Re: [PATCH v12 8/8] x86: Disallow vsyscall emulation when CET is enabled

[Dave Hansen]

On 9/23/20 3:47 PM, Andy Lutomirski wrote:
> On Wed, Sep 23, 2020 at 3:20 PM Yu, Yu-cheng <yu-cheng.yu@xxxxxxxxx> wrote:
>> On 9/23/2020 3:08 PM, Dave Hansen wrote:
>>> On 9/23/20 3:06 PM, Yu, Yu-cheng wrote:
>>>> I think I'll add a check here for (r + 8) >= TASK_SIZE_MAX.  It is
>>>> better than getting a fault.
>>> There's also wrmsr_safe().
>>>
>> Yes, thanks.
>>
>> Since I am going to change this to:
>>
>> fpu__prepare_write(), then write to the XSAVES area.
>>
>> The kernel does not expect XRSTORS to fail ("Bad FPU state detected..."
>> message).  So maybe still check the address first.
> Surely there are plenty of ways to use ptrace() to poke garbage into
> the FPU state.  We should be able to handle this type of failure
> somewhat gracefully.

Yeah, agreed.  I'd much rather make XRSTORS able to #GP gracefully than
teach the kernel exhaustively about every possible error condition it
can encounter.

We *might* want to do something like to preserve the warning if the task
hasn't been ptrace'd, or had the memory buffer written to directly or
tainted in another way.