From: Ingo Molnar <mingo@kernel.org>
To: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>,
"H. Peter Anvin" <hpa@zytor.com>,
Brad Spengler <spender@grsecurity.net>,
Linus Torvalds <torvalds@linux-foundation.org>,
Borislav Petkov <bp@alien8.de>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Andrew Lutomirski <luto@kernel.org>,
"linux-tip-commits@vger.kernel.org"
<linux-tip-commits@vger.kernel.org>
Subject: [PATCH] x86/asm/entry: Remove user_mode_ignore_vm86()
Date: Sun, 29 Mar 2015 11:02:34 +0200 [thread overview]
Message-ID: <20150329090233.GA1963@gmail.com> (raw)
In-Reply-To: <20150329070816.GD18007@gmail.com>
* Ingo Molnar <mingo@kernel.org> wrote:
> So what the function name wanted to express is something like this:
>
> if (user_mode_vm86_mode_already_checked_so_this_is_marginally_faster_but_dont_use_it_otherwise_because_that_would_be_a_roothole())
> {
> ...
> }
>
> but that name was considered somewhat long.
So how about doing the patch below?
Thanks,
Ingo
===================================>
>From 6677d6f073cfda7f1036eb06d13faaad5c6742cc Mon Sep 17 00:00:00 2001
From: Ingo Molnar <mingo@kernel.org>
Date: Sun, 29 Mar 2015 09:10:08 +0200
Subject: [PATCH] x86/asm/entry: Remove user_mode_ignore_vm86()
user_mode_ignore_vm86() can be used instead of user_mode(), in
places where we have already done a v8086_mode() security
check of ptregs.
But doing this check in the wrong place would be a bug that could
result in security problems, and also the naming still isn't very clear.
Furthermore, it only affects 32-bit kernels, while most development
happens on 64-bit kernels.
If we replace them with user_mode() checks then the cost is only a
very minor increase in various slowpaths:
text data bss dec hex filename
10573391 703562 1753042 13029995 c6d26b vmlinux.o.before
10573423 703562 1753042 13030027 c6d28b vmlinux.o.after
So lets get rid of this distinction once and for all.
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
arch/x86/include/asm/ptrace.h | 17 -----------------
arch/x86/kernel/cpu/perf_event.c | 2 +-
arch/x86/kernel/traps.c | 6 +++---
3 files changed, 4 insertions(+), 21 deletions(-)
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
index d20bae298852..19507ffa5d28 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -113,23 +113,6 @@ static inline int user_mode(struct pt_regs *regs)
#endif
}
-/*
- * This is the fastest way to check whether regs come from user space.
- * It is unsafe if regs might come from vm86 mode, though -- in vm86
- * mode, all bits of CS and SS are completely under the user's control.
- * The CPU considers vm86 mode to be CPL 3 regardless of CS and SS.
- *
- * Do NOT use this function unless you have already ruled out the
- * possibility that regs came from vm86 mode.
- *
- * We check for RPL != 0 instead of RPL == 3 because we don't use rings
- * 1 or 2 and this is more efficient.
- */
-static inline int user_mode_ignore_vm86(struct pt_regs *regs)
-{
- return (regs->cs & SEGMENT_RPL_MASK) != 0;
-}
-
static inline int v8086_mode(struct pt_regs *regs)
{
#ifdef CONFIG_X86_32
diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
index 56f7e60ad732..e2888a3ad1e3 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
@@ -2159,7 +2159,7 @@ static unsigned long code_segment_base(struct pt_regs *regs)
if (regs->flags & X86_VM_MASK)
return 0x10 * regs->cs;
- if (user_mode_ignore_vm86(regs) && regs->cs != __USER_CS)
+ if (user_mode(regs) && regs->cs != __USER_CS)
return get_segment_base(regs->cs);
#else
if (user_mode(regs) && !user_64bit_mode(regs) &&
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index c8eb469a94a4..6751c5c58eec 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -207,7 +207,7 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
return -1;
}
- if (!user_mode_ignore_vm86(regs)) {
+ if (!user_mode(regs)) {
if (!fixup_exception(regs)) {
tsk->thread.error_code = error_code;
tsk->thread.trap_nr = trapnr;
@@ -468,7 +468,7 @@ do_general_protection(struct pt_regs *regs, long error_code)
}
tsk = current;
- if (!user_mode_ignore_vm86(regs)) {
+ if (!user_mode(regs)) {
if (fixup_exception(regs))
goto exit;
@@ -685,7 +685,7 @@ dotraplinkage void do_debug(struct pt_regs *regs, long error_code)
* We already checked v86 mode above, so we can check for kernel mode
* by just checking the CPL of CS.
