[PATCH 0/3] Stuff for 4.2 (including a revert)

[PATCH 0/3] Stuff for 4.2 (including a revert)

[Andy Lutomirski]

Hi all-

Patch 1 is a revert, Cc'd to stable.  I haven't tried to write a
real test for the bug, but the code definitely looks buggy.  I
intent to fix it for real as part of converting more of the syscall
entry code to C, but this is a better fix for now.

Patch 2 fixes selftests fallout from the sigcontext revert.

Patch 3 is a new test that I thought I added but apparently didn't.
It's probably 4.3 material, but it's related to patch 1, so I'm
sending them together.

Andy Lutomirski (3):
  Revert "sched/x86_64: Don't save flags on context switch"
  selftests/x86: Disable sigreturn_64
  selftests/x86: Add syscall_nt selftest

 arch/x86/include/asm/switch_to.h         | 12 +++----
 tools/testing/selftests/x86/Makefile     |  4 +--
 tools/testing/selftests/x86/syscall_nt.c | 54 ++++++++++++++++++++++++++++++++
 3 files changed, 60 insertions(+), 10 deletions(-)
 create mode 100644 tools/testing/selftests/x86/syscall_nt.c

-- 
2.4.3

[PATCH 1/3] Revert "sched/x86_64: Don't save flags on context switch"

[Andy Lutomirski]

This reverts commit 2c7577a7583747c9b71f26dced7f696b739da745.

It was a nice speedup.  It's also not quite correct: SYSENTER
enables interrupts too early.

We can re-add this optimization once the SYSENTER code is beaten
into shape, which should happen in 4.3 or 4.4.

Cc: stable@vger.kernel.org # v3.19
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
 arch/x86/include/asm/switch_to.h | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/arch/x86/include/asm/switch_to.h b/arch/x86/include/asm/switch_to.h
index 751bf4b7bf11..d7f3b3b78ac3 100644
--- a/arch/x86/include/asm/switch_to.h
+++ b/arch/x86/include/asm/switch_to.h
@@ -79,12 +79,12 @@ do {									\
 #else /* CONFIG_X86_32 */
 
 /* frame pointer must be last for get_wchan */
-#define SAVE_CONTEXT    "pushq %%rbp ; movq %%rsi,%%rbp\n\t"
-#define RESTORE_CONTEXT "movq %%rbp,%%rsi ; popq %%rbp\t"
+#define SAVE_CONTEXT    "pushf ; pushq %%rbp ; movq %%rsi,%%rbp\n\t"
+#define RESTORE_CONTEXT "movq %%rbp,%%rsi ; popq %%rbp ; popf\t"
 
 #define __EXTRA_CLOBBER  \
 	, "rcx", "rbx", "rdx", "r8", "r9", "r10", "r11", \
-	  "r12", "r13", "r14", "r15", "flags"
+	  "r12", "r13", "r14", "r15"
 
 #ifdef CONFIG_CC_STACKPROTECTOR
 #define __switch_canary							  \
@@ -100,11 +100,7 @@ do {									\
 #define __switch_canary_iparam
 #endif	/* CC_STACKPROTECTOR */
 
-/*
- * There is no need to save or restore flags, because flags are always
- * clean in kernel mode, with the possible exception of IOPL.  Kernel IOPL
- * has no effect.
- */
+/* Save restore flags to clear handle leaking NT */
 #define switch_to(prev, next, last) \
 	asm volatile(SAVE_CONTEXT					  \
 	     "movq %%rsp,%P[threadrsp](%[prev])\n\t" /* save RSP */	  \
-- 
2.4.3

[tip:x86/asm] Revert "sched/x86_64: Don' t save flags on context switch"

[tip-bot for Andy Lutomirski]

Commit-ID:  512255a2ad2c832ca7d4de9f31245f73781922d0
Gitweb:     http://git.kernel.org/tip/512255a2ad2c832ca7d4de9f31245f73781922d0
Author:     Andy Lutomirski <luto@kernel.org>
AuthorDate: Mon, 17 Aug 2015 12:22:50 -0700
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Tue, 18 Aug 2015 09:39:26 +0200

Revert "sched/x86_64: Don't save flags on context switch"

This reverts commit:

  2c7577a75837 ("sched/x86_64: Don't save flags on context switch")

It was a nice speedup.  It's also not quite correct: SYSENTER
enables interrupts too early.

