From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Andy Lutomirski <luto@kernel.org>,
Jan Beulich <jbeulich@suse.com>,
xen-devel <xen-devel@lists.xenproject.org>,
X86 ML <x86@kernel.org>, "Peter Zijlstra" <peterz@infradead.org>
Cc: lkml <linux-kernel@vger.kernel.org>
Subject: Re: [Xen-devel] [PATCH] x86/stackframe/32: repair 32-bit Xen PV
Date: Thu, 24 Oct 2019 17:31:57 +0100 [thread overview]
Message-ID: <8f9f812b-c28a-5828-d8d9-37ae7e2f99da@citrix.com> (raw)
In-Reply-To: <CALCETrWAALF7EgxHGs-rtZwk1Fxttr56QKXeB6QssXbyXDs+kA@mail.gmail.com>
On 24/10/2019 17:11, Andy Lutomirski wrote:
>> +# define USER_SEGMENT_RPL_MASK (SEGMENT_RPL_MASK & ~1)
>> +#endif
>> +
>> .section .entry.text, "ax"
>>
>> /*
>> @@ -172,7 +183,7 @@
>> ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_PTI
>> .if \no_user_check == 0
>> /* coming from usermode? */
>> - testl $SEGMENT_RPL_MASK, PT_CS(%esp)
>> + testl $USER_SEGMENT_RPL_MASK, PT_CS(%esp)
> Shouldn't PT_CS(%esp) be 0 if we came from the kernel? I'm guessing
> the actual bug is in whatever code put 1 in here in the first place.
Ring1 kernels (32bit) consistently see RPL1 everywhere under Xen.
Back in the days of a 32bit Xen, int $0x80 really was wired directly
from ring 3 to 1, and didn't bounce through Xen. This isn't possible in
long mode, because all IDT gates are required to be 64bit code segments.
Ring3 kernels (64bit) consistently see RPL0 everywhere under Xen,
because presumably this was less invasive when designing the ABI.
~Andrew
next prev parent reply other threads:[~2019-10-24 16:40 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-07 10:41 [PATCH] x86/stackframe/32: repair 32-bit Xen PV Jan Beulich
2019-10-24 7:40 ` Ping: " Jan Beulich
2019-10-24 16:11 ` Andy Lutomirski
2019-10-24 16:31 ` Andrew Cooper [this message]
2019-10-24 16:33 ` [Xen-devel] " Andy Lutomirski
2019-10-25 6:06 ` Jan Beulich
2019-10-25 6:09 ` Jürgen Groß
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8f9f812b-c28a-5828-d8d9-37ae7e2f99da@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).