Received: by 10.223.176.5 with SMTP id f5csp3092257wra; Mon, 29 Jan 2018 08:38:34 -0800 (PST) X-Google-Smtp-Source: AH8x224LTIHhkRINyy5YtOLu1K2ybAzeauWvZOn9/z817wqffDwF9SwzJDfX8x89/aFWNTC4qNZY X-Received: by 2002:a17:902:aa8e:: with SMTP id d14-v6mr1714730plr.94.1517243914286; Mon, 29 Jan 2018 08:38:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517243914; cv=none; d=google.com; s=arc-20160816; b=s3Svg2taaXcmmh3Qr3ZKI8GRtRYUVOMpsQoW4zjYUq2WrU+S9lXCYsI2etj78avu6T 26sSmXw9pcyoczzPot6I2+38kP1Fr/gJZixvFKQIOTypg++RlAvLhgfqJX7qpvMONa+e +og8LnAndqO+hFMhR5ou3UHW9+LrognzEXgINgXymQSa9nbJk7T0PiFALmjMQuEDxODC Bf8OTokl+8vffMEIuDtkOGRH1TbCbSFACfE5Q3l39E0iIYlB/+zlHX6LlC6aZVXiauD7 A15NhJvvNwSNPgk3162ohPqUZIF13iaBrD8bQpsBcFALusUd/dJQHJRvrQr87Zy4k0O+ osLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dmarc-filter :arc-authentication-results; bh=5kkobBy/7qfWVfb2e7veFWvX7R1c6Tekg6867lI3hKc=; b=SJa/m64Jj8Ti2GCrAOc71UMlqr8vwm2TCB/d4nvjhfpIy3SzLPp0sRoeUztA/HFP3m jEzsNuJzHs556YMqNhRlLxb6PpZ3YITpZk0qn5z/Lh4A7C19nyXIrv9aBp/1gNYXLtT8 ZLRvnuYaYVGYBg20qm3ng7goxBKtaLY+mPWqciay1Gz4EZtzux1zkCei5rf9F2hqfhxQ oY6nXH0//gS1oag4DqiCWN5gRtCGmdC/k12dl94y8Cp8i0D/M3ZsAtyurJJDcB8KxnS6 QB/AnUDVi1l+yvNxb6/pbXrRyNjbXWQvPvZgrSJlxxcNIZ8m0e4rhgErAFE4JmmhXo4e n1xw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y5-v6si40997plr.145.2018.01.29.08.38.19; Mon, 29 Jan 2018 08:38:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751732AbeA2Qhh (ORCPT + 99 others); Mon, 29 Jan 2018 11:37:37 -0500 Received: from mail.kernel.org ([198.145.29.99]:46518 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751411AbeA2Qhg (ORCPT ); Mon, 29 Jan 2018 11:37:36 -0500 Received: from mail-io0-f179.google.com (mail-io0-f179.google.com [209.85.223.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6784421780 for ; Mon, 29 Jan 2018 16:37:35 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6784421780 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org Received: by mail-io0-f179.google.com with SMTP id f4so8265475ioh.8 for ; Mon, 29 Jan 2018 08:37:35 -0800 (PST) X-Gm-Message-State: AKwxytdmXwX0KbyNTZpFwPh66vJYGGNyXB/VULu9AFesMWut+Xv5C1SY UyFc3rm7rXfaFisHFYAnQTBktcmED18xBnuwkMbOHQ== X-Received: by 10.107.170.132 with SMTP id g4mr24875918ioj.183.1517243854787; Mon, 29 Jan 2018 08:37:34 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.137.84 with HTTP; Mon, 29 Jan 2018 08:37:14 -0800 (PST) In-Reply-To: <46328204-e363-e517-f30c-c8c94ac1442c@zytor.com> References: <20180126153631.ha7yc33fj5uhitjo@xps> <46328204-e363-e517-f30c-c8c94ac1442c@zytor.com> From: Andy Lutomirski Date: Mon, 29 Jan 2018 08:37:14 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: selftests/x86/fsgsbase_64 test problem To: "H. Peter Anvin" Cc: Andy Lutomirski , Borislav Petkov , Dan Rue , Shuah Khan , Ingo Molnar , Dmitry Safonov , "open list:KERNEL SELFTEST FRAMEWORK" , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 29, 2018 at 1:13 AM, H. Peter Anvin wrote: > On 01/28/18 11:21, Andy Lutomirski wrote: >>> >>> I think the bug is here. I think that, when writing a NULL selector >>> to DS, ES, FS, or GS, Intel CPUs incorrectly set DPL == RPL, whereas >>> they should set DPL to 3. >> >> As an experiment, I did this: >> >> DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = { .gdt = { >> + [0] = { .dpl = 3, }, >> + >> >> This had no apparent effect. I was hoping that maybe loading NULL >> into a selector would copy DPL from from gdt[0], but it seems like it >> doesn't. >> > > GDT[0] doesn't actually exist. That's what I thought, too, and the SDM does say that, but the SDM says all kinds of not-quite-correct things about segmentation. > It is pretty much scratch space (I have > suggested using it for the gsbase once all those issues get sorted out, > because it lets the paranoid code do something like: > > rdgsbase %rax > push %rax /* Save old gsbase */ > push %rax /* Reserve space on stack */ > sgdt -2(%rsp) /* We don't care about the limit */ > pop %rax /* %rax <- gdtbase */ > mov (%rax),%rax /* GDT[0] holds the gsbase for this cpu */ > wrgsbase %rax That will utterly suck on non-UMIP machines that have hypervisor-provided UMIP emulation.