Re: [PATCH] x86/entry: Clarify the RF saving/restoring situation with SYSCALL/SYSRET

From: Borislav Petkov
Date: Wed Aug 03 2016 - 13:14:56 EST

Next message: Sudeep Holla: "[PATCH] drivers/perf: arm-pmu: convert arm_pmu_mutex to spinlock"
Previous message: Guenter Roeck: "Re: "Failed to create /dev/root: -14" after commit e6978e4bf1 ("ARM: save and reset the address limit when entering an exception")"
In reply to: Andy Lutomirski: "Re: [PATCH] x86/entry: Clarify the RF saving/restoring situation with SYSCALL/SYSRET"
Next in thread: Andy Lutomirski: "Re: [PATCH] x86/entry: Clarify the RF saving/restoring situation with SYSCALL/SYSRET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 03, 2016 at 09:42:29AM -0700, Andy Lutomirski wrote:
> I would change "so" and "and" -- the CPU designers could have make
> SYSRET restore RF, but they chose not to.

I'm assuming the reasoning behind it was that you should be able to
break after SYSRET but then again, the kernel could've been left in
control of that bit and set it or clear it however it likes before
SYSRETing.

Oh well.

> Other than that substitution:
>
> Acked-by: Andy Lutomirski <luto@xxxxxxxxxx>

Thanks.

Here's v1.1:

---
From: Borislav Petkov <bp@xxxxxxx>
Date: Wed, 3 Aug 2016 12:17:10 +0200
Subject: [PATCH -v1.1] x86/entry: Clarify the RF saving/restoring situation with SYSCALL/SYSRET

Clarify why exactly RF cannot be restored properly by SYSRET to avoid
confusion.

No functionality change.

Signed-off-by: Borislav Petkov <bp@xxxxxxx>
Acked-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
---
arch/x86/entry/entry_64.S | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index 8956eae04c25..b4b546bb23c3 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -288,11 +288,15 @@ return_from_SYSCALL_64:
jne opportunistic_sysret_failed

/*
- * SYSRET can't restore RF. SYSRET can restore TF, but unlike IRET,
- * restoring TF results in a trap from userspace immediately after
- * SYSRET. This would cause an infinite loop whenever #DB happens
- * with register state that satisfies the opportunistic SYSRET
- * conditions. For example, single-stepping this user code:
+ * SYSCALL clears RF when it saves rFLAGS in R11 and SYSRET cannot
+ * restore RF properly. If the slowpath sets it for whatever reason, we
+ * need to restore it correctly.
+ *
+ * SYSRET can restore TF, but unlike IRET, restoring TF results in a
+ * trap from userspace immediately after SYSRET. This would cause an
+ * infinite loop whenever #DB happens with register state that satisfies
+ * the opportunistic SYSRET conditions. For example, single-stepping
+ * this user code:
*
* movq $stuck_here, %rcx
* pushfq
--
2.8.4

--
Regards/Gruss,
Boris.

ECO tip #101: Trim your mails when you reply.
--

Next message: Sudeep Holla: "[PATCH] drivers/perf: arm-pmu: convert arm_pmu_mutex to spinlock"
Previous message: Guenter Roeck: "Re: "Failed to create /dev/root: -14" after commit e6978e4bf1 ("ARM: save and reset the address limit when entering an exception")"
In reply to: Andy Lutomirski: "Re: [PATCH] x86/entry: Clarify the RF saving/restoring situation with SYSCALL/SYSRET"
Next in thread: Andy Lutomirski: "Re: [PATCH] x86/entry: Clarify the RF saving/restoring situation with SYSCALL/SYSRET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]