From patchwork Tue Aug 6 22:50:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1969708 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WdpSD5QQkz1ybS for ; Wed, 7 Aug 2024 08:50:52 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1sbT0t-0005c3-I5; Tue, 06 Aug 2024 22:50:43 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1sbT0r-0005bf-Gt for kernel-team@lists.ubuntu.com; Tue, 06 Aug 2024 22:50:41 +0000 Received: from mail-yw1-f200.google.com (mail-yw1-f200.google.com [209.85.128.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 58C2D3F287 for ; Tue, 6 Aug 2024 22:50:41 +0000 (UTC) Received: by mail-yw1-f200.google.com with SMTP id 00721157ae682-66628e9ec89so26663997b3.1 for ; Tue, 06 Aug 2024 15:50:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722984639; x=1723589439; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5zrYeyYzZiVJKRpQCsluhQotfktaDC5YkgAsBgsGuuM=; b=dFGmZg09RUeIqpIxodQ+2FkuqRzah4m4yxrkwoJc5TXJykiHX0nZcBb6TrjtUWHn/5 xLA2Pv8PfYD6w6RGG4lAxBQhjOsYPN1Z2UVQVvJ1PYLNsR/E00/lPnXuZrQVrHcPuBSL weUXuQZXmz8DgT+vj4+9WCAqyEw08EruPeWl3K/S4UjuqbhbkUWx+fCyuFkhsrM8SgWg 9szNi/EuwJaWu4KqWlcaDqatKBIUVtYXPdy0GEdGWiCYPnOgvvohntUvuQCp80JkKoEm JEP6LGxbSKptAi+h7p/2CFzzEoHxZE8jw2M1BZiTnmHlZkE+8YaC2Bi87k+rwEL3LfW6 64oQ== X-Gm-Message-State: AOJu0YwofrOy6cdksh7MjVfHPPfSJl8Vp/g0spsA8kYE/rst4LisVRnK Q3Po9iB7Z+Gq3P+zZlRPPt0KqXnCHBf3n6cSfxuAASGPP1qWap41Q+H4WTOTCNgtVh+ikRSRPaw TKQlNI2qlBW/qkF+TSq6FGc/RZmM6CBUpz561b1oJSbVfDZM4AgsHdcMvrgV5cBX4e5kMhGNn8S qhVQK+Qo0NRa1l X-Received: by 2002:a05:6902:1692:b0:e0b:eb96:fd95 with SMTP id 3f1490d57ef6-e0beb96ff07mr16083416276.19.1722984639417; Tue, 06 Aug 2024 15:50:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEIk6Aic5MEHsV7gTNOjlm1huCeVaiGkeWjOQ1A4aPhAPpC/AgXYi8ZqlVMS8fmt8IJxB70CA== X-Received: by 2002:a05:6902:1692:b0:e0b:eb96:fd95 with SMTP id 3f1490d57ef6-e0beb96ff07mr16083398276.19.1722984639067; Tue, 06 Aug 2024 15:50:39 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7a3785e5c54sm4550885a.48.2024.08.06.15.50.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 15:50:38 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [PATCH 2/8] x86: Introduce ia32_enabled() Date: Tue, 6 Aug 2024 18:50:27 -0400 Message-Id: <20240806225033.4181439-3-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240806225033.4181439-1-yuxuan.luo@canonical.com> References: <20240806225033.4181439-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Nikolay Borisov IA32 support on 64bit kernels depends on whether CONFIG_IA32_EMULATION is selected or not. As it is a compile time option it doesn't provide the flexibility to have distributions set their own policy for IA32 support and give the user the flexibility to override it. As a first step introduce ia32_enabled() which abstracts whether IA32 compat is turned on or off. Upcoming patches will implement the ability to set IA32 compat state at boot time. Signed-off-by: Nikolay Borisov Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/20230623111409.3047467-2-nik.borisov@suse.com (cherry picked from commit 1da5c9bc119d3a749b519596b93f9b2667e93c4a) CVE-2024-25744 Signed-off-by: Yuxuan Luo --- arch/x86/entry/common.c | 4 ++++ arch/x86/include/asm/ia32.h | 16 +++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c index e160f502d1dcf..3ea32cbca6513 100644 --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c @@ -96,6 +96,10 @@ static __always_inline int syscall_32_enter(struct pt_regs *regs) return (int)regs->orig_ax; } +#ifdef CONFIG_IA32_EMULATION +bool __ia32_enabled __ro_after_init = true; +#endif + /* * Invoke a 32-bit syscall. Called with IRQs on in CONTEXT_KERNEL. */ diff --git a/arch/x86/include/asm/ia32.h b/arch/x86/include/asm/ia32.h index fada857f0a1ed..5a2ae24b1204f 100644 --- a/arch/x86/include/asm/ia32.h +++ b/arch/x86/include/asm/ia32.h @@ -68,6 +68,20 @@ extern void ia32_pick_mmap_layout(struct mm_struct *mm); #endif -#endif /* CONFIG_IA32_EMULATION */ +extern bool __ia32_enabled; + +static inline bool ia32_enabled(void) +{ + return __ia32_enabled; +} + +#else /* !CONFIG_IA32_EMULATION */ + +static inline bool ia32_enabled(void) +{ + return IS_ENABLED(CONFIG_X86_32); +} + +#endif #endif /* _ASM_X86_IA32_H */