Commit b36d1f53 authored by Sohil Mehta's avatar Sohil Mehta Committed by Dave Hansen
Browse files

x86/vsyscall: Disable LASS if vsyscall mode is set to EMULATE 



The EMULATE mode of vsyscall maps the vsyscall page with a high kernel
address directly into user address space. Reading the vsyscall page in
EMULATE mode would cause LASS to trigger a #GP.

Fixing the LASS violation in EMULATE mode would require complex
instruction decoding because the resulting #GP does include the
necessary error information, and the vsyscall address is not
readily available in the RIP.

The EMULATE mode has been deprecated since 2022 and can only be enabled
using the command line parameter vsyscall=emulate. See commit
bf00745e ("x86/vsyscall: Remove CONFIG_LEGACY_VSYSCALL_EMULATE") for
details. At this point, no one is expected to be using this insecure
mode. The rare usages that need it obviously do not care about security.

Disable LASS when EMULATE mode is requested to avoid breaking legacy
user software. Also, update the vsyscall documentation to reflect this.
LASS will only be supported if vsyscall mode is set to XONLY (default)
or NONE.

Signed-off-by: default avatarSohil Mehta <sohil.mehta@intel.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarRick Edgecombe <rick.p.edgecombe@intel.com>
Reviewed-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarH. Peter Anvin (Intel) <hpa@zytor.com>
Tested-by: default avatarMaciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
Link: https://patch.msgid.link/20260309181029.398498-5-sohil.mehta@intel.com
parent 8376b503

Documentation/admin-guide/kernel-parameters.txt

+3 −1
Original line number Diff line number Diff line
@@ -8376,7 +8376,9 @@ Kernel parameters 


			emulate     Vsyscalls turn into traps and are emulated

			            reasonably safely.  The vsyscall page is

				    readable.

				    readable.  This disables the Linear

				    Address Space Separation (LASS) security

				    feature and makes the system less secure.



			xonly       [default] Vsyscalls turn into traps and are

			            emulated reasonably safely.  The vsyscall

arch/x86/entry/vsyscall/vsyscall_64.c

+5 −0
Original line number Diff line number Diff line
@@ -62,6 +62,11 @@ static int __init vsyscall_setup(char *str) 
		else

			return -EINVAL;



		if (cpu_feature_enabled(X86_FEATURE_LASS) && vsyscall_mode == EMULATE) {

			setup_clear_cpu_cap(X86_FEATURE_LASS);

			pr_warn_once("x86/cpu: Disabling LASS due to vsyscall=emulate\n");

		}



		return 0;

	}