We can re-add this optimization once the SYSENTER code is beaten
into shape, which should happen in 4.3 or 4.4.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org # v3.19
Link: http://lkml.kernel.org/r/85f56651f59f76624e80785a8fd3bdfdd089a818.1439838962.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/include/asm/switch_to.h | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/arch/x86/include/asm/switch_to.h b/arch/x86/include/asm/switch_to.h
index 751bf4b..d7f3b3b 100644
--- a/arch/x86/include/asm/switch_to.h
+++ b/arch/x86/include/asm/switch_to.h
@@ -79,12 +79,12 @@ do {									\
 #else /* CONFIG_X86_32 */
 
 /* frame pointer must be last for get_wchan */
-#define SAVE_CONTEXT    "pushq %%rbp ; movq %%rsi,%%rbp\n\t"
-#define RESTORE_CONTEXT "movq %%rbp,%%rsi ; popq %%rbp\t"
+#define SAVE_CONTEXT    "pushf ; pushq %%rbp ; movq %%rsi,%%rbp\n\t"
+#define RESTORE_CONTEXT "movq %%rbp,%%rsi ; popq %%rbp ; popf\t"
 
 #define __EXTRA_CLOBBER  \
 	, "rcx", "rbx", "rdx", "r8", "r9", "r10", "r11", \
-	  "r12", "r13", "r14", "r15", "flags"
+	  "r12", "r13", "r14", "r15"
 
 #ifdef CONFIG_CC_STACKPROTECTOR
 #define __switch_canary							  \
@@ -100,11 +100,7 @@ do {									\
 #define __switch_canary_iparam
 #endif	/* CC_STACKPROTECTOR */
 
-/*
- * There is no need to save or restore flags, because flags are always
- * clean in kernel mode, with the possible exception of IOPL.  Kernel IOPL
- * has no effect.
- */
+/* Save restore flags to clear handle leaking NT */
 #define switch_to(prev, next, last) \
 	asm volatile(SAVE_CONTEXT					  \
 	     "movq %%rsp,%P[threadrsp](%[prev])\n\t" /* save RSP */	  \

[PATCH 2/3] selftests/x86: Disable sigreturn_64

[Andy Lutomirski]

sigreturn_64 was broken by ed596cde9425 ("Revert x86 sigcontext
cleanups").  Turn it off until we have a better fix.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
 tools/testing/selftests/x86/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile
index caa60d56d7d1..1cda40be06ca 100644
--- a/tools/testing/selftests/x86/Makefile
+++ b/tools/testing/selftests/x86/Makefile
@@ -4,8 +4,8 @@ include ../lib.mk
 
 .PHONY: all all_32 all_64 warn_32bit_failure clean
 
-TARGETS_C_BOTHBITS := sigreturn single_step_syscall sysret_ss_attrs
-TARGETS_C_32BIT_ONLY := entry_from_vm86
+TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs
+TARGETS_C_32BIT_ONLY := entry_from_vm86 sigreturn
 
 TARGETS_C_32BIT_ALL := $(TARGETS_C_BOTHBITS) $(TARGETS_C_32BIT_ONLY)
 BINARIES_32 := $(TARGETS_C_32BIT_ALL:%=%_32)
-- 
2.4.3

[tip:x86/asm] selftests/x86: Disable sigreturn_64

[tip-bot for Andy Lutomirski]

Commit-ID:  33f3df41d03879ab86c7f2d650e67b655e0b85c8
Gitweb:     http://git.kernel.org/tip/33f3df41d03879ab86c7f2d650e67b655e0b85c8
Author:     Andy Lutomirski <luto@kernel.org>
AuthorDate: Mon, 17 Aug 2015 12:22:51 -0700
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Tue, 18 Aug 2015 09:43:31 +0200

selftests/x86: Disable sigreturn_64

sigreturn_64 was broken by ed596cde9425 ("Revert x86 sigcontext
cleanups").  Turn it off until we have a better fix.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Shuah Khan <shuahkh@osg.samsung.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/a184e75ff170a0bcd76bf376c41cad2c402fe9f7.1439838962.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 tools/testing/selftests/x86/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile
index b70da4a..986e7cb 100644
--- a/tools/testing/selftests/x86/Makefile
+++ b/tools/testing/selftests/x86/Makefile
@@ -4,8 +4,8 @@ include ../lib.mk
 
 .PHONY: all all_32 all_64 warn_32bit_failure clean
 
-TARGETS_C_BOTHBITS := sigreturn single_step_syscall sysret_ss_attrs ldt_gdt
-TARGETS_C_32BIT_ONLY := entry_from_vm86 syscall_arg_fault
+TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs ldt_gdt
+TARGETS_C_32BIT_ONLY := entry_from_vm86 syscall_arg_fault sigreturn
 
 TARGETS_C_32BIT_ALL := $(TARGETS_C_BOTHBITS) $(TARGETS_C_32BIT_ONLY)
 BINARIES_32 := $(TARGETS_C_32BIT_ALL:%=%_32)

[PATCH 3/3] selftests/x86: Add syscall_nt selftest

[Andy Lutomirski]

I've had this sitting around for a while.  Add it to the selftests
tree.  Far Cry running under Wine depends on this behavior.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
 tools/testing/selftests/x86/Makefile     |  2 +-
 tools/testing/selftests/x86/syscall_nt.c | 54 ++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 tools/testing/selftests/x86/syscall_nt.c

diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile
index 1cda40be06ca..2221f2ba449d 100644
--- a/tools/testing/selftests/x86/Makefile
+++ b/tools/testing/selftests/x86/Makefile
@@ -4,7 +4,7 @@ include ../lib.mk
 
 .PHONY: all all_32 all_64 warn_32bit_failure clean
 
-TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs
+TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt
 TARGETS_C_32BIT_ONLY := entry_from_vm86 sigreturn
 
