From: "tip-bot2 for H. Peter Anvin (Intel)" <tip-bot2@linutronix.de>
To: linux-tip-commits@vger.kernel.org
Cc: "H. Peter Anvin (Intel)" <hpa@zytor.com>,
Ingo Molnar <mingo@kernel.org>,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: [tip: x86/asm] x86/syscall: Maximize MSR_SYSCALL_MASK
Date: Wed, 12 May 2021 09:23:32 -0000 [thread overview]
Message-ID: <162081141265.29796.17924251937158616566.tip-bot2@tip-bot2> (raw)
In-Reply-To: <20210510185316.3307264-5-hpa@zytor.com>
The following commit has been merged into the x86/asm branch of tip:
Commit-ID: 6de4ac1d03f75248974a398110b15af0bfe65a11
Gitweb: https://git.kernel.org/tip/6de4ac1d03f75248974a398110b15af0bfe65a11
Author: H. Peter Anvin (Intel) <hpa@zytor.com>
AuthorDate: Mon, 10 May 2021 11:53:13 -07:00
Committer: Ingo Molnar <mingo@kernel.org>
CommitterDate: Wed, 12 May 2021 10:49:15 +02:00
x86/syscall: Maximize MSR_SYSCALL_MASK
It is better to clear as many flags as possible when we do a system
call entry, as opposed to the other way around. The fewer flags we
keep, the lesser the possible interference between the kernel and user
space.
The flags changed are:
- CF, PF, AF, ZF, SF, OF: these are arithmetic flags which affect
branches, possibly speculatively. They should be cleared for the same
reasons we now clear all GPRs on entry.
- RF: suppresses a code breakpoint on the subsequent instruction. It is
probably impossible to enter the kernel with RF set, but if it is
somehow not, it would break a kernel debugger setting a breakpoint on
the entry point. Either way, user space should not be able to control
kernel behavior here.
- ID: this flag has no direct effect (it is a scratch bit only.)
However, there is no reason to retain the user space value in the
kernel, and the standard should be to clear unless needed, not the
other way around.
Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20210510185316.3307264-5-hpa@zytor.com
---
arch/x86/kernel/cpu/common.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index a1b756c..6cf6975 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1773,10 +1773,16 @@ void syscall_init(void)
wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL);
#endif
- /* Flags to clear on syscall */
+ /*
+ * Flags to clear on syscall; clear as much as possible
+ * to minimize user space-kernel interference.
+ */
wrmsrl(MSR_SYSCALL_MASK,
- X86_EFLAGS_TF|X86_EFLAGS_DF|X86_EFLAGS_IF|
- X86_EFLAGS_IOPL|X86_EFLAGS_AC|X86_EFLAGS_NT);
+ X86_EFLAGS_CF|X86_EFLAGS_PF|X86_EFLAGS_AF|
+ X86_EFLAGS_ZF|X86_EFLAGS_SF|X86_EFLAGS_TF|
+ X86_EFLAGS_IF|X86_EFLAGS_DF|X86_EFLAGS_OF|
+ X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_RF|
+ X86_EFLAGS_AC|X86_EFLAGS_ID);
}
#else /* CONFIG_X86_64 */
next prev parent reply other threads:[~2021-05-12 9:23 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-10 18:53 [RFC v2 PATCH 0/6] x86/entry: cleanups and consistent syscall number handling H. Peter Anvin
2021-05-10 18:53 ` [RFC v2 PATCH 1/7] x86/entry: unify definitions from calling.h and ptrace-abi.h H. Peter Anvin
2021-05-12 9:23 ` [tip: x86/asm] x86/entry: Unify definitions from <asm/calling.h> and <asm/ptrace-abi.h> tip-bot2 for H. Peter Anvin (Intel)
2021-05-10 18:53 ` [RFC v2 PATCH 2/7] x86/entry: reverse arguments to do_syscall_64() H. Peter Anvin
2021-05-12 9:23 ` [tip: x86/asm] x86/entry: Reverse " tip-bot2 for H. Peter Anvin (Intel)
2021-05-10 18:53 ` [RFC v2 PATCH 3/7] x86/syscall: unconditionally prototype {ia32,x32}_sys_call_table[] H. Peter Anvin
2021-05-12 9:23 ` [tip: x86/asm] x86/syscall: Unconditionally " tip-bot2 for H. Peter Anvin (Intel)
2021-05-10 18:53 ` [RFC v2 PATCH 4/7] x86/syscall: maximize MSR_SYSCALL_MASK H. Peter Anvin
2021-05-12 9:23 ` tip-bot2 for H. Peter Anvin (Intel) [this message]
2021-05-10 18:53 ` [RFC v2 PATCH 5/7] x86/entry: split PUSH_AND_CLEAR_REGS into two submacros H. Peter Anvin
2021-05-12 9:23 ` [tip: x86/asm] x86/entry: Split " tip-bot2 for H. Peter Anvin (Intel)
2021-05-10 18:53 ` [RFC v2 PATCH 6/7] x86/regs: syscall_get_nr() returns -1 for a non-system call H. Peter Anvin
2021-05-12 9:23 ` [tip: x86/asm] x86/regs: Syscall_get_nr() " tip-bot2 for H. Peter Anvin
2021-05-10 18:53 ` [RFC v2 PATCH 7/7] x86/entry: use int for syscall number; handle all invalid syscall nrs H. Peter Anvin
2021-05-12 8:51 ` Ingo Molnar
2021-05-12 17:50 ` H. Peter Anvin
2021-05-12 12:09 ` Thomas Gleixner
2021-05-12 18:21 ` H. Peter Anvin
2021-05-12 18:34 ` Thomas Gleixner
2021-05-12 22:09 ` H. Peter Anvin
2021-05-12 22:22 ` Thomas Gleixner
2021-05-12 22:24 ` H. Peter Anvin
2021-05-14 0:38 ` H. Peter Anvin
2021-05-14 3:18 ` Andy Lutomirski
2021-05-14 3:23 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=162081141265.29796.17924251937158616566.tip-bot2@tip-bot2 \
--to=tip-bot2@linutronix.de \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).