From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932645AbbBZNy5 (ORCPT <rfc822;w@1wt.eu>);
	Thu, 26 Feb 2015 08:54:57 -0500
Received: from mail-qc0-f182.google.com ([209.85.216.182]:39954 "EHLO
	mail-qc0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932176AbbBZNyy (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 26 Feb 2015 08:54:54 -0500
MIME-Version: 1.0
In-Reply-To: <CAK1hOcPwYYfs7aoJFdpr12j+Ed--BSUr=pu9Ba05brfeeZnyXg@mail.gmail.com>
References: <1423778052-21038-1-git-send-email-dvlasenk@redhat.com>
 <1423778052-21038-2-git-send-email-dvlasenk@redhat.com> <CANaxB-zH5k1cKYMA+tOJxgLhenadJQmdtGktBE6EAUOExsqmEg@mail.gmail.com>
 <54EE1799.2000602@redhat.com> <CANaxB-xtTzwAw22LT1wBWD5V4yBcf5yv-YtvvOp3QtXG76hgTg@mail.gmail.com>
 <CALCETrWWHxqZo+aaDrPhJKEORMWG5Fn4-8Hq6B19yNX++GLb5g@mail.gmail.com>
 <54EE3E94.7060208@redhat.com> <CALCETrVFzm-nXwJSgjhLuHS6B1HT70Q0CsxybjJUmVAKALL5NA@mail.gmail.com>
 <CAK1hOcN2jjfjNArnD8Uw68GCgHCXui59M3HETYE5YaR_Apxa4A@mail.gmail.com> <CAK1hOcPwYYfs7aoJFdpr12j+Ed--BSUr=pu9Ba05brfeeZnyXg@mail.gmail.com>
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Thu, 26 Feb 2015 14:54:33 +0100
Message-ID: <CAK1hOcNBLpQ3b5qsTigX_SR4B_FjB5WzrVfXdVOwX-QtFd0sGQ@mail.gmail.com>
Subject: Re: [PATCH 2/3 v3] x86: entry_64.S: always allocate complete "struct pt_regs"
To: Andy Lutomirski <luto@amacapital.net>
Cc: Denys Vlasenko <dvlasenk@redhat.com>, Andrey Wagin <avagin@gmail.com>,
        Ingo Molnar <mingo@redhat.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Oleg Nesterov <oleg@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Frederic Weisbecker <fweisbec@gmail.com>, X86 ML <x86@kernel.org>,
        Alexei Starovoitov <ast@plumgrid.com>, Will Drewry <wad@chromium.org>,
        Kees Cook <keescook@chromium.org>, LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Feb 26, 2015 at 1:11 PM, Denys Vlasenko
<vda.linux@googlemail.com> wrote:
> On Thu, Feb 26, 2015 at 10:55 AM, Denys Vlasenko
> <vda.linux@googlemail.com> wrote:
>> On Wed, Feb 25, 2015 at 10:59 PM, Andy Lutomirski <luto@amacapital.net> wrote:
>> In addition to my previous tests, I ran my home machine with
>> patched kernel. Unfortunately, it works for me :(
>>
>> Will try on yet another machine.
>
> And voila, it does happen on another machine :)
>
> I'm debugging it right now. Looks like 64-bit syscalls just stop working
> at some point in new processes. That is, existing process is alive and well,
> but children get SEGV after fork (most likely on any syscall64 they do,
> not after fork per se. They eventually manage to kill themselves -
> not trivial when exit syscall isn't working either - by tripping on HLT insn).
>
> 32-bit syscalls (int 80) continue to work. Fork, exec, whatever you want.
> I have static 32-bit busybox binary and everything works there.
>
> Also, any 64-bit process which was under strace continues to work correctly,
> including forks and execs.
>
> This points towards some bug on fast path sysret64 code. Looking for it.

audit=0 makes crashes disappear.

I found the problem. If syscall_trace_enter_phase1 returns 0,
I restore %rax from pt_regs->ax, but should restore it from
pt_regs->orig_ax:

        call syscall_trace_enter_phase1
        test %rax, %rax
        jnz tracesys_phase2             /* if needed, run the slow path */
-       RESTORE_C_REGS                  /* else restore clobbered regs */
+       RESTORE_C_REGS_EXCEPT_RAX       /* else restore clobbered regs */
+       movq ORIG_RAX-ARGOFFSET(%rsp),%rax
        jmp system_call_fastpath        /*      and return to the fast path */