*/
- if ((dr6 & DR_STEP) && !user_mode_ignore_vm86(regs)) {
+ if ((dr6 & DR_STEP) && !user_mode(regs)) {
tsk->thread.debugreg6 &= ~DR_STEP;
set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
regs->flags &= ~X86_EFLAGS_TF;
next prev parent reply other threads:[~2015-03-29 9:02 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-19 1:33 [PATCH 0/9] user_mode_vm removal and associated cleanups Andy Lutomirski
2015-03-19 1:33 ` [PATCH 1/9] x86, fault: Use TASK_SIZE_MAX in is_prefetch Andy Lutomirski
2015-03-23 12:20 ` [tip:x86/asm] x86/mm/fault: Use TASK_SIZE_MAX in is_prefetch() tip-bot for Andy Lutomirski
2015-03-19 1:33 ` [PATCH 2/9] x86, perf: Fix incorrect TIF_IA32 check in code_segment_base Andy Lutomirski
2015-03-23 12:20 ` [tip:x86/asm] x86/asm/entry, perf: Fix incorrect TIF_IA32 check in code_segment_base() tip-bot for Andy Lutomirski
2015-03-19 1:33 ` [PATCH 3/9] x86: Add user_mode_ignore_vm86 Andy Lutomirski
2015-03-23 12:26 ` [tip:x86/asm] x86/asm/entry: Add user_mode_ignore_vm86() tip-bot for Andy Lutomirski
2015-03-23 19:38 ` Andy Lutomirski
2015-03-24 19:44 ` Ingo Molnar
2015-03-24 19:46 ` Andy Lutomirski
2015-03-27 13:48 ` Denys Vlasenko
2015-03-29 7:08 ` Ingo Molnar
2015-03-29 9:02 ` Ingo Molnar [this message]
2015-03-29 12:13 ` [PATCH] x86/asm/entry: Remove user_mode_ignore_vm86() Borislav Petkov
2015-03-29 13:24 ` Andy Lutomirski
2015-03-31 12:39 ` [tip:x86/asm] " tip-bot for Ingo Molnar
2015-03-29 11:55 ` [tip:x86/asm] x86/asm/entry: Add user_mode_ignore_vm86() Borislav Petkov
2015-03-29 20:51 ` Denys Vlasenko
2015-03-19 1:33 ` [PATCH 4/9] x86, perf: Explicitly optimize vm86 handling in code_segment_base Andy Lutomirski
2015-03-23 12:26 ` [tip:x86/asm] x86/asm/entry, perf: Explicitly optimize vm86 handling in code_segment_base() tip-bot for Andy Lutomirski
2015-03-19 1:33 ` [PATCH 5/9] x86, traps: Use user_mode_ignore_vm86 where appropriate Andy Lutomirski
2015-03-23 12:27 ` [tip:x86/asm] x86/asm/entry: Use user_mode_ignore_vm86() " tip-bot for Andy Lutomirski
2015-03-19 1:33 ` [PATCH 6/9] x86: Make user_mode work correctly if regs came from vm86 mode Andy Lutomirski
2015-03-23 12:27 ` [tip:x86/asm] x86/asm/entry: Make user_mode() work correctly if regs came from VM86 mode tip-bot for Andy Lutomirski
2015-03-19 1:33 ` [PATCH 7/9] x86, treewide: s/user_mode_vm/user_mode/g Andy Lutomirski
2015-03-23 12:27 ` [tip:x86/asm] x86/asm/entry: Change all 'user_mode_vm()' calls to 'user_mode()' tip-bot for Andy Lutomirski
2015-03-19 1:33 ` [PATCH 8/9] x86: Remove user_mode_vm Andy Lutomirski
2015-03-23 12:28 ` [tip:x86/asm] x86/asm/entry: Remove user_mode_vm() tip-bot for Andy Lutomirski
2015-03-19 1:33 ` [PATCH 9/9] x86, traps: Replace some open-coded vm86 checks with v8086_mode Andy Lutomirski
2015-03-23 12:28 ` [tip:x86/asm] x86/asm/entry: Replace some open-coded VM86 checks with v8086_mode() checks tip-bot for Andy Lutomirski
2015-03-19 6:33 ` [PATCH 0/9] user_mode_vm removal and associated cleanups Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150329090233.GA1963@gmail.com \
--to=mingo@kernel.org \
--cc=bp@alien8.de \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=spender@grsecurity.net \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).