* Re: [PATCH 3/5] x86/asm/entry/32: Jump from SYSENTER32 to SYSCALL32 code path
@ 2015-07-27 22:37 Andy Lutomirski
2015-07-28 11:13 ` Denys Vlasenko
0 siblings, 1 reply; 3+ messages in thread
From: Andy Lutomirski @ 2015-07-27 22:37 UTC (permalink / raw)
To: Denys Vlasenko
Cc: Ingo Molnar, Linus Torvalds, Krzysztof A. Sobiecki,
Steven Rostedt, Borislav Petkov, H. Peter Anvin, Oleg Nesterov,
Frederic Weisbecker, Alexei Starovoitov, Will Drewry, Kees Cook,
X86 ML, linux-kernel@vger.kernel.org
> Subject: [PATCH 3/5] x86/asm/entry/32: Jump from SYSENTER32 to SYSCALL32 code path
Shouldn't that be /64, not /32, or maybe /64/compat?
On Mon, Jul 27, 2015 at 1:33 PM, Denys Vlasenko <dvlasenk@redhat.com> wrote:
> In 32-bit SYSENTER code, load arg6 into R9 instead of EBP.
> Jump to SYSCALL code path after we finish setting up pt_regs
> and clearing FLAGS_NT.
>
> This leaves most of SYSENTER32 code path inaccessible.
>
> Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
> CC: Ingo Molnar <mingo@kernel.org>
> CC: Linus Torvalds <torvalds@linux-foundation.org>
> CC: Krzysztof A. Sobiecki <sobkas@gmail.com>
> CC: Steven Rostedt <rostedt@goodmis.org>
> CC: Borislav Petkov <bp@alien8.de>
> CC: "H. Peter Anvin" <hpa@zytor.com>
> CC: Andy Lutomirski <luto@amacapital.net>
> CC: Oleg Nesterov <oleg@redhat.com>
> CC: Frederic Weisbecker <fweisbec@gmail.com>
> CC: Alexei Starovoitov <ast@plumgrid.com>
> CC: Will Drewry <wad@chromium.org>
> CC: Kees Cook <keescook@chromium.org>
> CC: x86@kernel.org
> CC: linux-kernel@vger.kernel.org
> ---
> arch/x86/entry/entry_64_compat.S | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
> index df102e8..d74745a 100644
> --- a/arch/x86/entry/entry_64_compat.S
> +++ b/arch/x86/entry/entry_64_compat.S
> @@ -93,7 +93,7 @@ ENTRY(entry_SYSENTER_compat)
> * 32-bit zero extended
> */
> ASM_STAC
> -1: movl (%rbp), %ebp
> +1: movl (%rbp), %r9d
You're sticking arg6 into r9d here, I think, and then:
>
> orl $TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
> testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
> @@ -343,6 +344,7 @@ ENTRY(entry_SYSCALL_compat)
> _ASM_EXTABLE(1b, ia32_badarg)
> ASM_CLAC
>
> +sysenter_jumps_here:
> orl $TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
> testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
> jnz cstar_tracesys
you land here, which eventually does:
movl %ebp, %r9d /* arg6 */
What am I missing?
--Andy
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH 3/5] x86/asm/entry/32: Jump from SYSENTER32 to SYSCALL32 code path
2015-07-27 22:37 [PATCH 3/5] x86/asm/entry/32: Jump from SYSENTER32 to SYSCALL32 code path Andy Lutomirski
@ 2015-07-28 11:13 ` Denys Vlasenko
0 siblings, 0 replies; 3+ messages in thread
From: Denys Vlasenko @ 2015-07-28 11:13 UTC (permalink / raw)
To: Andy Lutomirski
Cc: Ingo Molnar, Linus Torvalds, Krzysztof A. Sobiecki,
Steven Rostedt, Borislav Petkov, H. Peter Anvin, Oleg Nesterov,
Frederic Weisbecker, Alexei Starovoitov, Will Drewry, Kees Cook,
X86 ML, linux-kernel@vger.kernel.org
On 07/28/2015 12:37 AM, Andy Lutomirski wrote:
>> Subject: [PATCH 3/5] x86/asm/entry/32: Jump from SYSENTER32 to SYSCALL32 code path
>
> Shouldn't that be /64, not /32, or maybe /64/compat?
