public inbox for linux-kselftest@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2] selftests/x86: Fix sysret_rip assertion failure on FRED systems
@ 2026-03-24  8:51 Yi Lai
  2026-03-24 10:11 ` Andrew Cooper
  2026-03-24 16:14 ` Xin Li
  0 siblings, 2 replies; 4+ messages in thread
From: Yi Lai @ 2026-03-24  8:51 UTC (permalink / raw)
  To: Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen,
	Andrew Cooper, Xin Li, x86, hpa, Shuah Khan, linux-kernel,
	linux-kselftest, yi1.lai, yi1.lai

The existing 'sysret_rip' selftest asserts that 'regs->r11 ==
regs->flags'. This check relies on the behavior of the SYSCALL
instruction on legacy x86_64, which saves 'RFLAGS' into 'R11'.

However, on systems with FRED (Flexible Return and Event Delivery)
enabled, instead of using registers, all state is saved onto the stack.
Consequently, 'R11' retains its userspace value, causing the assertion
to fail.

Fix this by detecting if FRED is enabled and skipping the register
assertion in that case. The detection is done by checking if the RPL
bits of the GS selector are preserved after a hardware exception.
IDT (via IRET) clears the RPL bits of NULL selectors, while FRED (via
ERETU) preserves them.

Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Yi Lai <yi1.lai@intel.com>
---
v2:
 - Replaced CPUID check with a runtime probe using INT3 and GS RPL
   preservation to robustly detect active FRED usage (Suggested by
   Andrew Cooper).

 tools/testing/selftests/x86/sysret_rip.c | 45 ++++++++++++++++++++++--
 1 file changed, 42 insertions(+), 3 deletions(-)

diff --git a/tools/testing/selftests/x86/sysret_rip.c b/tools/testing/selftests/x86/sysret_rip.c
index 2e423a335e1c..af63b04eccbe 100644
--- a/tools/testing/selftests/x86/sysret_rip.c
+++ b/tools/testing/selftests/x86/sysret_rip.c
@@ -33,6 +33,39 @@ extern const char test_page[];
 
 static const void *current_test_page_addr = test_page;
 
+static void empty_handler(int sig, siginfo_t *info, void *ctx_void)
+{
+}
+
+static bool is_fred_enabled(void)
+{
+	unsigned short gs_val;
+
+	sethandler(SIGTRAP, empty_handler, 0);
+
+	/*
+	 * Distinguish IDT and FRED mode by loading GS with a non-zero RPL and
+	 * triggering an exception:
+	 * IDT (IRET) clears RPL bits of NULL selectors.
+	 * FRED (ERETU) preserves them.
+	 *
+	 * If GS is loaded with 3 (Index=0, RPL=3), trigger an exception:
+	 * IDT should restore GS as 0.
+	 * FRED should preserve GS as 3.
+	 */
+	asm volatile (
+		"mov %[rpl3], %%gs\n\t"
+		"int3\n\t"
+		"mov %%gs, %[res]"
+		: [res] "=r" (gs_val)
+		: [rpl3] "r" (3)
+	);
+
+	clearhandler(SIGTRAP);
+
+	return gs_val == 3;
+}
+
 /* State used by our signal handlers. */
 static gregset_t initial_regs;
 
@@ -64,9 +97,15 @@ static void sigusr1(int sig, siginfo_t *info, void *ctx_void)
 	ctx->uc_mcontext.gregs[REG_RIP] = rip;
 	ctx->uc_mcontext.gregs[REG_RCX] = rip;
 
