From: Kees Cook <keescook@chromium.org>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: LKML <linux-kernel@vger.kernel.org>,
x86@kernel.org, linux-arch@vger.kernel.org,
Will Deacon <will@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Mark Rutland <mark.rutland@arm.com>,
Keno Fischer <keno@juliacomputing.com>,
Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org,
Gabriel Krisman Bertazi <krisman@collabora.com>
Subject: Re: [patch V4 10/15] x86/entry: Use generic syscall entry function
Date: Tue, 21 Jul 2020 14:47:17 -0700 [thread overview]
Message-ID: <202007211440.BEF76E2@keescook> (raw)
In-Reply-To: <20200721110809.325060396@linutronix.de>
On Tue, Jul 21, 2020 at 12:57:16PM +0200, Thomas Gleixner wrote:
> Replace the syscall entry work handling with the generic version. Provide
> the necessary helper inlines to handle the real architecture specific
> parts, e.g. ptrace.
>
> Use a temporary define for idtentry_enter_user which will be cleaned up
> seperately.
>
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Though, notes and a comment below...
> +/* Check that the stack and regs on entry from user mode are sane. */
> +static __always_inline void arch_check_user_regs(struct pt_regs *regs)
> +{
> + if (IS_ENABLED(CONFIG_DEBUG_ENTRY)) {
> + /*
> + * Make sure that the entry code gave us a sensible EFLAGS
> + * register. Native because we want to check the actual CPU
> + * state, not the interrupt state as imagined by Xen.
> + */
> + unsigned long flags = native_save_fl();
> + WARN_ON_ONCE(flags & (X86_EFLAGS_AC | X86_EFLAGS_DF |
> + X86_EFLAGS_NT));
push, pop, bit test
> +
> + /* We think we came from user mode. Make sure pt_regs agrees. */
> + WARN_ON_ONCE(!user_mode(regs));
memory deref, bit test
> +
> + /*
> + * All entries from user mode (except #DF) should be on the
> + * normal thread stack and should have user pt_regs in the
> + * correct location.
> + */
> + WARN_ON_ONCE(!on_thread_stack());
per-cpu deref, subtract, test
> + WARN_ON_ONCE(regs != task_pt_regs(current));
memory deref, test
> + }
> +}
This doesn't look very expensive, and they certain indicate really bad
conditions. Does this need to be behind a CONFIG? (Whatever the answer,
we can probably make those changes in a later series -- some of these
also look not arch-specific...)
--
Kees Cook
next prev parent reply other threads:[~2020-07-21 21:47 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-21 10:57 [patch V4 00/15] entry, x86, kvm: Generic entry/exit functionality for host and guest Thomas Gleixner
2020-07-21 10:57 ` [patch V4 01/15] seccomp: Provide stub for __secure_computing() Thomas Gleixner
2020-07-21 21:21 ` Kees Cook
2020-07-21 10:57 ` [patch V4 02/15] entry: Provide generic syscall entry functionality Thomas Gleixner
2020-07-21 21:38 ` Kees Cook
2020-07-22 7:34 ` Thomas Gleixner
2020-07-22 7:54 ` peterz
2020-07-21 10:57 ` [patch V4 03/15] entry: Provide generic syscall exit function Thomas Gleixner
2020-07-27 22:37 ` Andy Lutomirski
2020-07-21 10:57 ` [patch V4 04/15] entry: Provide generic interrupt entry/exit code Thomas Gleixner
2020-07-27 22:39 ` Andy Lutomirski
2020-07-29 12:18 ` Thomas Gleixner
2020-07-21 10:57 ` [patch V4 05/15] entry: Provide infrastructure for work before exiting to guest mode Thomas Gleixner
2020-07-21 10:57 ` [patch V4 06/15] x86/entry: Consolidate check_user_regs() Thomas Gleixner
2020-07-27 22:39 ` Andy Lutomirski
2020-07-21 10:57 ` [patch V4 07/15] x86/entry: Consolidate 32/64 bit syscall entry Thomas Gleixner
2020-07-21 10:57 ` [patch V4 08/15] x86/entry: Move user return notifier out of loop Thomas Gleixner
2020-07-21 10:57 ` [patch V4 09/15] x86/ptrace: Provide pt_regs helper for entry/exit Thomas Gleixner
2020-07-21 10:57 ` [patch V4 10/15] x86/entry: Use generic syscall entry function Thomas Gleixner
2020-07-21 21:47 ` Kees Cook [this message]
2020-07-22 18:25 ` Thomas Gleixner
2020-07-21 10:57 ` [patch V4 11/15] x86/entry: Use generic syscall exit functionality Thomas Gleixner
2020-07-21 21:47 ` Kees Cook
2020-07-21 10:57 ` [patch V4 12/15] x86/entry: Cleanup idtentry_entry/exit_user Thomas Gleixner
2020-07-21 21:48 ` Kees Cook
2020-07-21 10:57 ` [patch V4 13/15] x86/entry: Use generic interrupt entry/exit code Thomas Gleixner
2020-07-21 10:57 ` [patch V4 14/15] x86/entry: Cleanup idtentry_enter/exit Thomas Gleixner
2020-07-21 21:48 ` Kees Cook
2020-07-21 10:57 ` [patch V4 15/15] x86/kvm: Use generic exit to guest work function Thomas Gleixner
2020-07-21 20:27 ` Sean Christopherson
2020-07-22 7:40 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202007211440.BEF76E2@keescook \
--to=keescook@chromium.org \
--cc=arnd@arndb.de \
--cc=keno@juliacomputing.com \
--cc=krisman@collabora.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.