Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp4273111imm; Sat, 21 Jul 2018 14:47:12 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfOrio7ydfCvhwTeME+gTjTJKL1j06bcPfMKdeBkZ4IxfBRNPAHW6Dxzim7gU0GIKhZrwQ/ X-Received: by 2002:a62:1f06:: with SMTP id f6-v6mr7356636pff.140.1532209632358; Sat, 21 Jul 2018 14:47:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532209632; cv=none; d=google.com; s=arc-20160816; b=GvtKYuXte5WhnVJqY8Aeup8ov6uBa1rB2a1H9ovCkBL2ozshoYkYTktjkfdAnfwtRO 7Uu61yU0xYaBFwtb7BGoRveffchJMCUwNJMoWlpW5jnfnaRhKd3ZQcuJed+qTEaqm5yL zrRuZPKe/yBB56u2nR/2yWNT0xjmcZ3D61QhdRJoP3i8Xb6Eqg/RHTX7kfERgL+t3jcG IfjevVa0nAU0atfqJB1BdwM5Y1/QUiCyLyoYAewEHKWYHZ2dcJH0WTx1+m7eKKfQc24a QswFKM+bPxyQnrFeh/nFWjoF2DX/ktL0zh5uyRTLPfv6gUFR/WYm+m9Uk4pynmbzQP2u zuOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=vG56lLoHG46ABYOI0hEt9KKuu8JCmnkDKX7cs60zRY4=; b=ZPp6yucto8BoS8k1IEztpD7vDaxj6N/3hCuXdgHDuImypZTuU8benyzBBoDmP1elCw e2H/h33gLrGJjSEUxDsLT5IRBctUZTC9Nk5uIYxE2ErFks93MOWbT44AAV89GQteEiNn NUwDpxQom+PqXDcWnS1OiGQw1UeO6CxDjY/fw1bNIaVDxXcfYMyPeGfTf6CW9gXoFd+R RTyehxsacSyv6szplpJH+Ru36crxbj364u4i0cB2496rY8MkuFqTZWdXCh+8knDtLyq1 gSchv17k+U/EP7el6FKUetxze4E432DpSAd5XaAtGGe5B4x12KoRbUGuw3XK2r/EXC9J 1ykw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Ue9RRV+e; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n20-v6si4547252plp.298.2018.07.21.14.46.55; Sat, 21 Jul 2018 14:47:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Ue9RRV+e; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728209AbeGUWkN (ORCPT + 99 others); Sat, 21 Jul 2018 18:40:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:53734 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728166AbeGUWkN (ORCPT ); Sat, 21 Jul 2018 18:40:13 -0400 Received: from mail-wm0-f42.google.com (mail-wm0-f42.google.com [74.125.82.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DF5AC20875 for ; Sat, 21 Jul 2018 21:46:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1532209561; bh=MPio0gvhtelbCQvqD7OQBz7v7atJ027Vg/wNk1Jm/FM=; h=In-Reply-To:References:From:Date:Subject:To:Cc:From; b=Ue9RRV+ezeDN0VUS+mOulHucy33gHs3Z1PXdXXimGwOKWanKahdKfNEdFWwbK8eee 98UThJnhWGG+tTO6yHDfdhwNnZGqAstlLR4UTm87om0ExWn6LJN9E+tUd0Owlr6T8k /CtgZ9RvvhvomuNUcfi+82GNtnBL7X5G4aGUVSmo= Received: by mail-wm0-f42.google.com with SMTP id l2-v6so6792305wme.1 for ; Sat, 21 Jul 2018 14:46:00 -0700 (PDT) X-Gm-Message-State: AOUpUlE6EYXnxMvsqV3bkxHrln5k3bnfAyAqFTeimIwahLBsMn+clZtD CZXul+8TSVHLB5Kixmrd/SHF20CrlJlWNIXy1++KGA== X-Received: by 2002:a1c:8b0d:: with SMTP id n13-v6mr3970179wmd.46.1532209559270; Sat, 21 Jul 2018 14:45:59 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1c:d548:0:0:0:0:0 with HTTP; Sat, 21 Jul 2018 14:45:38 -0700 (PDT) In-Reply-To: <20180721194909.23903-1-m.v.b@runbox.com> References: <20180721194909.23903-1-m.v.b@runbox.com> From: Andy Lutomirski Date: Sat, 21 Jul 2018 14:45:38 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/2] x86/entry/64: Do not clear %rbx under Xen To: "M. Vefa Bicakci" Cc: LKML , Dominik Brodowski , Andy Lutomirski , Ingo Molnar , "H. Peter Anvin" , Thomas Gleixner , Boris Ostrovsky , Juergen Gross , xen-devel@lists.xenproject.org, X86 ML , stable Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jul 21, 2018 at 12:49 PM, M. Vefa Bicakci wrote: > Commit 3ac6d8c787b8 ("x86/entry/64: Clear registers for > exceptions/interrupts, to reduce speculation attack surface") unintendedly > broke Xen PV virtual machines by clearing the %rbx register at the end of > xen_failsafe_callback before the latter jumps to error_exit. > error_exit expects the %rbx register to be a flag indicating whether > there should be a return to kernel mode. > > This commit makes sure that the %rbx register is not cleared by > the PUSH_AND_CLEAR_REGS macro, when the macro in question is instantiated > by xen_failsafe_callback, to avoid the issue. Seems like a genuine problem, but: > diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S > index c7449f377a77..96e8ff34129e 100644 > --- a/arch/x86/entry/entry_64.S > +++ b/arch/x86/entry/entry_64.S > @@ -1129,7 +1129,7 @@ ENTRY(xen_failsafe_callback) > addq $0x30, %rsp > UNWIND_HINT_IRET_REGS > pushq $-1 /* orig_ax = -1 => not a system call */ > - PUSH_AND_CLEAR_REGS > + PUSH_AND_CLEAR_REGS clear_rbx=0 > ENCODE_FRAME_POINTER > jmp error_exit The old code first set RBX to zero then, if frame pointers are on, sets it to some special non-zero value, then crosses its fingers and hopes for the best. Your patched code just skips the zeroing part, so RBX either contains the ENCODE_FRAME_POINTER result or is uninitialized. How about actually initializing rbx to something sensible like, say, 1?