Re: [PATCH] sched/x86: Save [ER]FLAGS on context switch
From: H. Peter Anvin
Date: Mon Feb 18 2019 - 21:46:46 EST
On 2/18/19 6:20 PM, Andy Lutomirski wrote:
>> On Feb 18, 2019, at 4:24 PM, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>>> On Mon, Feb 18, 2019 at 2:31 PM H. Peter Anvin <hpa@xxxxxxxxx> wrote:
>>> The question is what "fix it" means. I'm really concerned about AC escapes,
>>> and everyone else should be, too.
>> I do think that it might be the right thing to do to add some kind of
>> WARN_ON_ONCE() for AC being set in various can-reschedule situations.
>> We'd just have to abstract it sanely. I'm sure arm64 has the exact
>> same issue with PAN - maybe it saves properly, but the same "we
>> wouldn't want to go through the scheduler with PAN clear".
>> On x86, we might as well check DF at the same time as AC.
> hpa is right, though â calling into tracing code with AC set is not really so good. And calling schedule() (via preempt_enable() or whatever) is also bad because it runs all the scheduler code with AC on. Admittedly, the scheduler is not *that* interesting of an attack surface.
Not just that, but the other question is just how much code we are running
with AC open. It really should only be done in some very small regions.