Commit 0cf0da27 authored by Hugh Dickins's avatar Hugh Dickins Committed by Kleber Sacilotto de Souza

kaiser: tidied up asm/kaiser.h somewhat

Mainly deleting a surfeit of blank lines, and reflowing header comment.
Acked-by: default avatarJiri Kosina <jkosina@suse.cz>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>

CVE-2017-5754
Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 9816bcab
#ifndef _ASM_X86_KAISER_H #ifndef _ASM_X86_KAISER_H
#define _ASM_X86_KAISER_H #define _ASM_X86_KAISER_H
/*
/* This file includes the definitions for the KAISER feature. * This file includes the definitions for the KAISER feature.
* KAISER is a counter measure against x86_64 side channel attacks on the kernel virtual memory. * KAISER is a counter measure against x86_64 side channel attacks on
* It has a shodow-pgd for every process. the shadow-pgd has a minimalistic kernel-set mapped, * the kernel virtual memory. It has a shadow pgd for every process: the
* but includes the whole user memory. Within a kernel context switch, or when an interrupt is handled, * shadow pgd has a minimalistic kernel-set mapped, but includes the whole
* the pgd is switched to the normal one. When the system switches to user mode, the shadow pgd is enabled. * user memory. Within a kernel context switch, or when an interrupt is handled,
* By this, the virtual memory chaches are freed, and the user may not attack the whole kernel memory. * the pgd is switched to the normal one. When the system switches to user mode,
* the shadow pgd is enabled. By this, the virtual memory caches are freed,
* and the user may not attack the whole kernel memory.
* *
* A minimalistic kernel mapping holds the parts needed to be mapped in user mode, as the entry/exit functions * A minimalistic kernel mapping holds the parts needed to be mapped in user
* of the user space, or the stacks. * mode, such as the entry/exit functions of the user space, or the stacks.
*/ */
#ifdef __ASSEMBLY__ #ifdef __ASSEMBLY__
#ifdef CONFIG_KAISER #ifdef CONFIG_KAISER
...@@ -48,13 +50,10 @@ _SWITCH_TO_KERNEL_CR3 %rax ...@@ -48,13 +50,10 @@ _SWITCH_TO_KERNEL_CR3 %rax
movq PER_CPU_VAR(unsafe_stack_register_backup), %rax movq PER_CPU_VAR(unsafe_stack_register_backup), %rax
.endm .endm
.macro SWITCH_USER_CR3_NO_STACK .macro SWITCH_USER_CR3_NO_STACK
movq %rax, PER_CPU_VAR(unsafe_stack_register_backup) movq %rax, PER_CPU_VAR(unsafe_stack_register_backup)
_SWITCH_TO_USER_CR3 %rax _SWITCH_TO_USER_CR3 %rax
movq PER_CPU_VAR(unsafe_stack_register_backup), %rax movq PER_CPU_VAR(unsafe_stack_register_backup), %rax
.endm .endm
#else /* CONFIG_KAISER */ #else /* CONFIG_KAISER */
...@@ -72,7 +71,6 @@ movq PER_CPU_VAR(unsafe_stack_register_backup), %rax ...@@ -72,7 +71,6 @@ movq PER_CPU_VAR(unsafe_stack_register_backup), %rax
#else /* __ASSEMBLY__ */ #else /* __ASSEMBLY__ */
#ifdef CONFIG_KAISER #ifdef CONFIG_KAISER
/* /*
* Upon kernel/user mode switch, it may happen that the address * Upon kernel/user mode switch, it may happen that the address
...@@ -80,7 +78,6 @@ movq PER_CPU_VAR(unsafe_stack_register_backup), %rax ...@@ -80,7 +78,6 @@ movq PER_CPU_VAR(unsafe_stack_register_backup), %rax
* stored. To change the address space, another register is * stored. To change the address space, another register is
* needed. A register therefore has to be stored/restored. * needed. A register therefore has to be stored/restored.
*/ */
DECLARE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup); DECLARE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
/** /**
...@@ -95,7 +92,6 @@ DECLARE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup); ...@@ -95,7 +92,6 @@ DECLARE_PER_CPU_USER_MAPPED(unsigned long, unsafe_stack_register_backup);
*/ */
extern int kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags); extern int kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned long flags);
/** /**
* kaiser_remove_mapping - unmap a virtual memory part of the shadow mapping * kaiser_remove_mapping - unmap a virtual memory part of the shadow mapping
* @addr: the start address of the range * @addr: the start address of the range
...@@ -104,12 +100,12 @@ extern int kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned l ...@@ -104,12 +100,12 @@ extern int kaiser_add_mapping(unsigned long addr, unsigned long size, unsigned l
extern void kaiser_remove_mapping(unsigned long start, unsigned long size); extern void kaiser_remove_mapping(unsigned long start, unsigned long size);
/** /**
* kaiser_initialize_mapping - Initalize the shadow mapping * kaiser_init - Initialize the shadow mapping
* *
* Most parts of the shadow mapping can be mapped upon boot * Most parts of the shadow mapping can be mapped upon boot
* time. Only per-process things like the thread stacks * time. Only per-process things like the thread stacks
* or a new LDT have to be mapped at runtime. These boot- * or a new LDT have to be mapped at runtime. These boot-
* time mappings are permanent and nevertunmapped. * time mappings are permanent and never unmapped.
*/ */
extern void kaiser_init(void); extern void kaiser_init(void);
...@@ -117,6 +113,4 @@ extern void kaiser_init(void); ...@@ -117,6 +113,4 @@ extern void kaiser_init(void);
#endif /* __ASSEMBLY */ #endif /* __ASSEMBLY */
#endif /* _ASM_X86_KAISER_H */ #endif /* _ASM_X86_KAISER_H */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment