From: Andrew Cooper <andrew.cooper3@citrix.com>
To: hpa@zytor.com
Cc: acme@redhat.com, aik@amd.com, akpm@linux-foundation.org,
alexander.shishkin@linux.intel.com, ardb@kernel.org,
ast@kernel.org, bp@alien8.de, brijesh.singh@amd.com,
changbin.du@huawei.com, christophe.leroy@csgroup.eu,
corbet@lwn.net, daniel.sneddon@linux.intel.com,
dave.hansen@linux.intel.com, ebiggers@google.com,
geert+renesas@glider.be, houtao1@huawei.com, jgg@ziepe.ca,
jgross@suse.com, jpoimboe@kernel.org, kai.huang@intel.com,
kees@kernel.org, kirill.shutemov@linux.intel.com,
leitao@debian.org, linux-doc@vger.kernel.org,
linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, linux@rasmusvillemoes.dk, luto@kernel.org,
mcgrof@kernel.org, mhiramat@kernel.org, michael.roth@amd.com,
mingo@kernel.org, mingo@redhat.com, namhyung@kernel.org,
paulmck@kernel.org, pawan.kumar.gupta@linux.intel.com,
peterz@infradead.org, rick.p.edgecombe@intel.com,
rppt@kernel.org, sandipan.das@amd.com,
shijie@os.amperecomputing.com, sohil.mehta@intel.com,
tglx@linutronix.de, tj@kernel.org, tony.luck@intel.com,
vegard.nossum@oracle.com, x86@kernel.org, xin3.li@intel.com,
xiongwei.song@windriver.com, ytcoode@gmail.com
Subject: Re: [PATCHv8 14/17] x86/traps: Handle LASS thrown #SS
Date: Thu, 3 Jul 2025 00:42:27 +0100 [thread overview]
Message-ID: <4dcd23cb-eb55-42e7-aa76-dbaf2e2a7e07@citrix.com> (raw)
In-Reply-To: <4DE45AFD-C1E0-4FB8-BE01-44A72C5C6E1E@zytor.com>
> Note: for a FRED system, ERETU can generate #SS for a non-canonical user space RSP
How? Or to phrase it differently, I hope not.
%rsp is a 64bit value and does not have canonical restrictions elsewhere
in the architecture, so far as I'm aware. IRET really can restore a
non-canonical %rsp, and userspace can run for an indeterminate period of
time with a non-canonical %rsp as long as there are no stack accesses.
Accesses relative to the the stack using a non-canonical pointer will
suffer #SS, but ERETU doesn't modify the userspace stack AFAICT. I
can't see anything in the ERETU pseudocode in the FRED spec that
mentions a canonical check or memory access using %rsp.
~Andrew
next prev parent reply other threads:[~2025-07-02 23:42 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-01 9:58 [PATCHv8 00/17] x86: Enable Linear Address Space Separation support Kirill A. Shutemov
2025-07-01 9:58 ` [PATCHv8 01/17] x86/cpu: Enumerate the LASS feature bits Kirill A. Shutemov
2025-07-01 9:58 ` [PATCHv8 02/17] x86/asm: Introduce inline memcpy and memset Kirill A. Shutemov
2025-07-03 8:44 ` David Laight
2025-07-03 10:39 ` Kirill A. Shutemov
2025-07-03 12:15 ` David Laight
2025-07-03 13:33 ` Vegard Nossum
2025-07-03 16:52 ` David Laight
2025-07-03 14:10 ` Kirill A. Shutemov
2025-07-03 17:02 ` David Laight
2025-07-03 17:13 ` Dave Hansen
2025-07-04 9:04 ` Kirill A. Shutemov
2025-07-06 9:13 ` David Laight
2025-07-07 8:02 ` Kirill A. Shutemov
2025-07-07 9:33 ` David Laight
2025-07-01 9:58 ` [PATCHv8 03/17] x86/alternatives: Disable LASS when patching kernel alternatives Kirill A. Shutemov
2025-07-01 18:44 ` Sohil Mehta
2025-07-01 9:58 ` [PATCHv8 04/17] x86/cpu: Defer CR pinning setup until after EFI initialization Kirill A. Shutemov
2025-07-01 19:03 ` Sohil Mehta
2025-07-02 9:47 ` Kirill A. Shutemov
2025-07-01 23:10 ` Dave Hansen
2025-07-02 10:05 ` Kirill A. Shutemov
2025-07-04 12:23 ` Kirill A. Shutemov
2025-07-01 9:58 ` [PATCHv8 05/17] efi: Disable LASS around set_virtual_address_map() EFI call Kirill A. Shutemov
2025-07-01 9:58 ` [PATCHv8 06/17] x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Kirill A. Shutemov
2025-07-01 9:58 ` [PATCHv8 07/17] x86/vsyscall: Reorganize the #PF emulation code Kirill A. Shutemov
2025-07-01 9:58 ` [PATCHv8 08/17] x86/traps: Consolidate user fixups in exc_general_protection() Kirill A. Shutemov
2025-07-01 9:58 ` [PATCHv8 09/17] x86/vsyscall: Add vsyscall emulation for #GP Kirill A. Shutemov
2025-07-01 9:58 ` [PATCHv8 10/17] x86/vsyscall: Disable LASS if vsyscall mode is set to EMULATE Kirill A. Shutemov
2025-07-01 9:58 ` [PATCHv8 11/17] x86/cpu: Set LASS CR4 bit as pinning sensitive Kirill A. Shutemov
2025-07-01 22:51 ` Sohil Mehta
2025-07-01 9:58 ` [PATCHv8 12/17] x86/traps: Communicate a LASS violation in #GP message Kirill A. Shutemov
2025-07-02 0:36 ` Sohil Mehta
2025-07-02 10:10 ` Kirill A. Shutemov
2025-07-01 9:58 ` [PATCHv8 13/17] x86/traps: Generalize #GP address decode and hint code Kirill A. Shutemov
2025-07-02 0:54 ` Sohil Mehta
2025-07-01 9:58 ` [PATCHv8 14/17] x86/traps: Handle LASS thrown #SS Kirill A. Shutemov
2025-07-02 1:35 ` Sohil Mehta
2025-07-02 2:00 ` H. Peter Anvin
2025-07-02 2:06 ` H. Peter Anvin
2025-07-02 10:17 ` Kirill A. Shutemov
2025-07-02 14:37 ` H. Peter Anvin
2025-07-02 14:47 ` Kirill A. Shutemov
2025-07-02 17:10 ` H. Peter Anvin
2025-07-02 23:42 ` Andrew Cooper [this message]
2025-07-03 0:44 ` H. Peter Anvin
2025-07-06 9:22 ` David Laight
2025-07-06 15:07 ` H. Peter Anvin
2025-07-02 13:27 ` Kirill A. Shutemov
2025-07-02 17:56 ` Sohil Mehta
2025-07-03 10:40 ` Kirill A. Shutemov
2025-07-02 20:05 ` Sohil Mehta
2025-07-03 11:31 ` Kirill A. Shutemov
2025-07-03 20:12 ` Sohil Mehta
2025-07-04 9:23 ` Kirill A. Shutemov
2025-07-01 9:58 ` [PATCHv8 15/17] x86/cpu: Make LAM depend on LASS Kirill A. Shutemov
2025-07-01 23:03 ` Sohil Mehta
2025-07-01 9:58 ` [PATCHv8 16/17] x86/cpu: Enable LASS during CPU initialization Kirill A. Shutemov
2025-07-01 9:58 ` [PATCHv8 17/17] x86: Re-enable Linear Address Masking Kirill A. Shutemov
2025-07-01 23:13 ` Sohil Mehta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4dcd23cb-eb55-42e7-aa76-dbaf2e2a7e07@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=acme@redhat.com \
--cc=aik@amd.com \
--cc=akpm@linux-foundation.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=ardb@kernel.org \
--cc=ast@kernel.org \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=changbin.du@huawei.com \
--cc=christophe.leroy@csgroup.eu \
--cc=corbet@lwn.net \
--cc=daniel.sneddon@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=ebiggers@google.com \
--cc=geert+renesas@glider.be \
--cc=houtao1@huawei.com \
--cc=hpa@zytor.com \
--cc=jgg@ziepe.ca \
--cc=jgross@suse.com \
--cc=jpoimboe@kernel.org \
--cc=kai.huang@intel.com \
--cc=kees@kernel.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=leitao@debian.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@rasmusvillemoes.dk \
--cc=luto@kernel.org \
--cc=mcgrof@kernel.org \
--cc=mhiramat@kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=paulmck@kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=rppt@kernel.org \
--cc=sandipan.das@amd.com \
--cc=shijie@os.amperecomputing.com \
--cc=sohil.mehta@intel.com \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=tony.luck@intel.com \
--cc=vegard.nossum@oracle.com \
--cc=x86@kernel.org \
--cc=xin3.li@intel.com \
--cc=xiongwei.song@windriver.com \
--cc=ytcoode@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.