-	/* R11 and EFLAGS should already match. */
-	assert(ctx->uc_mcontext.gregs[REG_EFL] ==
-	       ctx->uc_mcontext.gregs[REG_R11]);
+	/*
+	 * SYSCALL works differently on FRED, it does not save RIP and RFLAGS
+	 * to RCX and R11.
+	 */
+	if (!is_fred_enabled()) {
+		/* R11 and EFLAGS should already match. */
+		assert(ctx->uc_mcontext.gregs[REG_EFL] ==
+		       ctx->uc_mcontext.gregs[REG_R11]);
+	}
 
 	sethandler(SIGSEGV, sigsegv_for_sigreturn_test, SA_RESETHAND);
 }
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH v2] selftests/x86: Fix sysret_rip assertion failure on FRED systems
  2026-03-24  8:51 [PATCH v2] selftests/x86: Fix sysret_rip assertion failure on FRED systems Yi Lai
@ 2026-03-24 10:11 ` Andrew Cooper
  2026-03-24 16:14 ` Xin Li
  1 sibling, 0 replies; 4+ messages in thread
From: Andrew Cooper @ 2026-03-24 10:11 UTC (permalink / raw)
  To: Yi Lai, Thomas Gleixner, Ingo Molnar, Borislav Petkov,
	Dave Hansen, Xin Li, x86, hpa, Shuah Khan, linux-kernel,
	linux-kselftest, yi1.lai
  Cc: Andrew Cooper

On 24/03/2026 8:51 am, Yi Lai wrote:
> The existing 'sysret_rip' selftest asserts that 'regs->r11 ==
> regs->flags'. This check relies on the behavior of the SYSCALL
> instruction on legacy x86_64, which saves 'RFLAGS' into 'R11'.
>
> However, on systems with FRED (Flexible Return and Event Delivery)
> enabled, instead of using registers, all state is saved onto the stack.
> Consequently, 'R11' retains its userspace value, causing the assertion
> to fail.
>
> Fix this by detecting if FRED is enabled and skipping the register
> assertion in that case. The detection is done by checking if the RPL
> bits of the GS selector are preserved after a hardware exception.
> IDT (via IRET) clears the RPL bits of NULL selectors, while FRED (via
> ERETU) preserves them.
>
> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Signed-off-by: Yi Lai <yi1.lai@intel.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH v2] selftests/x86: Fix sysret_rip assertion failure on FRED systems
  2026-03-24  8:51 [PATCH v2] selftests/x86: Fix sysret_rip assertion failure on FRED systems Yi Lai
  2026-03-24 10:11 ` Andrew Cooper
@ 2026-03-24 16:14 ` Xin Li
  2026-03-26  4:37   ` Lai, Yi
  1 sibling, 1 reply; 4+ messages in thread
From: Xin Li @ 2026-03-24 16:14 UTC (permalink / raw)
  To: Lai Yi
  Cc: Gleixner Thomas, Molnar Ingo, Petkov Borislav, Hansen Dave,
	Cooper Andrew, x86, hpa, Khan Shuah, linux-kernel,
	linux-kselftest, yi1.lai, yi1.lai



> On Mar 24, 2026, at 2:04 AM, Yi Lai <yi1.lai@intel.com> wrote:
> 
> +static bool is_fred_enabled(void)

Move it to a public header? we may use it in other tests.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH v2] selftests/x86: Fix sysret_rip assertion failure on FRED systems
  2026-03-24 16:14 ` Xin Li
@ 2026-03-26  4:37   ` Lai, Yi
  0 siblings, 0 replies; 4+ messages in thread
From: Lai, Yi @ 2026-03-26  4:37 UTC (permalink / raw)
  To: Xin Li
  Cc: Gleixner Thomas, Molnar Ingo, Petkov Borislav, Hansen Dave,
	Cooper Andrew, x86, hpa, Khan Shuah, linux-kernel,
	linux-kselftest, yi1.lai

On Tue, Mar 24, 2026 at 09:14:19AM -0700, Xin Li wrote:
> 
> 
> > On Mar 24, 2026, at 2:04 AM, Yi Lai <yi1.lai@intel.com> wrote:
> > 
> > +static bool is_fred_enabled(void)
> 
> Move it to a public header? we may use it in other tests.

Will do. Thank you for the comment.


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-03-26  4:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-24  8:51 [PATCH v2] selftests/x86: Fix sysret_rip assertion failure on FRED systems Yi Lai
2026-03-24 10:11 ` Andrew Cooper
2026-03-24 16:14 ` Xin Li
2026-03-26  4:37   ` Lai, Yi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox