Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1170895imm; Fri, 22 Jun 2018 11:31:45 -0700 (PDT) X-Google-Smtp-Source: ADUXVKK5/LvEOS/fTob7tIBzwqropVZclb9y/fNBFv5urJTUMpnkwm1LbcSpeAYUZVZgCcZHmRZ6 X-Received: by 2002:a17:902:8347:: with SMTP id z7-v6mr2861100pln.290.1529692305899; Fri, 22 Jun 2018 11:31:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529692305; cv=none; d=google.com; s=arc-20160816; b=MJplW57aHBjioplF74O3UQGDBL0eCVxmhAUV1Ai0RjLWNIELkk+yKyH+0gGNVaHWWi KoQ2S7k/A3D6b6S16OfO+AV3m3yNh/pNPLh96T696Wm2510WksHBvyfsQxG4GG0JGwPh MfJ6DvRC1rQS2zFJ/O9U1T3U6wPywFfKm5j7UznnBhFXkTlaoTojFKDrCnAirXM4CLv5 HYrxJE9aOBuceNt/FghpnTLrhPoMF/74Nelme3uwNSp2CPsJLcGNc4le32tllPwPiMuI n+8KyQNn8sXxCxyRRjjvTHdZCjBexmU0FteZRxc7aoZXbF0iS+weV9nv45RI27N3MqfH phSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=KdWnPEe0ijxtb4lTlqWL0TeUUcDzhvV1QXMYR2x6lLM=; b=zU95IdZO9anWYZ3ybVwV67ioPEk23AvkhXJPKsf5JWWR9x1WMD5J9+JT1A2bxuFTC8 UnkpkpOiVIOe1w30jyH2jT9aJmDC7/QMCH3YtepSm1E6WmnytRGSWoFWcPv/yfGcx1Ce A6GpLU+dT5eaBZ+RJOLKiVvcxrrrwDnARCd/VLOLeFMFjZTOFHWdXHRqCRiSQjOp2BXD 3h2+gf0ojqGEtH8gzzbTA3rqeUX2uhrClcg1T9tcKT1nqWzVFbUo7aX5inJh67KPErOj HMc4gFxYyHYpOBd07rbamdUZRM+D45US/c7G9r2hL0dJUESYqqiUPOBaYKLWIOflsO5w poGw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c18-v6si6680509pgf.301.2018.06.22.11.31.31; Fri, 22 Jun 2018 11:31:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934257AbeFVS3r (ORCPT + 99 others); Fri, 22 Jun 2018 14:29:47 -0400 Received: from mga18.intel.com ([134.134.136.126]:6857 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933869AbeFVS3q (ORCPT ); Fri, 22 Jun 2018 14:29:46 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Jun 2018 11:29:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,258,1526367600"; d="scan'208";a="210351474" Received: from hanvin-mobl2.sc.intel.com (HELO hanvin-mobl2.amr.corp.intel.com) ([10.144.152.78]) by orsmga004.jf.intel.com with ESMTP; 22 Jun 2018 11:29:45 -0700 Subject: Re: [PATCH v3 1/7] x86/ldt: refresh %fs and %gs in refresh_ldt_segments() To: Andy Lutomirski Cc: LKML , "H. Peter Anvin" , "H. Peter Anvin" , Ingo Molnar , Thomas Gleixner , "Bae, Chang Seok" , "Metzger, Markus T" References: <20180621211754.12757-1-h.peter.anvin@intel.com> <20180621211754.12757-2-h.peter.anvin@intel.com> From: "H. Peter Anvin" Message-ID: <408ed97a-c64d-c523-c403-4e066d1f34c3@intel.com> Date: Fri, 22 Jun 2018 11:29:45 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/22/18 07:24, Andy Lutomirski wrote: > > That RPL3 part is false. The following program does: > > #include > > int main() > { > unsigned short sel; > asm volatile ("mov %%ss, %0" : "=rm" (sel)); > sel &= ~3; > printf("Will write 0x%hx to GS\n", sel); > asm volatile ("mov %0, %%gs" :: "rm" (sel & ~3)); > asm volatile ("mov %%gs, %0" : "=rm" (sel)); > printf("GS = 0x%hx\n", sel); > return 0; > } > > prints: > > Will write 0x28 to GS > GS = 0x28 > > The x86 architecture is *insane*. > > Other than that, this patch seems generally sensible. But my > objection that it's incorrect with FSGSBASE enabled for %fs and %gs > still applies. > Ugh, you're right... I misremembered. The CPL simply overrides the RPL rather than trapping. We still need to give legacy applications which have zero idea about the separate bases that apply only to 64-bit mode a way to DTRT. Requiring these old crufty applications to do something new is not an option. As ugly as it is, I'm thinking the Right Thing is to simply make it a part of the Linux ABI that if the FS or GS selector registers point into the LDT then we will requalify them; if a 64-bit app does that then they get that behavior. This isn't something that will happen asynchronously, and if a 64-bit process loads an LDT value into FS or GS, they are considered to have opted in to that behavior. The only other sensible option is to conditionalize this on the affected process being in !64-bit mode. I don't like that myself. -hpa