From: Peter Zijlstra <peterz@infradead.org>
To: torvalds@linux-foundation.org, tglx@linutronix.de, hpa@zytor.com,
julien.thierry@arm.com, will.deacon@arm.com, luto@amacapital.net,
mingo@kernel.org, catalin.marinas@arm.com, james.morse@arm.com,
valentin.schneider@arm.com, brgerst@gmail.com,
jpoimboe@redhat.com, luto@kernel.org, bp@alien8.de,
dvlasenk@redhat.com
Cc: linux-kernel@vger.kernel.org, dvyukov@google.com, rostedt@goodmis.org
Subject: [PATCH 01/25] sched/x86: Save [ER]FLAGS on context switch
Date: Tue, 19 Mar 2019 12:16:33 +0100 [thread overview]
Message-ID: <20190319111633.GY6058@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <20190318155139.963285969@infradead.org>
New patch #1
---
Subject: sched/x86: Save [ER]FLAGS on context switch
From: Peter Zijlstra <peterz@infradead.org>
Date: Thu Feb 14 10:30:52 CET 2019
Effectively reverts commit:
2c7577a75837 ("sched/x86_64: Don't save flags on context switch")
Specifically because SMAP uses FLAGS.AC which invalidates the claim
that the kernel has clean flags.
In particular; while preemption from interrupt return is fine (the
IRET frame on the exception stack contains FLAGS) it breaks any code
that does synchonous scheduling, including preempt_enable().
This has become a significant issue ever since commit:
5b24a7a2aa20 ("Add 'unsafe' user access functions for batched accesses")
provided for means of having 'normal' C code between STAC / CLAC,
exposing the FLAGS.AC state. So far this hasn't led to trouble,
however fix it before it comes apart.
Fixes: 5b24a7a2aa20 ("Add 'unsafe' user access functions for batched accesses")
Acked-by: Andy Lutomirski <luto@amacapital.net>
Reported-by: Julien Thierry <julien.thierry@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
arch/x86/entry/entry_32.S | 2 ++
arch/x86/entry/entry_64.S | 2 ++
arch/x86/include/asm/switch_to.h | 1 +
arch/x86/kernel/process_32.c | 7 +++++++
arch/x86/kernel/process_64.c | 8 ++++++++
5 files changed, 20 insertions(+)
--- a/arch/x86/entry/entry_32.S
+++ b/arch/x86/entry/entry_32.S
@@ -650,6 +650,7 @@ ENTRY(__switch_to_asm)
pushl %ebx
pushl %edi
pushl %esi
+ pushfl
/* switch stack */
movl %esp, TASK_threadsp(%eax)
@@ -672,6 +673,7 @@ ENTRY(__switch_to_asm)
#endif
/* restore callee-saved registers */
+ popfl
popl %esi
popl %edi
popl %ebx
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -291,6 +291,7 @@ ENTRY(__switch_to_asm)
pushq %r13
pushq %r14
pushq %r15
+ pushfq
/* switch stack */
movq %rsp, TASK_threadsp(%rdi)
@@ -313,6 +314,7 @@ ENTRY(__switch_to_asm)
#endif
/* restore callee-saved registers */
+ popfq
popq %r15
popq %r14
popq %r13
--- a/arch/x86/include/asm/switch_to.h
+++ b/arch/x86/include/asm/switch_to.h
@@ -40,6 +40,7 @@ asmlinkage void ret_from_fork(void);
* order of the fields must match the code in __switch_to_asm().
*/
struct inactive_task_frame {
+ unsigned long flags;
#ifdef CONFIG_X86_64
unsigned long r15;
unsigned long r14;
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -127,6 +127,13 @@ int copy_thread_tls(unsigned long clone_
struct task_struct *tsk;
int err;
+ /*
+ * For a new task use the RESET flags value since there is no before.
+ * All the status flags are zero; DF and all the system flags must also
+ * be 0, specifically IF must be 0 because we context switch to the new
+ * task with interrupts disabled.
+ */
+ frame->flags = X86_EFLAGS_FIXED;
frame->bp = 0;
frame->ret_addr = (unsigned long) ret_from_fork;
p->thread.sp = (unsigned long) fork_frame;
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -392,6 +392,14 @@ int copy_thread_tls(unsigned long clone_
childregs = task_pt_regs(p);
fork_frame = container_of(childregs, struct fork_frame, regs);
frame = &fork_frame->frame;
+
+ /*
+ * For a new task use the RESET flags value since there is no before.
+ * All the status flags are zero; DF and all the system flags must also
+ * be 0, specifically IF must be 0 because we context switch to the new
+ * task with interrupts disabled.
