b82a8dbd3d
The INT 0x80 instruction is used for 32-bit x86 Linux syscalls. The
kernel expects to receive a software interrupt as a result of the INT
0x80 instruction. However, an external interrupt on the same vector
triggers the same handler.
The kernel interprets an external interrupt on vector 0x80 as a 32-bit
system call that came from userspace.
A VMM can inject external interrupts on any arbitrary vector at any
time. This remains true even for TDX and SEV guests where the VMM is
untrusted.
Put together, this allows an untrusted VMM to trigger int80 syscall
handling at any given point. The content of the guest register file at
that moment defines what syscall is triggered and its arguments. It
opens the guest OS to manipulation from the VMM side.
Disable 32-bit emulation by default for TDX and SEV. User can override
it with the ia32_emulation=y command line option.
[ dhansen: reword the changelog ]
Reported-by: Supraja Sridhara <supraja.sridhara@inf.ethz.ch>
Reported-by: Benedict Schlüter <benedict.schlueter@inf.ethz.ch>
Reported-by: Mark Kuhne <mark.kuhne@inf.ethz.ch>
Reported-by: Andrin Bertschi <andrin.bertschi@inf.ethz.ch>
Reported-by: Shweta Shinde <shweta.shinde@inf.ethz.ch>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@vger.kernel.org> # v6.0+: 1da5c9b x86: Introduce ia32_enabled()
Cc: <stable@vger.kernel.org> # v6.0+
94 lines
1.7 KiB
C
94 lines
1.7 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _ASM_X86_IA32_H
|
|
#define _ASM_X86_IA32_H
|
|
|
|
|
|
#ifdef CONFIG_IA32_EMULATION
|
|
|
|
#include <linux/compat.h>
|
|
|
|
/*
|
|
* 32 bit structures for IA32 support.
|
|
*/
|
|
|
|
#include <uapi/asm/sigcontext.h>
|
|
|
|
/* signal.h */
|
|
|
|
struct ucontext_ia32 {
|
|
unsigned int uc_flags;
|
|
unsigned int uc_link;
|
|
compat_stack_t uc_stack;
|
|
struct sigcontext_32 uc_mcontext;
|
|
compat_sigset_t uc_sigmask; /* mask last for extensibility */
|
|
};
|
|
|
|
/* This matches struct stat64 in glibc2.2, hence the absolutely
|
|
* insane amounts of padding around dev_t's.
|
|
*/
|
|
struct stat64 {
|
|
unsigned long long st_dev;
|
|
unsigned char __pad0[4];
|
|
|
|
#define STAT64_HAS_BROKEN_ST_INO 1
|
|
unsigned int __st_ino;
|
|
|
|
unsigned int st_mode;
|
|
unsigned int st_nlink;
|
|
|
|
unsigned int st_uid;
|
|
unsigned int st_gid;
|
|
|
|
unsigned long long st_rdev;
|
|
unsigned char __pad3[4];
|
|
|
|
long long st_size;
|
|
unsigned int st_blksize;
|
|
|
|
long long st_blocks;/* Number 512-byte blocks allocated */
|
|
|
|
unsigned st_atime;
|
|
unsigned st_atime_nsec;
|
|
unsigned st_mtime;
|
|
unsigned st_mtime_nsec;
|
|
unsigned st_ctime;
|
|
unsigned st_ctime_nsec;
|
|
|
|
unsigned long long st_ino;
|
|
} __attribute__((packed));
|
|
|
|
#define IA32_STACK_TOP IA32_PAGE_OFFSET
|
|
|
|
#ifdef __KERNEL__
|
|
struct linux_binprm;
|
|
extern int ia32_setup_arg_pages(struct linux_binprm *bprm,
|
|
unsigned long stack_top, int exec_stack);
|
|
struct mm_struct;
|
|
extern void ia32_pick_mmap_layout(struct mm_struct *mm);
|
|
|
|
#endif
|
|
|
|
extern bool __ia32_enabled;
|
|
|
|
static inline bool ia32_enabled(void)
|
|
{
|
|
return __ia32_enabled;
|
|
}
|
|
|
|
static inline void ia32_disable(void)
|
|
{
|
|
__ia32_enabled = false;
|
|
}
|
|
|
|
#else /* !CONFIG_IA32_EMULATION */
|
|
|
|
static inline bool ia32_enabled(void)
|
|
{
|
|
return IS_ENABLED(CONFIG_X86_32);
|
|
}
|
|
|
|
static inline void ia32_disable(void) {}
|
|
|
|
#endif
|
|
|
|
#endif /* _ASM_X86_IA32_H */
|