Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753161AbdLHQr6 (ORCPT <rfc822;w@1wt.eu>);
        Fri, 8 Dec 2017 11:47:58 -0500
Received: from mail.kernel.org ([198.145.29.99]:48436 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752360AbdLHQr4 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 8 Dec 2017 11:47:56 -0500
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CBBC621985
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org
X-Google-Smtp-Source: AGs4zMZNd7tmJymMQhkpFW+ak94SKGh3Q0Zus5UyDE8/76fXhmlQ6Tm423H4SJsCYdL29kMF8r3hpH8ENXGcr7gOF98=
MIME-Version: 1.0
In-Reply-To: <34ab84c5fbb849209c9d3877e89cab23@AcuMS.aculab.com>
References: <48fe5cf1382d6a95c7b1837415882edcc81a9781.1512631324.git.luto@kernel.org>
 <20171207124347.p7kdj7q4qqs3ivri@pd.tnic> <CALCETrVrQRUn6PoBBGSD8+-wRrWp3mQtKY1sYnCRFyDBte5usA@mail.gmail.com>
 <alpine.DEB.2.20.1712071814200.1835@nanos> <665F1CA8-D012-4465-B5F7-E81E088847DB@amacapital.net>
 <20171208073454.dicyefwncsihq7sm@gmail.com> <alpine.DEB.2.20.1712081033040.1840@nanos>
 <6363C18D-D84A-40E4-8ED4-FE996609467B@amacapital.net> <20171208140654.bths5fx2yxmndm42@hirez.programming.kicks-ass.net>
 <CALCETrWCoduoc9B336gg82qcN8nVJ4PwA508FLXnMzrin7nAfA@mail.gmail.com> <34ab84c5fbb849209c9d3877e89cab23@AcuMS.aculab.com>
From: Andy Lutomirski <luto@kernel.org>
Date: Fri, 8 Dec 2017 08:47:34 -0800
X-Gmail-Original-Message-ID: <CALCETrWZhXgq9akoh5UXiTMbPXfw-9GSuV3CiTQan3Yr6WdiMQ@mail.gmail.com>
Message-ID: <CALCETrWZhXgq9akoh5UXiTMbPXfw-9GSuV3CiTQan3Yr6WdiMQ@mail.gmail.com>
Subject: Re: [PATCH] LDT improvements
To: David Laight <David.Laight@aculab.com>
Cc: Andy Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@kernel.org>,
        Borislav Petkov <bp@alien8.de>, X86 ML <x86@kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Brian Gerst <brgerst@gmail.com>, Kees Cook <keescook@chromium.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 956
Lines: 23

On Fri, Dec 8, 2017 at 8:46 AM, David Laight <David.Laight@aculab.com> wrote:
> From: Andy Lutomirski
>> Sent: 08 December 2017 16:34
>
>> #GP on IRET is a failure, and we have disgusting code to handle it.
>
> Is that the trap in kernel space when the on-stack segment registers
> are invalid?
> Definitely needs horrid code...
>
>> #PF on IRET would not be a failure -- it's a case where IRET should be
>> retried.  Our crap that fixes up #GP would get that wrong and leave us
>> with the wrong GSBASE.
>
> If the user code page isn't present then the fault happens after the
> return to user mode, not on the IRET instruction in kernel mode.
> So it is not really any different to returning to a NOP at the end
> of a resident page when the page following is absent.
> (Or any other invalid %ip value.)

I mean: if the user CS or SS is not accessed and the LDT is RO, then
we get #PF on the IRET instruction, I think.  Dealing with that is
truly awful.