x86/cpu: Add 'unsafe_fsgsbase' to enable CR4.FSGSBASE

This is temporary.  It will allow the next few patches to be tested
incrementally.

Setting unsafe_fsgsbase is a root hole.  Don't do it.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Andi Kleen <ak@linux.intel.com>
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Cc: Ravi Shankar <ravi.v.shankar@intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Link: https://lkml.kernel.org/r/1557309753-24073-4-git-send-email-chang.seok.bae@intel.com

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 138f6664b2e29fe4ca71225fde00ac2ea695a941..b0fa5273b0fca63b494e687437080ae64e5f4b88 100644 (file)
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2857,6 +2857,9 @@
        no5lvl          [X86-64] Disable 5-level paging mode. Forces
                        kernel to use 4-level paging instead.
 
+       unsafe_fsgsbase [X86] Allow FSGSBASE instructions.  This will be
+                       replaced with a nofsgsbase flag.
+
        no_console_suspend
                        [HW] Never suspend the console
                        Disable suspending of consoles during suspend and

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index dad20bc891d500a22af3f447e49da9119630bbf8..71defe2d1b7c01dec1b34a3a6dbb6c597f8f662a 100644 (file)
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -366,6 +366,22 @@ out:
        cr4_clear_bits(X86_CR4_UMIP);
 }
 
+/*
+ * Temporary hack: FSGSBASE is unsafe until a few kernel code paths are
+ * updated. This allows us to get the kernel ready incrementally.
+ *
+ * Once all the pieces are in place, these will go away and be replaced with
+ * a nofsgsbase chicken flag.
+ */
+static bool unsafe_fsgsbase;
+
+static __init int setup_unsafe_fsgsbase(char *arg)
+{
+       unsafe_fsgsbase = true;
+       return 1;
+}
+__setup("unsafe_fsgsbase", setup_unsafe_fsgsbase);
+
 /*
  * Protection Keys are not available in 32-bit mode.
  */
@@ -1370,6 +1386,14 @@ static void identify_cpu(struct cpuinfo_x86 *c)
        setup_smap(c);
        setup_umip(c);
 
+       /* Enable FSGSBASE instructions if available. */
+       if (cpu_has(c, X86_FEATURE_FSGSBASE)) {
+               if (unsafe_fsgsbase)
+                       cr4_set_bits(X86_CR4_FSGSBASE);
+               else
+                       clear_cpu_cap(c, X86_FEATURE_FSGSBASE);
+       }
+
        /*
         * The vendor-specific functions might have changed features.
         * Now we do "generic changes."