Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp31567imm;
        Mon, 4 Jun 2018 12:27:50 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKKtGp2c8IlrKMSs6vAIRPdJB9DJ2exGU/FDpy9IuvetFLiL03AN6oore8ky8gD8tn/UHqT/
X-Received: by 2002:a63:9e42:: with SMTP id r2-v6mr18154167pgo.436.1528140470120;
        Mon, 04 Jun 2018 12:27:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528140470; cv=none;
        d=google.com; s=arc-20160816;
        b=RnMuJiu8kzJ6s4OC3gFACmVGnjNJvSnYAlgjCB7N9zzZTDUlAHk6U+5sgxnO8agt4Z
         LHd1lxde2yJe0r7DWbQUcIHhoBO7rbA0vdHVRet+zCW7ydroX8q+SCzX1QH+D+4d55VP
         m9PVw5PlPNjZdo6425HsAzpJ0vuw3Bmvuxf/HnpEsU1SNUV+fsOK80t/HcSbUPz//goE
         i0lBWPH33r92cfg+NpMrI1m1mIYxhU6kesFtm9cUYDc17JdJIa7PH0xT138q/CreWZA6
         zIzhr5VuE/f0A0PsKhO9CHZ/PsRVyeUCPcvP2jPp8OEHr82IamRhPo8RSC8ghvm/gGlP
         rWoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:arc-authentication-results;
        bh=f1T0O80I55Zk+EttnbhkDBKLawuHDLr6Hl7ESN66xyE=;
        b=jK1Ul+o0J+zy3W6wJl2qIjqwrcRx/IOI/sqRCNDyOz8lLpEHY0SVYDc5FRbKXHwx6W
         ILUUXz9bSbziCrwZvB6SqN4pFkjkjA3UAmb2WIQocgik6ZBsG/rF2foXa77X7i70HVSe
         1jmbL1JG7+hRcBP3XFYcBj77HHJbGlIGkBQC+G3/XKZDqsHt6uTJ8lIdMI6H0qCXBSCH
         PNbYTxXt+d0weMXaYraWX8SSwQ9hiub2hgHXWsJXUYvTSggk7jmOralEdmj76PrFpDEe
         LICg9TEiP5pvMwTtFnOPIaGFMPckqB2hdY2h3927n4MKO8tKYghaQopaT/VfiKJFNXJB
         IGBg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 61-v6si46445438plz.290.2018.06.04.12.27.35;
        Mon, 04 Jun 2018 12:27:50 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751445AbeFDTZn (ORCPT <rfc822;rao.subba.venkata@gmail.com>
        + 99 others); Mon, 4 Jun 2018 15:25:43 -0400
Received: from mga05.intel.com ([192.55.52.43]:40504 "EHLO mga05.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751099AbeFDTYq (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Jun 2018 15:24:46 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
  by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Jun 2018 12:24:45 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.49,476,1520924400"; 
   d="scan'208";a="64240678"
Received: from chang-linux-2.sc.intel.com ([10.3.52.139])
  by orsmga002.jf.intel.com with ESMTP; 04 Jun 2018 12:24:45 -0700
From:   "Chang S. Bae" <chang.seok.bae@intel.com>
To:     Andy Lutomirski <luto@kernel.org>,
        "H . Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@kernel.org>
Cc:     Andi Kleen <ak@linux.intel.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Markus T Metzger <markus.t.metzger@intel.com>,
        "Ravi V . Shankar" <ravi.v.shankar@intel.com>,
        "Chang S . Bae" <chang.seok.bae@intel.com>,
        LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH 2/6] x86/fsgsbase/64: Make ptrace read FS/GS base accurately
Date:   Mon,  4 Jun 2018 12:24:25 -0700
Message-Id: <1528140269-26205-3-git-send-email-chang.seok.bae@intel.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1528140269-26205-1-git-send-email-chang.seok.bae@intel.com>
References: <1528140269-26205-1-git-send-email-chang.seok.bae@intel.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Andy Lutomirski <luto@kernel.org>

ptrace can read FS/GS base using the register access API
(PTRACE_PEEKUSER, etc) or PTRACE_ARCH_PRCTL.  Make both of these
mechanisms return the actual FS/GS base.

This will improve debuggability by providing the correct information
to ptracer (GDB and etc).

Signed-off-by: Andy Lutomirski <luto@kernel.org>
[chang: Rebase and revise patch description]
Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
Reviewed-by: Andi Kleen <ak@linux.intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/kernel/process_64.c | 67 +++++++++++++++++++++++++++++++++-----------
 1 file changed, 51 insertions(+), 16 deletions(-)

diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index ace0158..e498671 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -279,6 +279,49 @@ static __always_inline void load_seg_legacy(unsigned short prev_index,
 	}
 }
 
+static unsigned long task_seg_base(struct task_struct *task,
+				   unsigned short selector)
+{
+	unsigned short idx = selector >> 3;
+	unsigned long base;
+
+	if (likely((selector & SEGMENT_TI_MASK) == 0)) {
+		if (unlikely(idx >= GDT_ENTRIES))
+			return 0;
+
+		/*
+		 * There are no user segments in the GDT with nonzero bases
+		 * other than the TLS segments.
+		 */
+		if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
+			return 0;
+
+		idx -= GDT_ENTRY_TLS_MIN;
+		base = get_desc_base(&task->thread.tls_array[idx]);
+	} else {
+#ifdef CONFIG_MODIFY_LDT_SYSCALL
+		struct ldt_struct *ldt;
+
+		/*
+		 * If performance here mattered, we could protect the LDT
+		 * with RCU.  This is a slow path, though, so we can just
+		 * take the mutex.
+		 */
+		mutex_lock(&task->mm->context.lock);
+		ldt = task->mm->context.ldt;
+		if (unlikely(idx >= ldt->nr_entries))
+			base = 0;
+		else
+			base = get_desc_base(ldt->entries + idx);
+		mutex_unlock(&task->mm->context.lock);
+#else
+		base = 0;
+#endif
+	}
+
+	return base;
+}
+
 void write_fsbase(unsigned long fsbase)
 {
 	/* set the selector to 0 to not confuse __switch_to */
@@ -297,16 +340,12 @@ unsigned long read_task_fsbase(struct task_struct *task)
 {
 	unsigned long fsbase;
 
-	if (task == current) {
+	if (task == current)
 		fsbase = read_fsbase();
-	} else {
-		/*
-		 * XXX: This will not behave as expected if called
-		 * if fsindex != 0. This preserves an existing bug
-		 * that will be fixed.
-		 */
+	else if (task->thread.fsindex == 0)
 		fsbase = task->thread.fsbase;
-	}
+	else
+		fsbase = task_seg_base(task, task->thread.fsindex);
 
 	return fsbase;
 }
@@ -315,16 +354,12 @@ unsigned long read_task_gsbase(struct task_struct *task)
 {
 	unsigned long gsbase;
 
-	if (task == current) {
+	if (task == current)
 		gsbase = read_inactive_gsbase();
-	} else {
-		/*
-		 * XXX: This will not behave as expected if called
-		 * if gsindex != 0. Same bug preservation as above
-		 * read_task_fsbase.
-		 */
+	else if (task->thread.gsindex == 0)
 		gsbase = task->thread.gsbase;
-	}
+	else
+		gsbase = task_seg_base(task, task->thread.gsindex);
 
 	return gsbase;
 }
-- 
2.7.4