 TARGETS_C_32BIT_ALL := $(TARGETS_C_BOTHBITS) $(TARGETS_C_32BIT_ONLY)
diff --git a/tools/testing/selftests/x86/syscall_nt.c b/tools/testing/selftests/x86/syscall_nt.c
new file mode 100644
index 000000000000..60c06af4646a
--- /dev/null
+++ b/tools/testing/selftests/x86/syscall_nt.c
@@ -0,0 +1,54 @@
+/*
+ * syscall_nt.c - checks syscalls with NT set
+ * Copyright (c) 2014-2015 Andrew Lutomirski
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * Some obscure user-space code requires the ability to make system calls
+ * with FLAGS.NT set.  Make sure it works.
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/syscall.h>
+#include <asm/processor-flags.h>
+
+#ifdef __x86_64__
+# define WIDTH "q"
+#else
+# define WIDTH "l"
+#endif
+
+static unsigned long get_eflags(void)
+{
+	unsigned long eflags;
+	asm volatile ("pushf" WIDTH "\n\tpop" WIDTH " %0" : "=rm" (eflags));
+	return eflags;
+}
+
+static void set_eflags(unsigned long eflags)
+{
+	asm volatile ("push" WIDTH " %0\n\tpopf" WIDTH
+		      : : "rm" (eflags) : "flags");
+}
+
+int main()
+{
+	printf("[RUN]\tSet NT and issue a syscall\n");
+	set_eflags(get_eflags() | X86_EFLAGS_NT);
+	syscall(SYS_getpid);
+	if (get_eflags() & X86_EFLAGS_NT) {
+		printf("[OK]\tThe syscall worked and NT is still set\n");
+		return 0;
+	} else {
+		printf("[FAIL]\tThe syscall worked but NT was cleared\n");
+		return 1;
+	}
+}
-- 
2.4.3

[tip:x86/asm] selftests/x86: Add syscall_nt selftest

[tip-bot for Andy Lutomirski]

Commit-ID:  a9c909ce8c7853b4fc16055c50eb50d91e20cb93
Gitweb:     http://git.kernel.org/tip/a9c909ce8c7853b4fc16055c50eb50d91e20cb93
Author:     Andy Lutomirski <luto@kernel.org>
AuthorDate: Mon, 17 Aug 2015 12:22:52 -0700
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Tue, 18 Aug 2015 09:43:38 +0200

selftests/x86: Add syscall_nt selftest

I've had this sitting around for a while.  Add it to the
selftests tree.  Far Cry running under Wine depends on this
behavior.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Shuah Khan <shuahkh@osg.samsung.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/ee4d63799a9e5294b70930618b71d04d2770eb2d.1439838962.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 tools/testing/selftests/x86/Makefile     |  2 +-
 tools/testing/selftests/x86/syscall_nt.c | 54 ++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile
index 986e7cb..29089b2 100644
--- a/tools/testing/selftests/x86/Makefile
+++ b/tools/testing/selftests/x86/Makefile
@@ -4,7 +4,7 @@ include ../lib.mk
 
 .PHONY: all all_32 all_64 warn_32bit_failure clean
 
-TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs ldt_gdt
+TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs ldt_gdt syscall_nt
 TARGETS_C_32BIT_ONLY := entry_from_vm86 syscall_arg_fault sigreturn
 
 TARGETS_C_32BIT_ALL := $(TARGETS_C_BOTHBITS) $(TARGETS_C_32BIT_ONLY)
diff --git a/tools/testing/selftests/x86/syscall_nt.c b/tools/testing/selftests/x86/syscall_nt.c
new file mode 100644
index 0000000..60c06af4
--- /dev/null
+++ b/tools/testing/selftests/x86/syscall_nt.c
@@ -0,0 +1,54 @@
+/*
+ * syscall_nt.c - checks syscalls with NT set
+ * Copyright (c) 2014-2015 Andrew Lutomirski
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * Some obscure user-space code requires the ability to make system calls
+ * with FLAGS.NT set.  Make sure it works.
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/syscall.h>
+#include <asm/processor-flags.h>
+
+#ifdef __x86_64__
+# define WIDTH "q"
+#else
+# define WIDTH "l"
+#endif
+
+static unsigned long get_eflags(void)
+{
+	unsigned long eflags;
+	asm volatile ("pushf" WIDTH "\n\tpop" WIDTH " %0" : "=rm" (eflags));
+	return eflags;
+}
+
+static void set_eflags(unsigned long eflags)
+{
+	asm volatile ("push" WIDTH " %0\n\tpopf" WIDTH
+		      : : "rm" (eflags) : "flags");
+}
+
+int main()
+{
+	printf("[RUN]\tSet NT and issue a syscall\n");
+	set_eflags(get_eflags() | X86_EFLAGS_NT);
+	syscall(SYS_getpid);
+	if (get_eflags() & X86_EFLAGS_NT) {
+		printf("[OK]\tThe syscall worked and NT is still set\n");
+		return 0;
+	} else {
+		printf("[FAIL]\tThe syscall worked but NT was cleared\n");
+		return 1;
+	}
+}