>
> On Mon, Jul 27, 2015 at 1:33 PM, Denys Vlasenko <dvlasenk@redhat.com> wrote:
>> In 32-bit SYSENTER code, load arg6 into R9 instead of EBP.
>> Jump to SYSCALL code path after we finish setting up pt_regs
>> and clearing FLAGS_NT.
>>
>> This leaves most of SYSENTER32 code path inaccessible.
>>
>> Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
>> CC: Ingo Molnar <mingo@kernel.org>
>> CC: Linus Torvalds <torvalds@linux-foundation.org>
>> CC: Krzysztof A. Sobiecki <sobkas@gmail.com>
>> CC: Steven Rostedt <rostedt@goodmis.org>
>> CC: Borislav Petkov <bp@alien8.de>
>> CC: "H. Peter Anvin" <hpa@zytor.com>
>> CC: Andy Lutomirski <luto@amacapital.net>
>> CC: Oleg Nesterov <oleg@redhat.com>
>> CC: Frederic Weisbecker <fweisbec@gmail.com>
>> CC: Alexei Starovoitov <ast@plumgrid.com>
>> CC: Will Drewry <wad@chromium.org>
>> CC: Kees Cook <keescook@chromium.org>
>> CC: x86@kernel.org
>> CC: linux-kernel@vger.kernel.org
>> ---
>> arch/x86/entry/entry_64_compat.S | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
>> index df102e8..d74745a 100644
>> --- a/arch/x86/entry/entry_64_compat.S
>> +++ b/arch/x86/entry/entry_64_compat.S
>> @@ -93,7 +93,7 @@ ENTRY(entry_SYSENTER_compat)
>> * 32-bit zero extended
>> */
>> ASM_STAC
>> -1: movl (%rbp), %ebp
>> +1: movl (%rbp), %r9d
>
> You're sticking arg6 into r9d here, I think, and then:
>
>
>>
>> orl $TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
>> testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
>> @@ -343,6 +344,7 @@ ENTRY(entry_SYSCALL_compat)
>> _ASM_EXTABLE(1b, ia32_badarg)
>> ASM_CLAC
>>
>> +sysenter_jumps_here:
>> orl $TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
>> testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
>> jnz cstar_tracesys
>
> you land here, which eventually does:
>
> movl %ebp, %r9d /* arg6 */
>
> What am I missing?
Please "git pull" from Ingo's tree. There was a revert,
arg6 is no longer held in EBP in SYSCALL code:
cstar_do_call:
/* 32-bit syscall -> 64-bit C ABI argument conversion */
movl %edi, %r8d /* arg5 */
/* r9 already loaded */ /* arg6 */
xchg %ecx, %esi /* rsi:arg2, rcx:arg4 */
movl %ebx, %edi /* arg1 */
movl %edx, %edx /* arg3 (zero extension) */
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/5] x86/asm/entry/32: Massage SYSENTER32 fast path to be nearly identical to SYSCALL32
@ 2015-07-27 20:33 Denys Vlasenko
2015-07-27 20:33 ` [PATCH 3/5] x86/asm/entry/32: Jump from SYSENTER32 to SYSCALL32 code path Denys Vlasenko
0 siblings, 1 reply; 3+ messages in thread
From: Denys Vlasenko @ 2015-07-27 20:33 UTC (permalink / raw)
To: Ingo Molnar
Cc: Denys Vlasenko, Linus Torvalds, Krzysztof A. Sobiecki,
Steven Rostedt, Borislav Petkov, H. Peter Anvin, Andy Lutomirski,
Oleg Nesterov, Frederic Weisbecker, Alexei Starovoitov,
Will Drewry, Kees Cook, x86, linux-kernel
This change swaps a few instructions in final register restoring/zeroing
section of SYSENTER fast path, and adds/deletes a few empty lines.
