Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756400AbdCUFSo (ORCPT <rfc822;w@1wt.eu>);
        Tue, 21 Mar 2017 01:18:44 -0400
Received: from mail-vk0-f41.google.com ([209.85.213.41]:36448 "EHLO
        mail-vk0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751776AbdCUFSn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 21 Mar 2017 01:18:43 -0400
MIME-Version: 1.0
In-Reply-To: <62b7748542df0164af7e0a5231283b9b13858c45.1489900519.git.luto@kernel.org>
References: <62b7748542df0164af7e0a5231283b9b13858c45.1489900519.git.luto@kernel.org>
From: Andy Lutomirski <luto@amacapital.net>
Date: Mon, 20 Mar 2017 22:18:21 -0700
Message-ID: <CALCETrVHm1ovumDyK6oGs=hQ74+GtkZ4z7ndsSENjEAtrUFGUg@mail.gmail.com>
Subject: Re: [PATCH tip:x86/mm] x86/tls: Forcibly set the accessed bit in TLS segments
To: Andy Lutomirski <luto@kernel.org>
Cc: X86 ML <x86@kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Borislav Petkov <bp@alien8.de>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Thomas Garnier <thgarnie@google.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1385
Lines: 27

On Sat, Mar 18, 2017 at 10:17 PM, Andy Lutomirski <luto@kernel.org> wrote:
> For mysterious historical reasons, struct user_desc doesn't indicate
> whether segments are accessed.  set_thread_area() has always
> programmed segments as non-accessed, so the first write will set the
> accessed bit.  This will fault if the GDT is read-only.
>
> Fix it by making TLS segments start out accessed.
>
> If this ends up breaking something, we could, in principle, leave
> TLS segments non-accessed and fix them up when we get the page
> fault.  I'd be surprised, though -- AFAIK all the nasty legacy
> segmented programs (DOSEMU, Wine, things that run on DOSEMU and
> Wine, etc.) do their nasty segmented things using the LDT and not
> the GDT.  I assume this is mainly because old OSes (Linux and
> otherwise) didn't historically provide APIs to do nasty things in
> the GDT.
>
> Fixes: 45fc8757d1d2 ("x86: Make the GDT remapping read-only on 64-bit")
> Signed-off-by: Andy Lutomirski <luto@kernel.org>

FWIW, I'm now extra convinced that this won't break anything: the
accessed bit didn't work properly before this patch.  When we
scheduled a task in, we'd copy the TLS segment descriptors to the GDT,
but we never copied them back out when we scheduled out, so the
accessed bit would randomly clear itself.  Whoops :)

So arguably this patch would be a bugfix even without Thomas' changes.