From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Gleixner Subject: Re: [patch V3 01/13] entry: Provide generic syscall entry functionality Date: Sun, 19 Jul 2020 12:17:07 +0200 Message-ID: <87v9ijollo.fsf@nanos.tec.linutronix.de> References: <20200716182208.180916541@linutronix.de> <20200716185424.011950288@linutronix.de> <202007161336.B993ED938@keescook> <87d04vt98w.fsf@nanos.tec.linutronix.de> <202007171045.FB4A586F1D@keescook> <87mu3yq6sf.fsf@nanos.tec.linutronix.de> <875zakq56t.fsf@nanos.tec.linutronix.de> Mime-Version: 1.0 Content-Type: text/plain Return-path: In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Cc: Andy Lutomirski , Kees Cook , LKML , X86 ML , linux-arch , Will Deacon , Arnd Bergmann , Mark Rutland , Keno Fischer , Paolo Bonzini , kvm list , Gabriel Krisman Bertazi List-Id: linux-arch.vger.kernel.org Andy Lutomirski writes: > On Sat, Jul 18, 2020 at 7:16 AM Thomas Gleixner wrote: >> Andy Lutomirski writes: >> > FWIW, TIF_USER_RETURN_NOTIFY is a bit of an odd duck: it's an >> > entry/exit word *and* a context switch word. The latter is because >> > it's logically a per-cpu flag, not a per-task flag, and the context >> > switch code moves it around so it's always set on the running task. >> >> Gah, I missed the context switch thing of that. That stuff is hideous. > > It's also delightful because anything that screws up that dance (such > as failure to do the exit-to-usermode path exactly right) likely > results in an insta-root-hole. If we fail to run user return > notifiers, we can run user code with incorrect syscall MSRs, etc. Looking at it deeper, having that thing in the loop is a pointless exercise. This really wants to be done _after_ the loop. Thanks, tglx From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50874 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725836AbgGSKRN (ORCPT ); Sun, 19 Jul 2020 06:17:13 -0400 From: Thomas Gleixner Subject: Re: [patch V3 01/13] entry: Provide generic syscall entry functionality In-Reply-To: References: <20200716182208.180916541@linutronix.de> <20200716185424.011950288@linutronix.de> <202007161336.B993ED938@keescook> <87d04vt98w.fsf@nanos.tec.linutronix.de> <202007171045.FB4A586F1D@keescook> <87mu3yq6sf.fsf@nanos.tec.linutronix.de> <875zakq56t.fsf@nanos.tec.linutronix.de> Date: Sun, 19 Jul 2020 12:17:07 +0200 Message-ID: <87v9ijollo.fsf@nanos.tec.linutronix.de> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-arch-owner@vger.kernel.org List-ID: To: Andy Lutomirski Cc: Kees Cook , LKML , X86 ML , linux-arch , Will Deacon , Arnd Bergmann , Mark Rutland , Keno Fischer , Paolo Bonzini , kvm list , Gabriel Krisman Bertazi Message-ID: <20200719101707.YWLZzz1A5NqhTT2Uk_fBA8ZjPTaXjipshVOOt7A7Rhk@z> Andy Lutomirski writes: > On Sat, Jul 18, 2020 at 7:16 AM Thomas Gleixner wrote: >> Andy Lutomirski writes: >> > FWIW, TIF_USER_RETURN_NOTIFY is a bit of an odd duck: it's an >> > entry/exit word *and* a context switch word. The latter is because >> > it's logically a per-cpu flag, not a per-task flag, and the context >> > switch code moves it around so it's always set on the running task. >> >> Gah, I missed the context switch thing of that. That stuff is hideous. > > It's also delightful because anything that screws up that dance (such > as failure to do the exit-to-usermode path exactly right) likely > results in an insta-root-hole. If we fail to run user return > notifiers, we can run user code with incorrect syscall MSRs, etc. Looking at it deeper, having that thing in the loop is a pointless exercise. This really wants to be done _after_ the loop. Thanks, tglx