Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp1134990imj; Thu, 14 Feb 2019 01:42:43 -0800 (PST) X-Google-Smtp-Source: AHgI3Ia7Sm2SylyaCyR2MTlJD1ez8YWxjiC/Wg9ohoP5f7Cytlwf44skaJ39GWxyVfcq6U2x7y8w X-Received: by 2002:a17:902:6bc7:: with SMTP id m7mr3245954plt.106.1550137363531; Thu, 14 Feb 2019 01:42:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550137363; cv=none; d=google.com; s=arc-20160816; b=Wz7I0Rvt7n2dOzIhiu5+vC6yGUku/Kyt9O2vsxbeEIC1Yl0ooBU+w9gFRSK7k0vMVK M7hikaAJpw0KtN4+3Ul83h5GB3pDTXMXw58DUQAM54sNnqYDszaDXlY6szqcq2eL9Ney lULt50xBizwaqoJFL0muTyf8bXOj9GrxgF0IOdJSMwrfl2OuRqJ+rKmSLU1I7GeUFvd8 wdt9wJWxaif1fXkDcSgTCMdXC9uOTUjY84Ka6jjeMmlz3o1MXT5znzlrRRj9t043tXK/ os226Ivi+cC5KjKft7X1HAd18R8BxcV54w9yqp7/kysRoCIUDMEzWx9FjiLnaoCpoQAV Fbmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=WgVsJUTMnnCaCQDHvEM6XpYkBOEcgxFKcSfGDRa84GY=; b=07Cnpm44bMUH8XomG2masQZ0Jx9sQcURVBBQtGt0n/SGch/aAOggoVwtaVlpaDCDTi VZ/ajiTvpapIr/zgC8V6sETfa+ki18uK56l7SG0JtpG9HTFJ/kJ3mZWETB3qPPUE4uoC Dny0PNj2CrG2tO3jr9jVqyUeotpW3XDPRt/U/QxGPGQBA9BCarh2LT+qLVQoQCd4+Hjj ok0anZ/zTuQo8IonoeW0ZdDytQVDDHO7um+spaZRNGj48ZNV4+HhQnnwijaGNEI9LCbd gd/clnQ/8fryfZOBld/O0Lkdu9t5RmgG91X1IIfgPqpofkRxeYsQNcSIEudpeQFQr+Ul 2g7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=dXnxlHiw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g128si1840704pgc.352.2019.02.14.01.42.27; Thu, 14 Feb 2019 01:42:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=dXnxlHiw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732954AbfBMXTc (ORCPT + 99 others); Wed, 13 Feb 2019 18:19:32 -0500 Received: from mail-lj1-f196.google.com ([209.85.208.196]:38065 "EHLO mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726106AbfBMXTb (ORCPT ); Wed, 13 Feb 2019 18:19:31 -0500 Received: by mail-lj1-f196.google.com with SMTP id j19so2759736ljg.5 for ; Wed, 13 Feb 2019 15:19:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WgVsJUTMnnCaCQDHvEM6XpYkBOEcgxFKcSfGDRa84GY=; b=dXnxlHiw2i/q9AM8vmhwbkVle9HbCuDxTJD/8szwNtgM5LWwooWFjbaCwLz+oZXAqJ Av4s6GLuP9JdrJKrMKI8Ez3MSvPbvQGZbiFqlPwvNMTDRBD6PJlmYLqYWC5HeeIvOK+b gRTPxAWAdlF1buqHitCwXrupsytDHVGxyf+pg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WgVsJUTMnnCaCQDHvEM6XpYkBOEcgxFKcSfGDRa84GY=; b=ZJDaSsd5Ea/hpBSKbGGTbjB2r1iZWrs5NYMv7SL98ekpN/iRwofi/eVPXkGJziLMhK hDRVQltMXRPovnpS9rkypXg6NSe3JV4cs30nCGPAGTrSJyHXlCDX941e9VtJ/A7FmnpE 54Y8k5nW/CWrdAI4yVDRcBoCXNsMMx7YM1mn8rn3s+wFDdJFzgVMK7IPRucgpjC7ZUAR mjbbSMZDGP48D0ZyBqhADC0ytO/eBFDVzFotl+V97LTZXAMubqB4EiThNYp2eG3VLTlD mkmGl07uQS3Wq07onIBBhZuiMyPyM3PaHXDYLfdwq41iRPeuHfQMYPDTkoxyoqaJIv4v t6jg== X-Gm-Message-State: AHQUAuZk4O0s7ZIZKzML5kcrKZZ3O1CDI3Dp0FiOY4M7NAQK4dczutMS k1wKpM2feOJbknaiR6j1hEpkyBE+XjE= X-Received: by 2002:a2e:974d:: with SMTP id f13-v6mr380469ljj.104.1550099968612; Wed, 13 Feb 2019 15:19:28 -0800 (PST) Received: from mail-lf1-f51.google.com (mail-lf1-f51.google.com. [209.85.167.51]) by smtp.gmail.com with ESMTPSA id m18sm123596lfh.43.2019.02.13.15.19.26 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 15:19:27 -0800 (PST) Received: by mail-lf1-f51.google.com with SMTP id j1so3103413lfb.10 for ; Wed, 13 Feb 2019 15:19:26 -0800 (PST) X-Received: by 2002:a19:ab09:: with SMTP id u9mr338489lfe.149.1550099966013; Wed, 13 Feb 2019 15:19:26 -0800 (PST) MIME-Version: 1.0 References: <20190211134527.GA121589@gmail.com> <20190211135159.GC32511@hirez.programming.kicks-ass.net> <20190213103553.GO32494@hirez.programming.kicks-ass.net> <1c2429a4-9df9-40a3-98e0-51577de4bd6a@arm.com> <20190213131720.GU32494@hirez.programming.kicks-ass.net> <20190213140025.GB6346@brain-police> <20190213142524.GW32494@hirez.programming.kicks-ass.net> <20190213144145.GY32494@hirez.programming.kicks-ass.net> <20190213154532.GQ32534@hirez.programming.kicks-ass.net> In-Reply-To: <20190213154532.GQ32534@hirez.programming.kicks-ass.net> From: Linus Torvalds Date: Wed, 13 Feb 2019 15:19:10 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region To: Peter Zijlstra Cc: Julien Thierry , Will Deacon , Ingo Molnar , Linux List Kernel Mailing , "linux-alpha@vger.kernel.org" , Ingo Molnar , Catalin Marinas , James Morse , Peter Anvin , valentin.schneider@arm.com, brgerst@gmail.com, Josh Poimboeuf , Andrew Lutomirski , Borislav Petkov , dvlasenk@redhat.com, Thomas Gleixner Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 13, 2019 at 7:45 AM Peter Zijlstra wrote: > > Before that, x86_64 switch_to() read like (much simplified): > > asm volatile ( /* do RSP twiddle */ > : /* output */ > : /* input */ > : "memory", "cc", .... "flags"); > > (see __EXTRA_CLOBBER) > > Which I suppose means that GCC generates the PUSHF/POPF to preserve the > EFLAGS, since we mark those explicitly clobbered. No, it only means that gcc won't keep conditionals in the flags over the asm. It doesn't make gcc save anything. The push/pop got removed elsewhere as Andy says. That said, I do agree that it's probably a good idea to save/restore flags anyway when scheduling. It's not just AC, actually, now that I look at it again I worry a bit about DF too. We have the rule that we run with DF clear in the kernel, and all the kernel entry points do clear it properly (so that memcpy etc don't need to). But there are a few places that set DF temporarily because they do something odd (backwards memmove), and those atcually have the *exact* same issue as stac/clac has: it's ok to take a trap or interrupt, and schedule due to that (because the trap/irq will clear DF), but it would be a horrible bug to have a synchronous scheduling point there. Arguably the DF issue really isn't even remotely likely to actually be a real issue (the code that sets DF really is very special and should never do any kind of preemption), but it's conceptually quite similar.. Of course, if DF is ever set, and we end up calling any C code at all, I guess it would already be a huge problem. If the C code then does memcpy or something, it would corrupt things quite badly. So I guess save/restore isn't going to save us wrt DF. If we get anywhere close to the scheduler with the DF bit set, we've already lost. But I still do kind of prefer saving flags. We have other sticky state in there too, although none of it matters in the kernel currently (eg iopl etc - only matters in user space, and user space will always reload eflags on return). Linus