+ */
+ frame->flags = X86_EFLAGS_FIXED;
frame->bp = 0;
frame->ret_addr = (unsigned long) ret_from_fork;
p->thread.sp = (unsigned long) fork_frame;
next prev parent reply other threads:[~2019-03-19 11:16 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-18 15:38 [PATCH 00/25] objtool: UACCESS validation v4 Peter Zijlstra
2019-03-18 15:38 ` [PATCH 01/25] x86: Make SMAP 64-bit only Peter Zijlstra
2019-03-18 16:58 ` Linus Torvalds
2019-03-18 17:36 ` Peter Zijlstra
2019-03-18 17:51 ` Peter Zijlstra
2019-03-18 18:10 ` Linus Torvalds
2019-03-21 17:12 ` hpa
2019-03-21 17:25 ` Denys Vlasenko
2019-03-21 18:18 ` hpa
2019-03-21 21:03 ` Peter Zijlstra
2019-03-21 18:21 ` Linus Torvalds
2019-03-19 11:16 ` Peter Zijlstra [this message]
2019-03-18 15:38 ` [PATCH 02/25] tracing: Improve "if" macro code generation Peter Zijlstra
2019-03-18 17:41 ` Steven Rostedt
2019-03-18 23:37 ` Josh Poimboeuf
2019-03-19 10:11 ` Peter Zijlstra
2019-03-20 11:18 ` David Laight
2019-03-20 17:26 ` Linus Torvalds
2019-03-20 17:37 ` David Laight
2019-03-20 17:38 ` Linus Torvalds
2019-03-20 18:18 ` Steven Rostedt
2019-05-09 13:00 ` Steven Rostedt
2019-05-09 16:51 ` Linus Torvalds
2019-05-09 18:29 ` Steven Rostedt
2019-05-09 18:45 ` Josh Poimboeuf
2019-05-09 18:47 ` Josh Poimboeuf
2019-05-09 18:48 ` Randy Dunlap
2019-05-09 18:57 ` Josh Poimboeuf
2019-05-09 19:06 ` Steven Rostedt
2019-05-09 19:28 ` Steven Rostedt
2019-05-09 19:44 ` Linus Torvalds
2019-03-18 15:38 ` [PATCH 03/25] x86/ia32: Fix ia32_restore_sigcontext AC leak Peter Zijlstra
2019-03-18 15:38 ` [PATCH 04/25] i915,uaccess: Fix redundant CLAC Peter Zijlstra
2019-03-18 15:38 ` [PATCH 05/25] x86/uaccess: Move copy_user_handle_tail into asm Peter Zijlstra
2019-03-18 15:38 ` [PATCH 06/25] x86/uaccess: Fix up the fixup Peter Zijlstra
2019-03-18 15:38 ` [PATCH 07/25] x86/nospec,objtool: Introduce ANNOTATE_IGNORE_ALTERNATIVE Peter Zijlstra
2019-03-18 15:38 ` [PATCH 08/25] x86/uaccess,xen: Suppress SMAP warnings Peter Zijlstra
2019-03-18 15:38 ` [PATCH 09/25] x86/uaccess: Always inline user_access_begin() Peter Zijlstra
2019-03-18 15:38 ` [PATCH 10/25] x86/uaccess,signal: Fix AC=1 bloat Peter Zijlstra
2019-03-18 15:38 ` [PATCH 11/25] x86/uaccess: Introduce user_access_{save,restore}() Peter Zijlstra
2019-03-18 15:38 ` [PATCH 12/25] x86/smap: Ditch __stringify() Peter Zijlstra
2019-03-18 15:38 ` [PATCH 13/25] x86/uaccess,kasan: Fix KASAN vs SMAP Peter Zijlstra
2019-03-18 15:38 ` [PATCH 14/25] x86/uaccess,ubsan: Fix UBSAN " Peter Zijlstra
2019-03-18 15:38 ` [PATCH 15/25] x86/uaccess,ftrace: Fix ftrace_likely_update() " Peter Zijlstra
2019-03-18 15:38 ` [PATCH 16/25] x86/uaccess,kcov: Disable stack protector Peter Zijlstra
2019-03-18 15:38 ` [PATCH 17/25] objtool: Set insn->func for alternatives Peter Zijlstra
2019-03-18 15:38 ` [PATCH 18/25] objtool: Handle function aliases Peter Zijlstra
2019-03-18 15:38 ` [PATCH 19/25] objtool: Rewrite add_ignores() Peter Zijlstra
2019-03-18 15:39 ` [PATCH 20/25] objtool: Add --backtrace support Peter Zijlstra
2019-03-18 15:39 ` [PATCH 21/25] objtool: Rewrite alt->skip_orig Peter Zijlstra
2019-03-18 15:39 ` [PATCH 22/25] objtool: Fix sibling call detection Peter Zijlstra
2019-03-18 15:39 ` [PATCH 23/25] objtool: Add UACCESS validation Peter Zijlstra
2019-03-18 23:51 ` Josh Poimboeuf
2019-05-07 11:52 ` Peter Zijlstra
2019-03-18 15:39 ` [PATCH 24/25] objtool: uaccess PUSHF/POPF support Peter Zijlstra
2019-03-18 15:39 ` [PATCH 25/25] objtool: Add Direction Flag validation Peter Zijlstra
2019-03-18 23:57 ` [PATCH 00/25] objtool: UACCESS validation v4 Josh Poimboeuf
2019-03-19 11:20 ` Peter Zijlstra
2019-03-19 11:17 ` [PATCH 26/25] sched/x86_64: Don't save flags on context switch Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190319111633.GY6058@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=catalin.marinas@arm.com \
--cc=dvlasenk@redhat.com \
--cc=dvyukov@google.com \
--cc=hpa@zytor.com \
--cc=james.morse@arm.com \
--cc=jpoimboe@redhat.com \
--cc=julien.thierry@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=valentin.schneider@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).