From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753308AbbCIRqF (ORCPT <rfc822;w@1wt.eu>);
	Mon, 9 Mar 2015 13:46:05 -0400
Received: from mail-la0-f48.google.com ([209.85.215.48]:35781 "EHLO
	mail-la0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751400AbbCIRqE (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 9 Mar 2015 13:46:04 -0400
MIME-Version: 1.0
In-Reply-To: <54FDDB90.9010706@zytor.com>
References: <1425909943-14687-1-git-send-email-dvlasenk@redhat.com>
 <CA+55aFzck8nuV06AZhhFXgUQEsujZCtufw0jY4iswJUggh6ruA@mail.gmail.com> <54FDDB90.9010706@zytor.com>
From: Andy Lutomirski <luto@amacapital.net>
Date: Mon, 9 Mar 2015 10:45:41 -0700
Message-ID: <CALCETrV8BhaL9MUv9ZroyWwrBKdDXL+ZwY3dELO80N3bcsxi5A@mail.gmail.com>
Subject: Re: [PATCH] x86: entry_32.S: change ESPFIX test to not touch PT_OLDSS(%esp)
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
        Denys Vlasenko <dvlasenk@redhat.com>,
        Steven Rostedt <rostedt@goodmis.org>, Ingo Molnar <mingo@kernel.org>,
        Borislav Petkov <bp@alien8.de>, Oleg Nesterov <oleg@redhat.com>,
        Frederic Weisbecker <fweisbec@gmail.com>,
        Alexei Starovoitov <ast@plumgrid.com>, Will Drewry <wad@chromium.org>,
        Kees Cook <keescook@chromium.org>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Mar 9, 2015 at 10:42 AM, H. Peter Anvin <hpa@zytor.com> wrote:
> On 03/09/2015 09:08 AM, Linus Torvalds wrote:
>>
>> Sure, the btl is easier to explain in the source code, but instead of this:
>>
>>> +       btl     $X86_EFLAGS_VM_BIT,PT_EFLAGS(%esp)
>>
>> you'd have to add a comment, like
>>
>>     testb $2, PT_EFLAGS+2(%esp)  # X86_EFLAGS_VM_BIT
>>
>> or something.
>>
>
> Maybe:
>
>         testb $(X86_EFLAGS_VM-16), PT_EFLAGS+2(%esp)
>
>> Or just at least *partially* do what we used to do, and make it all be
>>
>>     movb  PT_EFLAGS+2(%esp),%al
>>     andb $2,%al
>>     orb PT_CS(%esp),%al
>>     testb $3,%al
>>     je restore_nocheck
>>     testb $SEGMENT_TI_MASK,PT_OLDSS(%esp)
>>     jne ldt_ss
>>
>> which still avoids looking at SS unless needed, and is smaller and
>> faster than the btl, afaik.
>
> The question is if avoiding looking at a field on the stack matters at all.

It does for silly reasons.

If sp0 is set to the very top of the stack, then an NMI immediately
after sysenter will have OLDSS off the top of the stack, and reading
it can crash.  This is why 32-bit kernels have a (buggy!) 8 byte
offset in sp0.

An alternative would be to fix the bug, but I still think it's ugly.

--Andy