From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752494AbbC1Ifm (ORCPT <rfc822;w@1wt.eu>);
	Sat, 28 Mar 2015 04:35:42 -0400
Received: from mail-wi0-f172.google.com ([209.85.212.172]:37308 "EHLO
	mail-wi0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751213AbbC1Ifi (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Sat, 28 Mar 2015 04:35:38 -0400
Date: Sat, 28 Mar 2015 09:35:33 +0100
From: Ingo Molnar <mingo@kernel.org>
To: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
        Denys Vlasenko <dvlasenk@redhat.com>, Borislav Petkov <bp@alien8.de>,
        linux-kernel@vger.kernel.org, X86 ML <x86@kernel.org>, hpa@zytor.com,
        stable@vger.kernel.org
Subject: Re: [RFC] x86, ia32entry: Use sysretl to return from sysenter
Message-ID: <20150328083533.GA1183@gmail.com>
References: <9414b4dfad7ad90b0315323be32d977867719bd4.1427493165.git.luto@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9414b4dfad7ad90b0315323be32d977867719bd4.1427493165.git.luto@kernel.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


* Andy Lutomirski <luto@kernel.org> wrote:

> Sysexit is scary on 64-bit kernels -- sysexit must be invoked with
> usergs and IRQs on.  That means that we rely on sti to correctly
> mask interrupts for one instruction.  This is okay by itself, but
> the semantics with respect to NMIs are unclear.

At least judging by profiling output I think NMIs observe the STI 
window of one instruction non-execution as well. (But I'm not 100% 
sure.)

> Avoid the whole issue by using sysretl instead.  For background,
> Intel CPUs don't allow syscall from compat mode, but they do allow
> sysret back to compat mode.  Go figure.
> 
> Oddly this seems to be 30 cycles or so faster.  Avoiding popfq and
> sti will account for under half of that, I think, so my best guess
> is that Intel just optimizes sysret much better than sysexit.
> 
> Cc: stable@vger.kernel.org

I like it, but no way is this automatic -stable material ... if proven 
upstream we can forward it as a fix for SYSEXIT fragility, but not 
automatically, IMHO.

Thanks,

	Ingo