Re: [PATCH] x86 : Ensure X86_FLAGS_NT is cleared on syscall entry

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Sebastian Lackner <sebastian@fds-team.de>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Andy Lutomirski <luto@amacapital.net>,
	Anish Bhatt <anish@chelsio.com>,
	linux-kernel@vger.kernel.org, x86@kernel.org, mingo@redhat.com,
	hpa@zytor.com
Subject: Re: [PATCH] x86 : Ensure X86_FLAGS_NT is cleared on syscall entry
Date: Mon, 29 Sep 2014 21:41:24 +0200	[thread overview]
Message-ID: <5429B5E4.6080302@fds-team.de> (raw)
In-Reply-To: <alpine.DEB.2.02.1409292059530.22082@ionos.tec.linutronix.de>

On 29.09.2014 21:33, Thomas Gleixner wrote:
> On Mon, 29 Sep 2014, Sebastian Lackner wrote:
>> On 29.09.2014 19:40, Andy Lutomirski wrote:
>> Well, the best documentation I've found is something like
>> http://www.fermimn.gov.it/linux/quarta/x86/int.htm
>>
>> which states:
>>
>> --- snip ---
>> INTERRUPT-TO-INNER-PRIVILEGE:
>>    [...]
>>    TF := 0;
>>    NT := 0;
>> --- snip ---
>> (Doesn't say anything about HW interrupts though)
>>
>> This also makes sense at my opinion, since the interrupt handler has
>> to know if it should return to the previous task (when NT=1) or to
>> the same task (when NT=0).
> 
> No, it does not. Simply because Linux does not support nested tasks at
> all, because the TSS is not accessible and the TSS.back_link is
> sturdily NULL. So even if it would not explode with a #GP in IA-32e
> mode it would explode while trying to execute the instruction at NULL.

Sure, I also mentioned this in my last mail:

On 29.09.2014 20:30, Sebastian Lackner wrote:
> NT flag would be interpreted as a task return, and it would probably cause a different exception,
> because the kernel never uses the task link property of the TSS.

> 
>> That might be possible. It probably makes sense to review other
>> parts of the code, for similar issues.
> 
> What's the issue? Stupid user space programs segfaulting?

I see several issues here:

* At first the behaviour is not consistent between several system call and return instructions. For example calling syscalls by using 'int' doesn't have this issue, as it clears the NT flag before entering kernel code. Return instructions also don't show this issue all the time, just when it hits one of the problematic pieces of code.

* The kernel might execute all kind of other code (for example inside of drivers) and start additional threads. I didn't find any good example yet, but its not that unlikely, that the exception can also happen in a completely unrelated thread, where the kernel can not just kill the corresponding usermode app...

I'm fine with all kind of solutions, either it should be allowed to set NT, or the kernel should at least throw a proper exception, so that usermode has a chance to catch and handle it. At the moment the segfault is deadly, as the segfault handler immediately segfaults again - no chance to recover from such an error.

Regards,
Sebastian

next prev parent reply	other threads:[~2014-09-29 19:41 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-25 19:42 [PATCH] x86 : Ensure X86_FLAGS_NT is cleared on syscall entry Anish Bhatt
2014-09-25 23:00 ` Chuck Ebbert
2014-09-29 17:30   ` Andy Lutomirski
2014-09-26 22:00 ` Chuck Ebbert
2014-09-26 22:10   ` Anish Bhatt
2014-09-26 23:32   ` Linus Torvalds
2014-09-29 17:40 ` Andy Lutomirski
2014-09-29 18:30   ` Sebastian Lackner
2014-09-29 18:43     ` Andy Lutomirski
2014-09-29 19:33     ` Thomas Gleixner
2014-09-29 19:41       ` Sebastian Lackner [this message]
2014-09-29 19:51         ` Thomas Gleixner
2014-09-29 18:59   ` Thomas Gleixner
2014-09-29 19:08     ` Andy Lutomirski
2014-09-29 19:17     ` Andy Lutomirski
2014-09-29 19:41       ` Thomas Gleixner
2014-09-29 19:43         ` H. Peter Anvin
2014-09-29 19:57           ` Thomas Gleixner
2014-09-29 20:01             ` H. Peter Anvin
2014-09-29 20:10               ` Thomas Gleixner
2014-09-29 20:29               ` Andy Lutomirski
2014-09-29 20:16         ` Andy Lutomirski
2014-09-29 21:37           ` Thomas Gleixner
2014-09-30  0:11             ` Andy Lutomirski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5429B5E4.6080302@fds-team.de \
    --to=sebastian@fds-team.de \
    --cc=anish@chelsio.com \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mingo@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox