tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'x86_entry_for_6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 entry updates from Dave Hansen:
"A pair of x86/entry updates.

The FRED one adjusts the kernel to the latest spec. The spec change
prevents attackers from abusing kernel entry points.

The second one came about because of the LASS work[1]. It moves the
vsyscall emulation code away from depending on X86_PF_INSTR which is
not available on some CPUs. Those CPUs are pretty obscure these days,
but this still seems like the right thing to do. It also makes this
code consistent with some things that the LASS code is going to do.

- Use RIP instead of X86_PF_INSTR for vsyscall emulation

- Remove ENDBR64 from FRED entry points"

Link: https://lore.kernel.org/lkml/20250620135325.3300848-1-kirill.shutemov@linux.intel.com/ [1]

* tag 'x86_entry_for_6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/fred: Remove ENDBR64 from FRED entry points
x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall

Linus Torvalds 7c738cb4 be786eba

+15 -4
+1 -1
arch/x86/entry/entry_64_fred.S
··· 16 16 17 17 .macro FRED_ENTER 18 18 UNWIND_HINT_END_OF_STACK 19 - ENDBR 19 + ANNOTATE_NOENDBR 20 20 PUSH_AND_CLEAR_REGS 21 21 movq %rsp, %rdi /* %rdi -> pt_regs */ 22 22 .endm
+14 -3
arch/x86/entry/vsyscall/vsyscall_64.c
··· 124 124 if ((error_code & (X86_PF_WRITE | X86_PF_USER)) != X86_PF_USER) 125 125 return false; 126 126 127 - if (!(error_code & X86_PF_INSTR)) { 127 + /* 128 + * Assume that faults at regs->ip are because of an 129 + * instruction fetch. Return early and avoid 130 + * emulation for faults during data accesses: 131 + */ 132 + if (address != regs->ip) { 128 133 /* Failed vsyscall read */ 129 134 if (vsyscall_mode == EMULATE) 130 135 return false; ··· 142 137 } 143 138 144 139 /* 140 + * X86_PF_INSTR is only set when NX is supported. When 141 + * available, use it to double-check that the emulation code 142 + * is only being used for instruction fetches: 143 + */ 144 + if (cpu_feature_enabled(X86_FEATURE_NX)) 145 + WARN_ON_ONCE(!(error_code & X86_PF_INSTR)); 146 + 147 + /* 145 148 * No point in checking CS -- the only way to get here is a user mode 146 149 * trap to a high address, which means that we're in 64-bit user code. 147 150 */ 148 - 149 - WARN_ON_ONCE(address != regs->ip); 150 151 151 152 if (vsyscall_mode == NONE) { 152 153 warn_bad_vsyscall(KERN_INFO, regs,