x86/cpu: Enable LASS during CPU initialization

Linear Address Space Separation (LASS) mitigates a class of side-channel
attacks that rely on speculative access across the user/kernel boundary.
Enable LASS along with similar security features if the platform
supports it.

While at it, remove the comment above the SMAP/SMEP/UMIP/LASS setup
instead of updating it, as the whole sequence is quite self-explanatory.

Some EFI runtime and boot services may rely on 1:1 mappings in the lower
half during early boot and even after SetVirtualAddressMap(). To avoid
tripping LASS, the initial CR4 programming would need to be delayed
until EFI has completely finished entering virtual mode (including
efi_free_boot_services()). Also, LASS would need to be temporarily
disabled while switching to efi_mm to avoid potential faults on stray
runtime accesses.

Similarly, legacy vsyscall page accesses are flagged by LASS resulting
in a #GP (instead of a #PF). Without LASS, the #PF handler emulates the
accesses and returns the appropriate values. Equivalent emulation
support is required in the #GP handler with LASS enabled. In case of
vsyscall XONLY (execute only) mode, the faulting address is readily
available in the RIP which would make it easier to reuse the #PF
emulation logic.

For now, keep it simple and disable LASS if either of those are compiled
in. Though not ideal, this makes it easier to start testing LASS support
in some environments. In future, LASS support can easily be expanded to
support EFI and legacy vsyscalls.

Signed-off-by: Sohil Mehta <sohil.mehta@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Link: https://patch.msgid.link/20251118182911.2983253-9-sohil.mehta%40intel.com

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 3ff9682d8bc424142a96f44d32691e8fe17729da..d01dd88fae7d0ebaeacc0744fdc0194a876d182d 100644 (file)
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -401,6 +401,28 @@ out:
        cr4_clear_bits(X86_CR4_UMIP);
 }
 
+static __always_inline void setup_lass(struct cpuinfo_x86 *c)
+{
+       if (!cpu_feature_enabled(X86_FEATURE_LASS))
+               return;
+
+       /*
+        * Legacy vsyscall page access causes a #GP when LASS is active.
+        * Disable LASS because the #GP handler doesn't support vsyscall
+        * emulation.
+        *
+        * Also disable LASS when running under EFI, as some runtime and
+        * boot services rely on 1:1 mappings in the lower half.
+        */
+       if (IS_ENABLED(CONFIG_X86_VSYSCALL_EMULATION) ||
+           IS_ENABLED(CONFIG_EFI)) {
+               setup_clear_cpu_cap(X86_FEATURE_LASS);
+               return;
+       }
+
+       cr4_set_bits(X86_CR4_LASS);
+}
+
 /* These bits should not change their value after CPU init is finished. */
 static const unsigned long cr4_pinned_mask = X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP |
                                             X86_CR4_FSGSBASE | X86_CR4_CET | X86_CR4_FRED;
@@ -2007,10 +2029,10 @@ static void identify_cpu(struct cpuinfo_x86 *c)
        /* Disable the PN if appropriate */
        squash_the_stupid_serial_number(c);
 
-       /* Set up SMEP/SMAP/UMIP */
        setup_smep(c);
        setup_smap(c);
        setup_umip(c);
+       setup_lass(c);
 
        /* Enable FSGSBASE instructions if available. */
        if (cpu_has(c, X86_FEATURE_FSGSBASE)) {