Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755775AbcCUWru (ORCPT <rfc822;w@1wt.eu>);
	Mon, 21 Mar 2016 18:47:50 -0400
Received: from mail-oi0-f49.google.com ([209.85.218.49]:35184 "EHLO
	mail-oi0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753128AbcCUWrt (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 21 Mar 2016 18:47:49 -0400
MIME-Version: 1.0
In-Reply-To: <20160321224152.GH5083@two.firstfloor.org>
References: <1458576969-13309-1-git-send-email-andi@firstfloor.org>
 <CALCETrXvREAXmjS-FkAMTDYDnTsBsrAYGKo32=fgEGJqC8k6Yg@mail.gmail.com>
 <20160321190322.GZ5083@two.firstfloor.org> <CALCETrVgEpDm1DN=1kq1JFx8Y9pf3xani_73WixrrHZwhZ+4RA@mail.gmail.com>
 <20160321194027.GB5083@two.firstfloor.org> <CALCETrW5RZrh1YCxT2_cnQAHndoiN+J_15iHBKM6BH6WN4UeXg@mail.gmail.com>
 <20160321221148.GF5083@two.firstfloor.org> <CALCETrVrZyg98YiNOtMpx2m2pcjZm6TuqQDPPuohu8+puke5xw@mail.gmail.com>
 <20160321224152.GH5083@two.firstfloor.org>
From: Andy Lutomirski <luto@amacapital.net>
Date: Mon, 21 Mar 2016 15:47:28 -0700
Message-ID: <CALCETrXbZuVacSGBUvbcQQqUaqCtmOOXJv_pc=wA4mtnGy-nPQ@mail.gmail.com>
Subject: Re: Updated version of RD/WR FS/GS BASE patchkit
To: Andi Kleen <andi@firstfloor.org>
Cc: X86 ML <x86@kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1208
Lines: 34

On Mon, Mar 21, 2016 at 3:41 PM, Andi Kleen <andi@firstfloor.org> wrote:
>> Imagine that some brilliant lightweight threading library does:
>>
>>  - set GS to nonzero (by whatever means -- arch_prctl(ARCH_SET_GS,
>> whatever) on a pre-IVB host followed by migration, some modify_ldt
>> garbage, simple bloody-mindedness, whatever);
>
> Migration is only possible when the CPUID flags match.
>
>>  - WRGSBASE
>>  - Use GS for a bit
>>
>> This will work most of the time until it gets unlucky with preemption.
>
> As soon as a kernel thread or something else schedules the value
> will be lost.
>
>> And yes, runtime library authors really do mess up in amazing ways.
>>
>> It's an issue.  It needs conscious design.
>
> Ok. So your only objection is the order of the context switch
> updates?

No.  My objection is that there needs to be an explicit statement what
the semantics are.  If the agreed-upon semantics are "undefined
behavior if GS != 0 and GSBASE doesn't match the descriptor", so be
it, but this needs to be a conscious decision and needs to be weighed
against the alternatives.

The actual implementation details are just details.  They need to
match the intended semantics, of course.

--Andy