From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1759259AbcBYG1C (ORCPT <rfc822;w@1wt.eu>);
	Thu, 25 Feb 2016 01:27:02 -0500
Received: from torg.zytor.com ([198.137.202.12]:54844 "EHLO mail.zytor.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1753847AbcBYG1A (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Thu, 25 Feb 2016 01:27:00 -0500
X-Greylist: delayed 1363 seconds by postgrey-1.27 at vger.kernel.org; Thu, 25 Feb 2016 01:27:00 EST
Subject: Re: [tip:x86/urgent] x86/entry/32: Add an ASM_CLAC to
 entry_SYSENTER_32
To: peterz@infradead.org, brgerst@gmail.com, mingo@kernel.org,
        tglx@linutronix.de, torvalds@linux-foundation.org, luto@kernel.org,
        linux-kernel@vger.kernel.org, luto@amacapital.net, bp@alien8.de,
        dvlasenk@redhat.com, linux-tip-commits@vger.kernel.org
References: <3e36be110724896e32a4a1fe73bacb349d3cba94.1456262295.git.luto@kernel.org>
 <tip-04d1d281dcfe683a53cddfab8371fc8bb302b069@git.kernel.org>
From: "H. Peter Anvin" <hpa@zytor.com>
Message-ID: <56CE9897.6080702@zytor.com>
Date: Wed, 24 Feb 2016 22:00:55 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <tip-04d1d281dcfe683a53cddfab8371fc8bb302b069@git.kernel.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 02/24/16 21:53, tip-bot for Andy Lutomirski wrote:
> Commit-ID:  04d1d281dcfe683a53cddfab8371fc8bb302b069
> Gitweb:     http://git.kernel.org/tip/04d1d281dcfe683a53cddfab8371fc8bb302b069
> Author:     Andy Lutomirski <luto@kernel.org>
> AuthorDate: Tue, 23 Feb 2016 13:19:29 -0800
> Committer:  Ingo Molnar <mingo@kernel.org>
> CommitDate: Wed, 24 Feb 2016 08:43:04 +0100
> 
> x86/entry/32: Add an ASM_CLAC to entry_SYSENTER_32
> 
> Both before and after 5f310f739b4c ("x86/entry/32: Re-implement
> SYSENTER using the new C path"), we relied on a uaccess very early
> in the SYSENTER path to clear AC.  After that change, though, we can
> potentially make it all the way into C code with AC set, which
> enlarges the attack surface for SMAP bypass by doing SYSENTER with
> AC set.
> 
> Strengthen the SMAP protection by addding the missing ASM_CLAC right
> at the beginning.
> 

Hmmm... this potentially adds a *lot* of unnecessary cycles to this
path.  Could we reinstate the early uaccess?

	-hpa