Re: [patch 13/16] x86/ldt: Introduce LDT write fault handler
From: Thomas Gleixner
Date: Tue Dec 12 2017 - 14:21:37 EST
On Tue, 12 Dec 2017, Linus Torvalds wrote:
> On Tue, Dec 12, 2017 at 9:32 AM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
> > From: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> >
> > When the LDT is mapped RO, the CPU will write fault the first time it uses
> > a segment descriptor in order to set the ACCESS bit (for some reason it
> > doesn't always observe that it already preset). Catch the fault and set the
> > ACCESS bit in the handler.
>
> This really scares me.
>
> We use segments in some critical code in the kernel, like the whole
> percpu data etc. Stuff that definitely shouldn't fault.
>
> Yes, those segments should damn well be already marked accessed when
> the segment is loaded, but apparently that isn't reliable.
That has nothing to do with the user installed LDT. The kernel does not use
and rely on LDT at all.
The only critical interaction is the return to user path (user CS/SS) and
we made sure with the LAR touching that these are precached in the CPU
before we go into fragile exit code. Luto has some concerns
vs. load_gs[_index] and we'll certainly look into that some more.
Thanks,
tglx