After this, the difference between SYSENTER and SYCALL fast paths
(after the prologue which saved pt_regs) is very small:
they differ merely in the choice of register to hold arg6 (EBP or R9)
and in the value of EDX on exit: SYSENTER ABI doesn't need to preserve it,
so it is zeroed. SYSCALL preserves it:
|(prologue is different)
| orl $TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
| testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
|- jnz sysenter_tracesys
|+ jnz cstar_tracesys
|
|-sysenter_do_call:
|+cstar_do_call:
| /* 32-bit syscall -> 64-bit C ABI argument conversion */
| movl %edi, %r8d /* arg5 */
|- movl %ebp, %r9d /* arg6 */
|+ /* r9 already loaded */ /* arg6 */
| xchg %ecx, %esi /* rsi:arg2, rcx:arg4 */
| movl %ebx, %edi /* arg1 */
| movl %edx, %edx /* arg3 (zero extension) */
|
|-sysenter_dispatch:
|+cstar_dispatch:
| cmpq $(IA32_NR_syscalls-1), %rax
| ja 1f
| call *ia32_sys_call_table(, %rax, 8)
|@@ -19,15 +19,15 @@
| DISABLE_INTERRUPTS(CLBR_NONE)
| TRACE_IRQS_OFF
| testl $_TIF_ALLWORK_MASK, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
|- jnz sysexit_audit
|+ jnz sysretl_audit
|
|-sysexit_from_sys_call:
|+sysretl_from_sys_call:
| andl $~TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
|+ movl RDX(%rsp), %edx
| movl RSI(%rsp), %esi
| movl RDI(%rsp), %edi
| movl RIP(%rsp), %ecx
| movl EFLAGS(%rsp), %r11d
|- xorl %edx, %edx
| xorq %r10, %r10
| xorq %r9, %r9
| xorq %r8, %r8
|(the rest of fast path, up to final SYSRET32, is identical)
This is a preparatory change which allows to drop most of SYSENTER machinery
and make SYSENTER reuse SYSCALL code.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
CC: Ingo Molnar <mingo@kernel.org>
CC: Linus Torvalds <torvalds@linux-foundation.org>
CC: Krzysztof A. Sobiecki <sobkas@gmail.com>
CC: Steven Rostedt <rostedt@goodmis.org>
CC: Borislav Petkov <bp@alien8.de>
CC: "H. Peter Anvin" <hpa@zytor.com>
CC: Andy Lutomirski <luto@amacapital.net>
CC: Oleg Nesterov <oleg@redhat.com>
CC: Frederic Weisbecker <fweisbec@gmail.com>
CC: Alexei Starovoitov <ast@plumgrid.com>
CC: Will Drewry <wad@chromium.org>
CC: Kees Cook <keescook@chromium.org>
CC: x86@kernel.org
CC: linux-kernel@vger.kernel.org
---
arch/x86/entry/entry_64_compat.S | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
index 8997383..9f9dfa5 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -117,6 +117,7 @@ sysenter_do_call:
xchg %ecx, %esi /* rsi:arg2, rcx:arg4 */
movl %ebx, %edi /* arg1 */
movl %edx, %edx /* arg3 (zero extension) */
+
sysenter_dispatch:
cmpq $(IA32_NR_syscalls-1), %rax
ja 1f
@@ -127,6 +128,7 @@ sysenter_dispatch:
TRACE_IRQS_OFF
testl $_TIF_ALLWORK_MASK, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
jnz sysexit_audit
+
sysexit_from_sys_call:
/*
* NB: SYSEXIT is not obviously safe for 64-bit kernels -- an
@@ -139,14 +141,14 @@ sysexit_from_sys_call:
* with 'sysenter' and it uses the SYSENTER calling convention.
*/
andl $~TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
- movl RIP(%rsp), %ecx /* User %eip */
movl RSI(%rsp), %esi
movl RDI(%rsp), %edi
+ movl RIP(%rsp), %ecx /* User %eip */
+ movl EFLAGS(%rsp), %r11d /* User eflags */
xorl %edx, %edx /* Do not leak kernel information */
- xorq %r8, %r8
- xorq %r9, %r9
xorq %r10, %r10
- movl EFLAGS(%rsp), %r11d /* User eflags */
+ xorq %r9, %r9
+ xorq %r8, %r8
TRACE_IRQS_ON
/*
@@ -340,6 +342,7 @@ ENTRY(entry_SYSCALL_compat)
1: movl (%r8), %r9d
_ASM_EXTABLE(1b, ia32_badarg)
ASM_CLAC
+
orl $TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
jnz cstar_tracesys
@@ -355,7 +358,6 @@ cstar_do_call:
cstar_dispatch:
cmpq $(IA32_NR_syscalls-1), %rax
ja 1f
-
call *ia32_sys_call_table(, %rax, 8)
movq %rax, RAX(%rsp)
1:
--
1.8.1.4
^ permalink raw reply related [flat|nested] 3+ messages in thread* [PATCH 3/5] x86/asm/entry/32: Jump from SYSENTER32 to SYSCALL32 code path
2015-07-27 20:33 [PATCH 1/5] x86/asm/entry/32: Massage SYSENTER32 fast path to be nearly identical to SYSCALL32 Denys Vlasenko
@ 2015-07-27 20:33 ` Denys Vlasenko
0 siblings, 0 replies; 3+ messages in thread
From: Denys Vlasenko @ 2015-07-27 20:33 UTC (permalink / raw)
To: Ingo Molnar
Cc: Denys Vlasenko, Linus Torvalds, Krzysztof A. Sobiecki,
Steven Rostedt, Borislav Petkov, H. Peter Anvin, Andy Lutomirski,
Oleg Nesterov, Frederic Weisbecker, Alexei Starovoitov,
Will Drewry, Kees Cook, x86, linux-kernel
In 32-bit SYSENTER code, load arg6 into R9 instead of EBP.
Jump to SYSCALL code path after we finish setting up pt_regs
and clearing FLAGS_NT.
This leaves most of SYSENTER32 code path inaccessible.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
CC: Ingo Molnar <mingo@kernel.org>
CC: Linus Torvalds <torvalds@linux-foundation.org>
CC: Krzysztof A. Sobiecki <sobkas@gmail.com>
CC: Steven Rostedt <rostedt@goodmis.org>
CC: Borislav Petkov <bp@alien8.de>
CC: "H. Peter Anvin" <hpa@zytor.com>
CC: Andy Lutomirski <luto@amacapital.net>
CC: Oleg Nesterov <oleg@redhat.com>
CC: Frederic Weisbecker <fweisbec@gmail.com>
CC: Alexei Starovoitov <ast@plumgrid.com>
CC: Will Drewry <wad@chromium.org>
CC: Kees Cook <keescook@chromium.org>
CC: x86@kernel.org
CC: linux-kernel@vger.kernel.org
---
arch/x86/entry/entry_64_compat.S | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
index df102e8..d74745a 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -93,7 +93,7 @@ ENTRY(entry_SYSENTER_compat)
* 32-bit zero extended
*/
ASM_STAC
-1: movl (%rbp), %ebp
+1: movl (%rbp), %r9d
_ASM_EXTABLE(1b, ia32_badarg)
ASM_CLAC
@@ -105,6 +105,7 @@ ENTRY(entry_SYSENTER_compat)
testl $X86_EFLAGS_NT, EFLAGS(%rsp)
jnz sysenter_fix_flags
sysenter_flags_fixed:
+ jmp sysenter_jumps_here
orl $TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
@@ -343,6 +344,7 @@ ENTRY(entry_SYSCALL_compat)
_ASM_EXTABLE(1b, ia32_badarg)
ASM_CLAC
+sysenter_jumps_here:
orl $TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
jnz cstar_tracesys
--
1.8.1.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-07-28 11:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-27 22:37 [PATCH 3/5] x86/asm/entry/32: Jump from SYSENTER32 to SYSCALL32 code path Andy Lutomirski
2015-07-28 11:13 ` Denys Vlasenko
-- strict thread matches above, loose matches on Subject: below --
2015-07-27 20:33 [PATCH 1/5] x86/asm/entry/32: Massage SYSENTER32 fast path to be nearly identical to SYSCALL32 Denys Vlasenko
2015-07-27 20:33 ` [PATCH 3/5] x86/asm/entry/32: Jump from SYSENTER32 to SYSCALL32 code path Denys Vlasenko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.