Re: [RFC PATCH] x86, entry: Switch stacks on a paranoid entry from userspace

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Oleg Nesterov <oleg@redhat.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>,
	x86@kernel.org, linux-kernel@vger.kernel.org,
	Peter Zijlstra <peterz@infradead.org>,
	Tony Luck <tony.luck@intel.com>, Andi Kleen <andi@firstfloor.org>
Subject: Re: [RFC PATCH] x86, entry: Switch stacks on a paranoid entry from userspace
Date: Wed, 12 Nov 2014 23:00:58 +0100	[thread overview]
Message-ID: <20141112220058.GA5295@redhat.com> (raw)
In-Reply-To: <c2522bcacf5db9a25a819a8756502edb1d2ca10f.1415739239.git.luto@amacapital.net>

Andy,

As I said many times I do not understand asm ;) so most probably I missed
something but let me ask anyway.

On 11/11, Andy Lutomirski wrote:
>
> --- a/arch/x86/kernel/entry_64.S
> +++ b/arch/x86/kernel/entry_64.S
> @@ -1064,6 +1064,9 @@ ENTRY(\sym)
>  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
>
>  	.if \paranoid
> +	CFI_REMEMBER_STATE
> +	testl $3, CS(%rsp)		/* If coming from userspace, switch */
> +	jnz 1f				/* stacks. */
>  	call save_paranoid
>  	.else
>  	call error_entry
> @@ -1104,6 +1107,36 @@ ENTRY(\sym)
>  	jmp error_exit			/* %ebx: no swapgs flag */
>  	.endif
>
> +	.if \paranoid
> +	CFI_RESTORE_STATE
> +	/*
> +	 * Paranoid entry from userspace.  Switch stacks and treat it
> +	 * as a normal entry.  This means that paranoid handlers
> +	 * run in real process context if user_mode(regs).
> +	 */
> +1:
> +	call error_entry
> +
> +	DEFAULT_FRAME 0
> +
> +	movq %rsp,%rdi			/* pt_regs pointer */
> +	call sync_regs

Can't we simplify sync_regs() then?

> @@ -1324,8 +1357,6 @@ ENTRY(paranoid_exit)
>  	TRACE_IRQS_OFF_DEBUG
>  	testl %ebx,%ebx				/* swapgs needed? */
>  	jnz paranoid_restore
> -	testl $3,CS(%rsp)
> -	jnz   paranoid_userspace
>  paranoid_swapgs:

Looks like this label can die.

> -paranoid_userspace:
> -	GET_THREAD_INFO(%rcx)
> -	movl TI_flags(%rcx),%ebx
> -	andl $_TIF_WORK_MASK,%ebx
> -	jz paranoid_swapgs
> -	movq %rsp,%rdi			/* &pt_regs */
> -	call sync_regs
> -	movq %rax,%rsp			/* switch stack for scheduling */
> -	testl $_TIF_NEED_RESCHED,%ebx
> -	jnz paranoid_schedule
> -	movl %ebx,%edx			/* arg3: thread flags */
> -	TRACE_IRQS_ON
> -	ENABLE_INTERRUPTS(CLBR_NONE)
> -	xorl %esi,%esi 			/* arg2: oldset */
> -	movq %rsp,%rdi 			/* arg1: &pt_regs */
> -	call do_notify_resume

So, before this patch we use _TIF_WORK_MASK to decide if we need to call
do_notify_resume().

After this patch we jump to error_exit and it checks the same _TIF_WORK_MASK.
But note that retint_careful->retint_careful checks another mask,
_TIF_DO_NOTIFY_MASK.

So it seems to me we can miss (say) TIF_UPROBE after int3 handler, no?

Yes, even _if_ I am right we should blame these masks, _TIF_DO_NOTIFY_MASK
should probably include _TIF_UPROBE (and afaics in this case we can remove
set_thread_flag(TIF_NOTIFY_RESUME) in uprobe_deny_signal()).

And in any case, can't we cleanup _TIF_WORK_MASK and _TIF_ALLWORK_MASK?
IMHO, they should clearly define which bits we want to check.

