mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-11-01 08:58:07 +00:00
8382c668ce
Signals are a horrid little mechanism. They are especially nasty in multi-threaded environments because signal state like handlers is global across the entire process. But, signals are basically the only way that userspace can “gracefully” handle and recover from exceptions. The kernel generally does not like exceptions to occur during execution. But, exceptions are a fact of life and must be handled in some circumstances. The kernel handles them by keeping a list of individual instructions which may cause exceptions. Instead of truly handling the exception and returning to the instruction that caused it, the kernel instead restarts execution at a *different* instruction. This makes it obvious to that thread of execution that the exception occurred and lets *that* code handle the exception instead of the handler. This is not dissimilar to the try/catch exceptions mechanisms that some programming languages have, but applied *very* surgically to single instructions. It effectively changes the visible architecture of the instruction. Problem ======= SGX generates a lot of signals, and the code to enter and exit enclaves and muck with signal handling is truly horrid. At the same time, an approach like kernel exception fixup can not be easily applied to userspace instructions because it changes the visible instruction architecture. Solution ======== The vDSO is a special page of kernel-provided instructions that run in userspace. Any userspace calling into the vDSO knows that it is special. This allows the kernel a place to legitimately rewrite the user/kernel contract and change instruction behavior. Add support for fixing up exceptions that occur while executing in the vDSO. This replaces what could traditionally only be done with signal handling. This new mechanism will be used to replace previously direct use of SGX instructions by userspace. Just introduce the vDSO infrastructure. Later patches will actually replace signal generation with vDSO exception fixup. Suggested-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Borislav Petkov <bp@suse.de> Acked-by: Jethro Beekman <jethro@fortanix.com> Link: https://lkml.kernel.org/r/20201112220135.165028-17-jarkko@kernel.org
112 lines
2.6 KiB
ArmAsm
112 lines
2.6 KiB
ArmAsm
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#include <asm/vdso.h>
|
|
|
|
/*
|
|
* Linker script for vDSO. This is an ELF shared object prelinked to
|
|
* its virtual address, and with only one read-only segment.
|
|
* This script controls its layout.
|
|
*/
|
|
|
|
SECTIONS
|
|
{
|
|
/*
|
|
* User/kernel shared data is before the vDSO. This may be a little
|
|
* uglier than putting it after the vDSO, but it avoids issues with
|
|
* non-allocatable things that dangle past the end of the PT_LOAD
|
|
* segment.
|
|
*/
|
|
|
|
vvar_start = . - 4 * PAGE_SIZE;
|
|
vvar_page = vvar_start;
|
|
|
|
/* Place all vvars at the offsets in asm/vvar.h. */
|
|
#define EMIT_VVAR(name, offset) vvar_ ## name = vvar_page + offset;
|
|
#include <asm/vvar.h>
|
|
#undef EMIT_VVAR
|
|
|
|
pvclock_page = vvar_start + PAGE_SIZE;
|
|
hvclock_page = vvar_start + 2 * PAGE_SIZE;
|
|
timens_page = vvar_start + 3 * PAGE_SIZE;
|
|
|
|
#undef _ASM_X86_VVAR_H
|
|
/* Place all vvars in timens too at the offsets in asm/vvar.h. */
|
|
#define EMIT_VVAR(name, offset) timens_ ## name = timens_page + offset;
|
|
#include <asm/vvar.h>
|
|
#undef EMIT_VVAR
|
|
|
|
. = SIZEOF_HEADERS;
|
|
|
|
.hash : { *(.hash) } :text
|
|
.gnu.hash : { *(.gnu.hash) }
|
|
.dynsym : { *(.dynsym) }
|
|
.dynstr : { *(.dynstr) }
|
|
.gnu.version : { *(.gnu.version) }
|
|
.gnu.version_d : { *(.gnu.version_d) }
|
|
.gnu.version_r : { *(.gnu.version_r) }
|
|
|
|
.dynamic : { *(.dynamic) } :text :dynamic
|
|
|
|
.rodata : {
|
|
*(.rodata*)
|
|
*(.data*)
|
|
*(.sdata*)
|
|
*(.got.plt) *(.got)
|
|
*(.gnu.linkonce.d.*)
|
|
*(.bss*)
|
|
*(.dynbss*)
|
|
*(.gnu.linkonce.b.*)
|
|
} :text
|
|
|
|
/*
|
|
* Discard .note.gnu.property sections which are unused and have
|
|
* different alignment requirement from vDSO note sections.
|
|
*/
|
|
/DISCARD/ : {
|
|
*(.note.gnu.property)
|
|
}
|
|
.note : { *(.note.*) } :text :note
|
|
|
|
.eh_frame_hdr : { *(.eh_frame_hdr) } :text :eh_frame_hdr
|
|
.eh_frame : { KEEP (*(.eh_frame)) } :text
|
|
|
|
|
|
/*
|
|
* Text is well-separated from actual data: there's plenty of
|
|
* stuff that isn't used at runtime in between.
|
|
*/
|
|
|
|
.text : {
|
|
*(.text*)
|
|
*(.fixup)
|
|
} :text =0x90909090,
|
|
|
|
|
|
|
|
.altinstructions : { *(.altinstructions) } :text
|
|
.altinstr_replacement : { *(.altinstr_replacement) } :text
|
|
|
|
__ex_table : { *(__ex_table) } :text
|
|
|
|
/DISCARD/ : {
|
|
*(.discard)
|
|
*(.discard.*)
|
|
*(__bug_table)
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Very old versions of ld do not recognize this name token; use the constant.
|
|
*/
|
|
#define PT_GNU_EH_FRAME 0x6474e550
|
|
|
|
/*
|
|
* We must supply the ELF program headers explicitly to get just one
|
|
* PT_LOAD segment, and set the flags explicitly to make segments read-only.
|
|
*/
|
|
PHDRS
|
|
{
|
|
text PT_LOAD FLAGS(5) FILEHDR PHDRS; /* PF_R|PF_X */
|
|
dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
|
|
note PT_NOTE FLAGS(4); /* PF_R */
|
|
eh_frame_hdr PT_GNU_EH_FRAME;
|
|
}
|