From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Xin Li <xin3.li@intel.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com,
hpa@zytor.com, brgerst@gmail.com
Subject: Re: [PATCH] x86/ia32: Do not modify the DPL bits for a null selector
Date: Thu, 06 Jul 2023 09:05:22 -0500 [thread overview]
Message-ID: <87v8exgmot.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <20230706052231.2183-1-xin3.li@intel.com> (Xin Li's message of "Wed, 5 Jul 2023 22:22:31 -0700")
Xin Li <xin3.li@intel.com> writes:
> When a null selector is to be loaded into a segment register,
> reload_segments() sets its DPL bits to 3. Later when an IRET
> instruction loads it, it zeros the segment register. The two
> operations offset each other to actually effect a nop.
>
> Fix it by not modifying the DPL bits for a null selector.
Maybe this is the right thing but this needs some serious comments
about what is going on.
In particular how does sel <= 3 equate to a null selector? Is that
defined somewhere? At a minimum you should have static asserts to make
certain no one redefines the first 4 segment selectors as anything else,
if you want to refer to them by number instead of testing for specific
properties.
As written this looks like it requires an enormous amount of knowledge
about how other parts of the code works, to be comprehensible or to
change safely. That level of non-local knowledge should be unnecessary.
Eric
> Signed-off-by: Xin Li <xin3.li@intel.com>
> ---
> arch/x86/kernel/signal_32.c | 21 +++++++++++++--------
> 1 file changed, 13 insertions(+), 8 deletions(-)
>
> diff --git a/arch/x86/kernel/signal_32.c b/arch/x86/kernel/signal_32.c
> index 9027fc088f97..7796cf84fca2 100644
> --- a/arch/x86/kernel/signal_32.c
> +++ b/arch/x86/kernel/signal_32.c
> @@ -36,22 +36,27 @@
> #ifdef CONFIG_IA32_EMULATION
> #include <asm/ia32_unistd.h>
>
> +static inline u16 usrseg(u16 sel)
> +{
> + return sel <= 3 ? sel : sel | 3;
> +}
> +
> static inline void reload_segments(struct sigcontext_32 *sc)
> {
> unsigned int cur;
>
> savesegment(gs, cur);
> - if ((sc->gs | 0x03) != cur)
> - load_gs_index(sc->gs | 0x03);
> + if (usrseg(sc->gs) != cur)
> + load_gs_index(usrseg(sc->gs));
> savesegment(fs, cur);
> - if ((sc->fs | 0x03) != cur)
> - loadsegment(fs, sc->fs | 0x03);
> + if (usrseg(sc->fs) != cur)
> + loadsegment(fs, usrseg(sc->fs));
> savesegment(ds, cur);
> - if ((sc->ds | 0x03) != cur)
> - loadsegment(ds, sc->ds | 0x03);
> + if (usrseg(sc->ds) != cur)
> + loadsegment(ds, usrseg(sc->ds));
> savesegment(es, cur);
> - if ((sc->es | 0x03) != cur)
> - loadsegment(es, sc->es | 0x03);
> + if (usrseg(sc->es) != cur)
> + loadsegment(es, usrseg(sc->es));
> }
>
> #define sigset32_t compat_sigset_t
next prev parent reply other threads:[~2023-07-06 14:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-06 5:22 [PATCH] x86/ia32: Do not modify the DPL bits for a null selector Xin Li
2023-07-06 14:05 ` Eric W. Biederman [this message]
2023-07-07 4:07 ` Li, Xin3
2023-07-07 4:16 ` Li, Xin3
2023-07-07 17:28 ` Eric W. Biederman
2023-07-07 22:17 ` Li, Xin3
2023-07-07 22:51 ` Eric W. Biederman
2023-07-08 8:44 ` Li, Xin3
2023-07-24 8:54 ` Li, Xin3
2023-07-06 15:28 ` Dave Hansen
2023-07-07 2:29 ` Li, Xin3
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v8exgmot.fsf@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=xin3.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox