From: "H. Peter Anvin" <hpa@zytor.com>
To: Andi Kleen <andi@firstfloor.org>, Andy Lutomirski <luto@amacapital.net>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
Andi Kleen <ak@linux.intel.com>
Subject: Re: [PATCH 4/7] x86: Add support for rd/wr fs/gs base
Date: Tue, 29 Apr 2014 21:52:16 -0700 [thread overview]
Message-ID: <53608180.5070800@zytor.com> (raw)
In-Reply-To: <20140429233950.GE2382@two.firstfloor.org>
On 04/29/2014 04:39 PM, Andi Kleen wrote:
>> Case 3 is annoying. If nothing tries to change the user gs base, then
>> everything is okay because the user gs base and the kernel gs bases are
>> equal. But if something does try to change the user gs base, then it
>> will accidentally change the kernel gs base instead.
>
> It doesn't really matter, as they are the same.
> They would just switch identities.
>
> Besides I don't think anyone does that.
>
It matters -- greatly -- if (and only if) we can enter the kernel with
usergs == kernelgs and then want to change usergs inside a paranoid
routine. At that point we risk being upside down, which basically means
we're rooted.
However, I believe this patchset also means only IST entries can be
paranoid, which in turn means we can't sleep inside them. To the very
best of my knowledge the only times we change usergs is on context
switch or inside a system call. We need to make sure that is actually
the case, though.
I'm at ELC for a few days, so I'll have limited decent-sized-monitor
time, but it shouldn't be too hard to convince ourselves of... mostly a
matter of making sure something like ptrace can't to stupid crap.
-hpa
next prev parent reply other threads:[~2014-04-30 4:52 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-28 22:12 Add support for RD/WR FS/GSBASE Andi Kleen
2014-04-28 22:12 ` [PATCH 1/7] percpu: Add a DEFINE_PER_CPU_2PAGE_ALIGNED Andi Kleen
2014-05-02 15:18 ` Tejun Heo
2014-04-28 22:12 ` [PATCH 2/7] x86: Naturally align the debug IST stack Andi Kleen
2014-04-28 22:12 ` [PATCH 3/7] x86: Add C intrinsics for new rd/wr fs/gs base instructions Andi Kleen
2014-04-29 14:10 ` Konrad Rzeszutek Wilk
2014-04-28 22:12 ` [PATCH 4/7] x86: Add support for rd/wr fs/gs base Andi Kleen
2014-04-29 18:19 ` Andy Lutomirski
2014-04-29 23:39 ` Andi Kleen
2014-04-30 4:52 ` H. Peter Anvin [this message]
2014-04-30 4:57 ` H. Peter Anvin
2014-04-30 23:44 ` Andy Lutomirski
2014-04-30 23:47 ` Andy Lutomirski
2014-05-01 21:15 ` Andi Kleen
2014-05-01 21:39 ` Andy Lutomirski
2014-05-01 21:51 ` Andi Kleen
2014-05-01 21:53 ` Andy Lutomirski
2014-05-01 21:58 ` H. Peter Anvin
2014-05-01 22:06 ` Andy Lutomirski
2014-05-01 22:18 ` Andi Kleen
2014-05-01 22:45 ` H. Peter Anvin
2014-04-28 22:12 ` [PATCH 5/7] x86: Make old K8 swapgs workaround conditional Andi Kleen
2014-04-30 4:57 ` H. Peter Anvin
2014-04-28 22:12 ` [PATCH 6/7] x86: Enumerate kernel FSGS capability in AT_HWCAP2 Andi Kleen
2014-04-28 22:12 ` [PATCH 7/7] x86: Add documentation for rd/wr fs/gs base Andi Kleen
2014-04-29 2:23 ` Randy Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53608180.5070800@zytor.com \
--to=hpa@zytor.com \
--cc=ak@linux.intel.com \
--cc=andi@firstfloor.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox