From: Joerg Roedel <joro@8bytes.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@kernel.org>, "Peter Anvin" <hpa@zytor.com>,
"the arch/x86 maintainers" <x86@kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
linux-mm <linux-mm@kvack.org>,
"Andrew Lutomirski" <luto@kernel.org>,
"Dave Hansen" <dave.hansen@intel.com>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Jürgen Groß" <jgross@suse.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Borislav Petkov" <bp@alien8.de>, "Jiri Kosina" <jkosina@suse.cz>,
"Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
"Brian Gerst" <brgerst@gmail.com>,
"David Laight" <David.Laight@aculab.com>,
"Denys Vlasenko" <dvlasenk@redhat.com>,
"Eduardo Valentin" <eduval@amazon.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Will Deacon" <will.deacon@arm.com>,
"Liguori, Anthony" <aliguori@amazon.com>,
"Daniel Gruss" <daniel.gruss@iaik.tugraz.at>,
"Hugh Dickins" <hughd@google.com>,
"Kees Cook" <keescook@google.com>,
"Andrea Arcangeli" <aarcange@redhat.com>,
"Waiman Long" <llong@redhat.com>, "Pavel Machek" <pavel@ucw.cz>,
"Joerg Roedel" <jroedel@suse.de>
Subject: Re: [PATCH 07/34] x86/entry/32: Restore segments before int registers
Date: Mon, 5 Mar 2018 14:12:31 +0100 [thread overview]
Message-ID: <20180305131231.GR16484@8bytes.org> (raw)
In-Reply-To: <CA+55aFym-18UbD5K3n1Ki=mvpuLqa7E6E=qG0aE-dctzTap_WQ@mail.gmail.com>
On Mon, Mar 05, 2018 at 04:17:45AM -0800, Linus Torvalds wrote:
> Restoring the segments can cause exceptions that need to be
> handled. With PTI enabled, we still need to be on kernel cr3
> when the exception happens. For the cr3-switch we need
> at least one integer scratch register, so we can't switch
> with the user integer registers already loaded.
>
>
> This fundamentally seems wrong.
Okay, right, with v3 it is wrong, in v2 I still thought I could get away
without remembering the entry-cr3, but didn't think about the #DB case
then.
In v3 I added code which remembers the entry-cr3 and handles the
entry-from-kernel-mode-with-user-cr3 case for all exceptions including
#DB.
> The things is, we *know* that we will restore two segment registers with the
> user cr3 already loaded: CS and SS get restored with the final iret.
Yeah, I know, but the iret-exception path is fine because it will
deliver a SIGILL and doesn't return to the faulting iret.
Anyway, I will remove these restore-reorderings, they are not needed
anymore.
> So has this been tested with
>
> - single-stepping through sysenter
>
> This takes a DB fault in the first kernel instruction. We're in kernel mode,
> but with user cr3.
>
> - ptracing and setting CS/SS to something bad
>
> That should test the "exception on iret" case - again in kernel mode, but
> with user cr3 restored for the return.
The iret-exception case is tested by the ldt_gdt selftest (the
do_multicpu_tests subtest). But I didn't actually tested single-stepping
through sysenter yet. I just re-ran the same tests I did with v2 on this
patch-set.
Regards,
Joerg
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Joerg Roedel <joro@8bytes.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@kernel.org>, "Peter Anvin" <hpa@zytor.com>,
"the arch/x86 maintainers" <x86@kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
linux-mm <linux-mm@kvack.org>,
"Andrew Lutomirski" <luto@kernel.org>,
"Dave Hansen" <dave.hansen@intel.com>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Jürgen Groß" <jgross@suse.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Borislav Petkov" <bp@alien8.de>, "Jiri Kosina" <jkosina@suse.cz>,
"Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
"Brian Gerst" <brgerst@gmail.com>,
"David Laight" <David.Laight@aculab.com>,
"Denys Vlasenko" <dvlasenk@redhat.com>,
"Eduardo Valentin" <eduval@amazon.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Will Deacon" <will.deacon@arm.com>,
"Liguori, Anthony" <aliguori@amazon.com>,
"Daniel Gruss" <daniel.gruss@iaik.tugraz.at>,
"Hugh Dickins" <hughd@google.com>,
"Kees Cook" <keescook@google.com>,
"Andrea Arcangeli" <aarcange@redhat.com>,
"Waiman Long" <llong@redhat.com>, "Pavel Machek" <pavel@ucw.cz>,
"Joerg Roedel" <jroedel@suse.de>
Subject: Re: [PATCH 07/34] x86/entry/32: Restore segments before int registers
Date: Mon, 5 Mar 2018 14:12:31 +0100 [thread overview]
Message-ID: <20180305131231.GR16484@8bytes.org> (raw)
In-Reply-To: <CA+55aFym-18UbD5K3n1Ki=mvpuLqa7E6E=qG0aE-dctzTap_WQ@mail.gmail.com>
On Mon, Mar 05, 2018 at 04:17:45AM -0800, Linus Torvalds wrote:
> Restoring the segments can cause exceptions that need to be
> handled. With PTI enabled, we still need to be on kernel cr3
> when the exception happens. For the cr3-switch we need
> at least one integer scratch register, so we can't switch
> with the user integer registers already loaded.
>
>
> This fundamentally seems wrong.
Okay, right, with v3 it is wrong, in v2 I still thought I could get away
without remembering the entry-cr3, but didn't think about the #DB case
then.
In v3 I added code which remembers the entry-cr3 and handles the
entry-from-kernel-mode-with-user-cr3 case for all exceptions including
#DB.
> The things is, we *know* that we will restore two segment registers with the
> user cr3 already loaded: CS and SS get restored with the final iret.
Yeah, I know, but the iret-exception path is fine because it will
deliver a SIGILL and doesn't return to the faulting iret.
Anyway, I will remove these restore-reorderings, they are not needed
anymore.
> So has this been tested with
>
> - single-stepping through sysenter
>
> This takes a DB fault in the first kernel instruction. We're in kernel mode,
> but with user cr3.
>
> - ptracing and setting CS/SS to something bad
>
> That should test the "exception on iret" case - again in kernel mode, but
> with user cr3 restored for the return.
The iret-exception case is tested by the ldt_gdt selftest (the
do_multicpu_tests subtest). But I didn't actually tested single-stepping
through sysenter yet. I just re-ran the same tests I did with v2 on this
patch-set.
Regards,
Joerg
next prev parent reply other threads:[~2018-03-05 13:12 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-05 10:25 [PATCH 00/34 v3] PTI support for x32 Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 01/34] x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 02/34] x86/entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 03/34] x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 04/34] x86/entry/32: Put ESPFIX code into a macro Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 05/34] x86/entry/32: Unshare NMI return path Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 06/34] x86/entry/32: Split off return-to-kernel path Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 07/34] x86/entry/32: Restore segments before int registers Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 12:17 ` Linus Torvalds
2018-03-05 13:12 ` Joerg Roedel [this message]
2018-03-05 13:12 ` Joerg Roedel
2018-03-05 14:51 ` Brian Gerst
2018-03-05 14:51 ` Brian Gerst
2018-03-05 16:44 ` Joerg Roedel
2018-03-05 16:44 ` Joerg Roedel
2018-03-05 17:21 ` Brian Gerst
2018-03-05 17:21 ` Brian Gerst
2018-03-05 18:23 ` Linus Torvalds
2018-03-05 18:23 ` Linus Torvalds
2018-03-05 18:36 ` Joerg Roedel
2018-03-05 18:36 ` Joerg Roedel
2018-03-05 20:38 ` Brian Gerst
2018-03-05 20:38 ` Brian Gerst
2018-03-05 20:50 ` Linus Torvalds
2018-03-05 20:50 ` Linus Torvalds
2018-03-05 21:35 ` Joerg Roedel
2018-03-05 21:35 ` Joerg Roedel
2018-03-05 21:58 ` Linus Torvalds
2018-03-05 21:58 ` Linus Torvalds
2018-03-05 22:03 ` H. Peter Anvin
2018-03-05 22:03 ` H. Peter Anvin
2018-03-06 7:04 ` Ingo Molnar
2018-03-06 7:04 ` Ingo Molnar
2018-03-06 13:45 ` Dave Hansen
2018-03-06 13:45 ` Dave Hansen
2018-03-06 8:38 ` Joerg Roedel
2018-03-06 8:38 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 08/34] x86/entry/32: Enter the kernel via trampoline stack Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 09/34] x86/entry/32: Leave " Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 10/34] x86/entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 11/34] x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 16:41 ` Brian Gerst
2018-03-05 16:41 ` Brian Gerst
2018-03-05 18:25 ` Joerg Roedel
2018-03-05 18:25 ` Joerg Roedel
2018-03-05 20:32 ` Brian Gerst
2018-03-05 20:32 ` Brian Gerst
2018-03-06 12:27 ` Joerg Roedel
2018-03-06 12:27 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 12/34] x86/entry/32: Simplify debug entry point Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 13/34] x86/entry/32: Add PTI cr3 switches to NMI handler code Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 14/34] x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 15/34] x86/pgtable: Rename pti_set_user_pgd to pti_set_user_pgtbl Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 16/34] x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 17/34] x86/pgtable/32: Allocate 8k page-tables " Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 18/34] x86/pgtable: Move pgdp kernel/user conversion functions to pgtable.h Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 19/34] x86/pgtable: Move pti_set_user_pgtbl() " Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 20/34] x86/pgtable: Move two more functions from pgtable_64.h " Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 21/34] x86/mm/pae: Populate valid user PGD entries Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 22/34] x86/mm/pae: Populate the user page-table with user pgd's Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 23/34] x86/mm/legacy: " Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 24/34] x86/mm/pti: Add an overflow check to pti_clone_pmds() Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 25/34] x86/mm/pti: Define X86_CR3_PTI_PCID_USER_BIT on x86_32 Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 26/34] x86/mm/pti: Clone CPU_ENTRY_AREA on PMD level " Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 27/34] x86/mm/dump_pagetables: Define INIT_PGD Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 28/34] x86/pgtable/pae: Use separate kernel PMDs for user page-table Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 29/34] x86/ldt: Reserve address-space range on 32 bit for the LDT Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:25 ` [PATCH 30/34] x86/ldt: Define LDT_END_ADDR Joerg Roedel
2018-03-05 10:25 ` Joerg Roedel
2018-03-05 10:26 ` [PATCH 31/34] x86/ldt: Split out sanity check in map_ldt_struct() Joerg Roedel
2018-03-05 10:26 ` Joerg Roedel
2018-03-05 10:26 ` [PATCH 32/34] x86/ldt: Enable LDT user-mapping for PAE Joerg Roedel
2018-03-05 10:26 ` Joerg Roedel
2018-03-05 10:26 ` [PATCH 33/34] x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 Joerg Roedel
2018-03-05 10:26 ` Joerg Roedel
2018-03-05 10:26 ` [PATCH 34/34] x86/mm/pti: Add Warning when booting on a PCIE capable CPU Joerg Roedel
2018-03-05 10:26 ` Joerg Roedel
2018-03-05 13:39 ` Waiman Long
2018-03-05 13:39 ` Waiman Long
2018-03-05 16:09 ` Denys Vlasenko
2018-03-05 16:09 ` Denys Vlasenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180305131231.GR16484@8bytes.org \
--to=joro@8bytes.org \
--cc=David.Laight@aculab.com \
--cc=aarcange@redhat.com \
--cc=aliguori@amazon.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=daniel.gruss@iaik.tugraz.at \
--cc=dave.hansen@intel.com \
--cc=dvlasenk@redhat.com \
--cc=eduval@amazon.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=hughd@google.com \
--cc=jgross@suse.com \
--cc=jkosina@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=jroedel@suse.de \
--cc=keescook@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=llong@redhat.com \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=pavel@ucw.cz \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.