From: Guenter Roeck <linux@roeck-us.net>
To: Peter Zijlstra <peterz@infradead.org>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
jpoimboe@redhat.com, brgerst@gmail.com, jiangshanlai@gmail.com,
Andrew.Cooper3@citrix.com, mark.rutland@arm.com,
Borislav Petkov <bp@suse.de>
Subject: Re: [PATCH 3/6] x86/entry: Use PUSH_AND_CLEAR_REGS for compat
Date: Thu, 19 May 2022 09:24:11 -0700 [thread overview]
Message-ID: <20220519162411.GA4095576@roeck-us.net> (raw)
In-Reply-To: <20220506121631.293889636@infradead.org>
On Fri, May 06, 2022 at 02:14:34PM +0200, Peter Zijlstra wrote:
> Since the upper regs don't exist for ia32 code, preserving them
> doesn't hurt and it simplifies the code.
>
> This doesn't add any attack surface that would not already be
> available through INT80.
>
> Notably:
>
> - 32bit SYSENTER: didn't clear si, dx, cx.
>
> - 32bit SYSCALL, INT80: *do* clear si since the C functions don't
> take a second argument.
>
> - 64bit: didn't clear si since the C functions take a second
> argument; except the error_entry path might have only one argument,
> so clearing si was missing here.
>
> 32b SYSENTER should be clearing all those 3 registers, nothing uses them
> and selftests pass.
>
> Unconditionally clear rsi since it simplifies code.
>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> Reviewed-by: Borislav Petkov <bp@suse.de>
linux-next (next-20220519) crashes due to this patch when booting
q35:EPYC-Rome in qemu.
[ 20.716975] Run /sbin/init as init process
[ 20.790596] init[1]: segfault at f7fd5ca0 ip 00000000f7f5bbc7 sp 00000000ffa06aa0 error 7 in libc.so[f7f51000+4e000]
[ 20.793487] Code: 8a 44 24 10 88 41 ff 8b 44 24 10 83 c4 2c 5b 5e 5f 5d c3 53 83 ec 08 8b 5c 24 10 81 fb 00 f0 ff ff 76 0c e8 ba dc ff ff f7 db <89> 18 83 cb ff 83 c4 08 89 d8 5b c3 e8 81 60 ff ff 05 28 84 07 00
[ 20.796332] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 20.796621] CPU: 1 PID: 1 Comm: init Tainted: G W 5.18.0-rc7-next-20220519 #1
[ 20.796724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014
[ 20.796724] Call Trace:
[ 20.796724] <TASK>
[ 20.796724] dump_stack_lvl+0x57/0x7d
[ 20.796724] panic+0x10f/0x28d
[ 20.796724] do_exit.cold+0x18/0x48
[ 20.796724] do_group_exit+0x2e/0xb0
[ 20.796724] get_signal+0xb6d/0xb80
[ 20.796724] arch_do_signal_or_restart+0x31/0x760
[ 20.796724] ? show_opcodes.cold+0x1c/0x21
[ 20.796724] ? force_sig_fault+0x49/0x70
[ 20.796724] exit_to_user_mode_prepare+0x131/0x1a0
[ 20.796724] irqentry_exit_to_user_mode+0x5/0x30
[ 20.796724] asm_exc_page_fault+0x27/0x30
[ 20.796724] RIP: 0023:0xf7f5bbc7
[ 20.796724] Code: 8a 44 24 10 88 41 ff 8b 44 24 10 83 c4 2c 5b 5e 5f 5d c3 53 83 ec 08 8b 5c 24 10 81 fb 00 f0 ff ff 76 0c e8 ba dc ff ff f7 db <89> 18 83 cb ff 83 c4 08 89 d8 5b c3 e8 81 60 ff ff 05 28 84 07 00
[ 20.796724] RSP: 002b:00000000ffa06aa0 EFLAGS: 00000217
[ 20.796724] RAX: 00000000f7fd5ca0 RBX: 000000000000000c RCX: 0000000000001000
[ 20.796724] RDX: 0000000000000001 RSI: 00000000f7fd5b60 RDI: 00000000f7fd5b60
[ 20.796724] RBP: 00000000f7fd1c1c R08: 0000000000000000 R09: 0000000000000000
[ 20.796724] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 20.796724] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 20.796724] </TASK>
[ 20.796724] Kernel Offset: 0x33000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Bisect log attached. Reverting the patch fixes the problem.
Guenter
---
# bad: [21498d01d045c5b95b93e0a0625ae965b4330ebe] Add linux-next specific files for 20220519
# good: [42226c989789d8da4af1de0c31070c96726d990c] Linux 5.18-rc7
git bisect start 'HEAD' 'v5.18-rc7'
# good: [00ad3ec718d0a85b8fe6b317f07e585650e05073] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git
git bisect good 00ad3ec718d0a85b8fe6b317f07e585650e05073
# bad: [7bbdec75300e073a8fa14d19409af4b43bbaff17] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git
git bisect bad 7bbdec75300e073a8fa14d19409af4b43bbaff17
# good: [c298441f72cd14bbe74ac49a5c60ecf302cc2f97] Merge branch 'drm-next' of https://gitlab.freedesktop.org/agd5f/linux
git bisect good c298441f72cd14bbe74ac49a5c60ecf302cc2f97
# good: [e261ae308e94dc89db3f473db29662942a4dd532] Merge branch 'for-next' of git://git.kernel.dk/linux-block.git
git bisect good e261ae308e94dc89db3f473db29662942a4dd532
# good: [ba821c4223c38f4ec1cc2c7151c8abd4c70e3178] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux.git
git bisect good ba821c4223c38f4ec1cc2c7151c8abd4c70e3178
# good: [2b0b069fc23047b66e1bf6ffd60e7ea5d4e2f484] Merge branch into tip/master: 'smp/core'
git bisect good 2b0b069fc23047b66e1bf6ffd60e7ea5d4e2f484
# bad: [7e2492890410e54a44b5cea9d34ecca45bf74890] Merge branch into tip/master: 'locking/core'
git bisect bad 7e2492890410e54a44b5cea9d34ecca45bf74890
# bad: [9e20f60bad4afb3e1f368e9a61d9813210ce6a29] Merge branch into tip/master: 'x86/cleanups'
git bisect bad 9e20f60bad4afb3e1f368e9a61d9813210ce6a29
# bad: [ab07ef45e638d9fdffbdd2f50521f73096acf2f1] Merge branch into tip/master: 'x86/asm'
git bisect bad ab07ef45e638d9fdffbdd2f50521f73096acf2f1
# good: [81893ca70cddbbce7cde243e0c70de6917b82956] Merge branch into tip/master: 'timers/core'
git bisect good 81893ca70cddbbce7cde243e0c70de6917b82956
# good: [d205222eb6a8e5e70c21200beb81c6e19ec211d6] x86/entry: Simplify entry_INT80_compat()
git bisect good d205222eb6a8e5e70c21200beb81c6e19ec211d6
# bad: [e2ef115813c34ea5380ac5b4879f515070150210] objtool: Fix STACK_FRAME_NON_STANDARD reloc type
git bisect bad e2ef115813c34ea5380ac5b4879f515070150210
# bad: [1b331eeea7b8676fc5dbdf80d0a07e41be226177] x86/entry: Remove skip_r11rcx
git bisect bad 1b331eeea7b8676fc5dbdf80d0a07e41be226177
# bad: [8c42819b61b8340cff0643e65b5ce6a4144ab155] x86/entry: Use PUSH_AND_CLEAR_REGS for compat
git bisect bad 8c42819b61b8340cff0643e65b5ce6a4144ab155
# first bad commit: [8c42819b61b8340cff0643e65b5ce6a4144ab155] x86/entry: Use PUSH_AND_CLEAR_REGS for compat
next prev parent reply other threads:[~2022-05-19 16:24 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-06 12:14 [PATCH 0/6] x86: Various cleanups and fixes Peter Zijlstra
2022-05-06 12:14 ` [PATCH 1/6] x86/mm: Simplify RESERVE_BRK() Peter Zijlstra
2022-05-06 15:09 ` [tip: x86/asm] " tip-bot2 for Josh Poimboeuf
2022-05-06 12:14 ` [PATCH 2/6] x86/entry: Simplify entry_INT80_compat() Peter Zijlstra
2022-05-06 15:09 ` [tip: x86/asm] " tip-bot2 for Linus Torvalds
2022-05-06 12:14 ` [PATCH 3/6] x86/entry: Use PUSH_AND_CLEAR_REGS for compat Peter Zijlstra
2022-05-06 15:09 ` [tip: x86/asm] " tip-bot2 for Peter Zijlstra
2022-05-07 2:54 ` [PATCH 3/6] " Lai Jiangshan
2022-05-19 16:24 ` Guenter Roeck [this message]
2022-05-19 17:00 ` Peter Zijlstra
2022-05-19 17:11 ` Josh Poimboeuf
2022-05-19 17:35 ` Josh Poimboeuf
2022-05-20 1:11 ` Lai Jiangshan
2022-05-20 2:46 ` Guenter Roeck
2022-05-20 15:55 ` Josh Poimboeuf
2022-05-06 12:14 ` [PATCH 4/6] x86/entry: Remove skip_r11rcx Peter Zijlstra
2022-05-06 15:09 ` [tip: x86/asm] " tip-bot2 for Peter Zijlstra
2022-05-07 2:52 ` [PATCH 4/6] " Lai Jiangshan
2022-05-06 12:14 ` [PATCH 5/6] linkage: Fix issue with missing symbol size Peter Zijlstra
2022-05-06 15:08 ` [tip: x86/asm] " tip-bot2 for Peter Zijlstra
2022-05-06 12:14 ` [PATCH 6/6] objtool: Fix STACK_FRAME_NON_STANDARD reloc type Peter Zijlstra
2022-05-06 15:08 ` [tip: x86/asm] " tip-bot2 for Peter Zijlstra
2022-05-06 16:05 ` [PATCH 6/6] " Josh Poimboeuf
2022-05-06 20:26 ` [tip: x86/asm] " tip-bot2 for Peter Zijlstra
-- strict thread matches above, loose matches on Subject: below --
2022-05-19 18:31 [PATCH 3/6] x86/entry: Use PUSH_AND_CLEAR_REGS for compat Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220519162411.GA4095576@roeck-us.net \
--to=linux@roeck-us.net \
--cc=Andrew.Cooper3@citrix.com \
--cc=bp@suse.de \
--cc=brgerst@gmail.com \
--cc=jiangshanlai@gmail.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=peterz@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox