From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753779AbbHDGBi (ORCPT <rfc822;w@1wt.eu>);
	Tue, 4 Aug 2015 02:01:38 -0400
Received: from wtarreau.pck.nerim.net ([62.212.114.60]:36472 "EHLO 1wt.eu"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753192AbbHDGBg (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 4 Aug 2015 02:01:36 -0400
Date: Tue, 4 Aug 2015 08:00:54 +0200
From: Willy Tarreau <w@1wt.eu>
To: Borislav Petkov <bp@alien8.de>
Cc: Andy Lutomirski <luto@amacapital.net>, Andy Lutomirski <luto@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        "security@kernel.org" <security@kernel.org>, X86 ML <x86@kernel.org>,
        Sasha Levin <sasha.levin@oracle.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
        Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        Andrew Cooper <andrew.cooper3@citrix.com>,
        Jan Beulich <jbeulich@suse.com>, xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH 2/2] x86/ldt: allow to disable modify_ldt at runtime
Message-ID: <20150804060054.GA24152@1wt.eu>
References: <1438626217-23970-1-git-send-email-w@1wt.eu> <1438626217-23970-3-git-send-email-w@1wt.eu> <CALCETrWWw__f1e9NEd7iB4u6bjtrsQQ+okbUD6NOCDuqL0qcow@mail.gmail.com> <20150804035451.GC31787@nazgul.tnic>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150804035451.GC31787@nazgul.tnic>
User-Agent: Mutt/1.4.2.3i
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Aug 04, 2015 at 05:54:51AM +0200, Borislav Petkov wrote:
> On Mon, Aug 03, 2015 at 11:45:24AM -0700, Andy Lutomirski wrote:
> > P.P.P.S.  Who thought that IRET faults unmasking NMIs made any sense
> > whatsoever when NMIs run on an IST stack?  Seriously, people?
> 
> What happened with asking Intel for a sane IRET-NG?
> 
> Should be relatively easy - take the current IRET microcode, get rid
> of the nasty crap, allocate a new opcode and done. Validation should
> actually have *less* to do and can reuse all current test cases.

Even easier, just add a few flags (probably 2 or 3 only) that IRET can
check to adjust its behaviour. Basically "don't re-enable NMIs yet",
maybe something to adjust the behaviour on bad CS/SS/SP/IP and a few
such things could possibly help. Maybe all of this could be summarized
as a single flag "I'm in a fault handler".

Willy