Oleg.

next prev parent reply	other threads:[~2014-11-12 22:01 UTC|newest]

Thread overview: 63+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-11 20:56 [RFC PATCH] x86, entry: Switch stacks on a paranoid entry from userspace Andy Lutomirski
2014-11-11 21:36 ` Borislav Petkov
2014-11-11 22:00   ` Luck, Tony
2014-11-11 22:15     ` Andy Lutomirski
2014-11-11 22:12   ` Andy Lutomirski
2014-11-11 22:33     ` Borislav Petkov
2014-11-11 22:40       ` Andy Lutomirski
2014-11-11 23:09         ` Borislav Petkov
2014-11-11 23:21           ` Andy Lutomirski
2014-11-12  0:22             ` Luck, Tony
2014-11-12  0:40               ` Andy Lutomirski
2014-11-12  1:06                 ` Luck, Tony
2014-11-12  2:01                   ` Andy Lutomirski
2014-11-12  2:06                   ` Tony Luck
2014-11-12 10:30                     ` Borislav Petkov
2014-11-12 15:48                       ` Andy Lutomirski
2014-11-12 16:22                         ` Borislav Petkov
2014-11-12 17:17                           ` Luck, Tony
2014-11-12 17:30                             ` Borislav Petkov
2014-11-13 18:04                           ` Borislav Petkov
2014-11-14 21:56                             ` Luck, Tony
2014-11-14 22:07                               ` Andy Lutomirski
2014-11-17 18:50                               ` Borislav Petkov
2014-11-17 19:57                                 ` Andy Lutomirski
2014-11-17 20:03                                   ` Borislav Petkov
2014-11-17 20:05                                     ` Andy Lutomirski
2014-11-17 21:55                                       ` Luck, Tony
2014-11-17 22:26                                         ` Andy Lutomirski
2014-11-17 23:16                                           ` Luck, Tony
2014-11-18  0:05                                             ` Andy Lutomirski
2014-11-18  0:22                                               ` Luck, Tony
2014-11-18  0:55                                                 ` Andy Lutomirski
2014-11-18 18:30                                                   ` Luck, Tony
2014-11-18 23:04                                                     ` Andy Lutomirski
2014-11-18 23:26                                                       ` Luck, Tony
2014-11-18 16:12                                       ` Borislav Petkov
2014-11-12 22:00 ` Oleg Nesterov [this message]
2014-11-12 23:17   ` Andy Lutomirski
2014-11-12 23:41     ` Luck, Tony
2014-11-13  0:02       ` Andy Lutomirski
2014-11-13  0:31         ` Luck, Tony
2014-11-13  1:34           ` Andy Lutomirski
2014-11-13  3:03           ` Andy Lutomirski
2014-11-13 18:43             ` Luck, Tony
2014-11-13 22:23               ` Andy Lutomirski
2014-11-13 22:25                 ` Andy Lutomirski
2014-11-13 22:33                 ` Luck, Tony
2014-11-13 22:47                   ` Andy Lutomirski
2014-11-13 23:13                     ` Andy Lutomirski
2014-11-14  0:50                       ` Andy Lutomirski
2014-11-14  1:20                         ` Luck, Tony
2014-11-14  1:36                           ` Andy Lutomirski
2014-11-14 17:49                         ` Luck, Tony
2014-11-14 19:10                           ` Andy Lutomirski
2014-11-14 19:37                             ` Luck, Tony
2014-11-14 18:27                         ` Luck, Tony
2014-11-14 10:34             ` Borislav Petkov
2014-11-14 17:18               ` Andy Lutomirski
2014-11-14 17:24                 ` Borislav Petkov
2014-11-14 17:26                   ` Andy Lutomirski
2014-11-14 18:53                     ` Borislav Petkov
2014-11-13 10:59           ` Borislav Petkov
2014-11-13 21:23             ` Borislav Petkov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20141112220058.GA5295@redhat.com \
    --to=oleg@redhat.com \
    --cc=andi@firstfloor.org \
    --cc=bp@alien8.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=peterz@infradead.org \
    --cc=tony.luck@intel.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.