X86 select ARCH_HAS_SG_CHAIN select ARCH_HAS_STRICT_KERNEL_RWX select ARCH_HAS_STRICT_MODULE_RWX + select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE select ARCH_HAS_UBSAN_SANITIZE_ALL select ARCH_HAS_ZONE_DEVICE if X86_64 select ARCH_HAVE_NMI_SAFE_CMPXCHG diff --git a/arch/x86/include/asm/sync_core.h b/arch/x86/include/asm/sync_core.h new file mode 100644 index 000000000000..c67caafd3381 --- /dev/null +++ b/arch/x86/include/asm/sync_core.h @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_X86_SYNC_CORE_H +#define _ASM_X86_SYNC_CORE_H + +#include <linux/preempt.h> +#include <asm/processor.h> +#include <asm/cpufeature.h> + +/* + * Ensure that a core serializing instruction is issued before returning + * to user-mode. x86 implements return to user-space through sysexit, + * sysrel, and sysretq, which are not core serializing. + */ +static inline void sync_core_before_usermode(void) +{ + /* With PTI, we unconditionally serialize before running user code. */ + if (static_cpu_has(X86_FEATURE_PTI)) + return; + /* + * Return from interrupt and NMI is done through iret, which is core + * serializing. + */ + if (in_irq() || in_nmi()) + return; + sync_core(); +} + +#endif /* _ASM_X86_SYNC_CORE_H */ -- 2.11.0
