Skip to content

Commit 16561f2

Browse files
hansendcKAGA-KOKO
hansendc
authored and
KAGA-KOKO
committed
x86/entry: Add some paranoid entry/exit CR3 handling comments
Andi Kleen was just asking me about the NMI CR3 handling and why we restore it unconditionally. I was *sure* we had documented it well. We did not. Add some documentation. We have common entry code where the CR3 value is stashed, but three places in two big code paths where we restore it. I put bulk of the comments in this common path and then refer to it from the other spots. Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: luto@kernel.org Cc: bp@alien8.de Cc: "H. Peter Anvin" <hpa@zytor.come Cc: Andy Lutomirski <luto@kernel.org> Cc: Borislav Petkov <bp@alien8.de> Link: https://lkml.kernel.org/r/20181012232118.3EAAE77B@viggo.jf.intel.com
1 parent b59167a commit 16561f2

File tree

1 file changed

+15
-0
lines changed

1 file changed

+15
-0
lines changed

arch/x86/entry/entry_64.S

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1187,6 +1187,18 @@ ENTRY(paranoid_entry)
11871187
xorl %ebx, %ebx
11881188

11891189
1:
1190+
/*
1191+
* Always stash CR3 in %r14. This value will be restored,
1192+
* verbatim, at exit. Needed if kernel is interrupted
1193+
* after switching to the user CR3 value but before
1194+
* returning to userspace.
1195+
*
1196+
* This is also why CS (stashed in the "iret frame" by the
1197+
* hardware at entry) can not be used: this may be a return
1198+
* to kernel code, but with a user CR3 value. The %ebx flag
1199+
* for SWAPGS is also unusable for CR3 because there is a
1200+
* window with a user GS and a kernel CR3.
1201+
*/
11901202
SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg=%rax save_reg=%r14
11911203

11921204
ret
@@ -1211,11 +1223,13 @@ ENTRY(paranoid_exit)
12111223
testl %ebx, %ebx /* swapgs needed? */
12121224
jnz .Lparanoid_exit_no_swapgs
12131225
TRACE_IRQS_IRETQ
1226+
/* Always restore stashed CR3 value (see paranoid_entry) */
12141227
RESTORE_CR3 scratch_reg=%rbx save_reg=%r14
12151228
SWAPGS_UNSAFE_STACK
12161229
jmp .Lparanoid_exit_restore
12171230
.Lparanoid_exit_no_swapgs:
12181231
TRACE_IRQS_IRETQ_DEBUG
1232+
/* Always restore stashed CR3 value (see paranoid_entry) */
12191233
RESTORE_CR3 scratch_reg=%rbx save_reg=%r14
12201234
.Lparanoid_exit_restore:
12211235
jmp restore_regs_and_return_to_kernel
@@ -1626,6 +1640,7 @@ end_repeat_nmi:
16261640
movq $-1, %rsi
16271641
call do_nmi
16281642

1643+
/* Always restore stashed CR3 value (see paranoid_entry) */
16291644
RESTORE_CR3 scratch_reg=%r15 save_reg=%r14
16301645

16311646
testl %ebx, %ebx /* swapgs needed? */

0 commit comments

Comments
 (0)