Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933064AbeALDpm (ORCPT + 1 other); Thu, 11 Jan 2018 22:45:42 -0500 Received: from mx1.redhat.com ([209.132.183.28]:50662 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932806AbeALDpl (ORCPT ); Thu, 11 Jan 2018 22:45:41 -0500 Date: Thu, 11 Jan 2018 21:45:38 -0600 From: Josh Poimboeuf To: Andi Kleen Cc: tglx@linutronix.de, x86@kernel.org, linux-kernel@vger.kernel.org, torvalds@linux-foundation.org, dwmw@amazon.co.uk, pjt@google.com, luto@kernel.org, peterz@infradead.org, thomas.lendacky@amd.com, tim.c.chen@linux.intel.com, gregkh@linux-foundation.org, dave.hansen@intel.com, jikos@kernel.org, Andi Kleen Subject: Re: [PATCH v1 3/8] x86/entry/clearregs: Clear registers for 64bit SYSCALL Message-ID: <20180112034538.z2ofmdmhkbz5ybww@treble> References: <20180110010328.22163-1-andi@firstfloor.org> <20180110010328.22163-4-andi@firstfloor.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20180110010328.22163-4-andi@firstfloor.org> User-Agent: Mutt/1.6.0.1 (2016-04-01) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Fri, 12 Jan 2018 03:45:41 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Tue, Jan 09, 2018 at 05:03:23PM -0800, Andi Kleen wrote: > From: Andi Kleen > > We clear all the non argument registers for 64bit SYSCALLs > to minimize any risk of bad speculation using user values. > > So far unused argument registers still leak. To be addressed > in future patches. > > Signed-off-by: Andi Kleen > --- > arch/x86/entry/entry_64.S | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S > index bbdfbdd817d6..632081fd7086 100644 > --- a/arch/x86/entry/entry_64.S > +++ b/arch/x86/entry/entry_64.S > @@ -236,6 +236,14 @@ GLOBAL(entry_SYSCALL_64_after_hwframe) > pushq %r11 /* pt_regs->r11 */ > sub $(6*8), %rsp > SAVE_EXTRA_REGS > + /* Sanitize registers against speculation attacks */ This comment isn't necessary, though it would be good to add comments above the CLEAR macros themselves explaining why they're needed. > + /* r10 is cleared later, arguments are handled in san_args* */ What is san_args? > + CLEAR_R11_TO_R15 > +#ifndef CONFIG_FRAME_POINTER > + xor %ebp, %ebp > +#endif Why is %rbp not cleared with CONFIG_FRAME_POINTER? Is it because it will get clobbered by the first called function? > + xor %ebx, %ebx > + xor %ecx, %ecx I think clearing %ecx isn't needed, it gets clobbered below for the fast path, and gets clobbered by do_syscall_64() for the slow path. > > UNWIND_HINT_REGS extra=0 > > @@ -263,6 +271,7 @@ entry_SYSCALL_64_fastpath: > #endif > ja 1f /* return -ENOSYS (already in pt_regs->ax) */ > movq %r10, %rcx > + xor %r10, %r10 > > #ifdef CONFIG_RETPOLINE > movq sys_call_table(, %rax, 8), %rax Now that the fast path is getting slower, I wonder if it still makes sense to have a "fast path"? It would be good to see measurements comparing the fast and slow paths. -- Josh