Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4195326yba; Mon, 29 Apr 2019 15:31:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqxcUqvlmO3GqrcY5szd2H9hPWrqxPeX+FCOI+CEl/cMSdEgKioPCLb2xO+7pUpL932/jGbl X-Received: by 2002:a62:4281:: with SMTP id h1mr36629490pfd.162.1556577106448; Mon, 29 Apr 2019 15:31:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556577106; cv=none; d=google.com; s=arc-20160816; b=xjZJaTk9FEmdYO8IHdccw3klw0snxYKd6F786wUZ2QoWNHiLE6LRTzU7o1M9HAlB0H gyjO+rIAvZe8ESOW5zKaqLug9rSM63D5ejzu5OIT7jERbs1k911UtGGtQuNFMz1TqYWE LOdKNfxgPHbXTmXE9heTEpI/Ae2H7P7lzFYrGLt9Hdj5i7S3MuDjIvoASmg3sn4zqbpH 3HVbPAho3HHryk/zF1iGPJgyQCTfljjMDV5FIwFlMnO+nsLWmmCsYkFF/A8L4HVNI0/6 5lRLvdznZfglJU+JkrvqzcE8aN2+tXKZ/WuUT2K887n8zRPTFadXXkIG1AgE8Clufirk LdCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=zppnOAypDVs0+r50a/pgPPi939wuWm5h1LCIlM9HNjM=; b=xtUa/LffRs95pzw2rieLLyPzjGD2tr7div4tZ97Xx4iI7iZglUnIHKhAtLYXp/28j1 Xxi/0/IBd//dulC5/ryGLkv873r2nPlC2y1e7UXvlFQGvZtAERlVsqI08I0IS+aM+dGz y6KPR8bLEfGSgaSmaWxJ0VOs8lBfnA0hJ1OqMmkrtECJZMhNLMrX+aEL1y/x7LZm4RUL o9xVTvuG2eo1i+gR5FgSvEROvwpXDaeA31NKFoa/ArW/WKDX58FLm6oQD5/uIYWRsFXa W0rkul7Pp5a6nsTv0j9QBC2tLe6Ycaduwd7ZaCca5RXvKQrRl1oIWYNCqxeIgjkI9kct aHFw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=QGBVwSJZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i9si20802422pgl.571.2019.04.29.15.31.29; Mon, 29 Apr 2019 15:31:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=QGBVwSJZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729571AbfD2Wag (ORCPT + 99 others); Mon, 29 Apr 2019 18:30:36 -0400 Received: from mail-lj1-f193.google.com ([209.85.208.193]:45070 "EHLO mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729481AbfD2Wag (ORCPT ); Mon, 29 Apr 2019 18:30:36 -0400 Received: by mail-lj1-f193.google.com with SMTP id m18so6281156lje.12 for ; Mon, 29 Apr 2019 15:30:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zppnOAypDVs0+r50a/pgPPi939wuWm5h1LCIlM9HNjM=; b=QGBVwSJZ+kKUqIc42rXPpG7fGPox/UQOJvcW9dOTrKQfMY8buV4dJTLpAAWokmELmK 1QZP7Kjs19NM9LlDsb1C2eVy/w/POK2OPqqQq5iTLBCRv0p0etTN59O7wWkp7HYo9QnX W/o3H6va7lHP1PpJd24/V6e9rjLzYhqt6DdjA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zppnOAypDVs0+r50a/pgPPi939wuWm5h1LCIlM9HNjM=; b=Tk9TrDR1P0dmpdjMl7/qdaDJDXZGSGiKI+bRU1xMrhsXxCJFW6W5FwzsmYjVppvpDx HDrohGGjVUg1Y1xR6oUhOitg79i6yDRSX0uNW5jrO6uu+bO7XS0WoMo02vIrVx+Oo+Y5 l6zljZLTqnFQcqNvHcMR/yXrHleMHVTQeSOxSbfPeD84arpPf7cKkB6kdhmyncy0d8dr 7r3UUyH0VEkOq6IfEulL5norg1FeJt9Llgz/D9agfh/Hr1AEyuA8WOV0VczMTsT+i5um cBKeBosJZMF+7nleRtP6X5jLi9iSO5sNQsjz+Qyk8nSoJCI5Ze12Tm0FyXguSElQwx27 CE6g== X-Gm-Message-State: APjAAAVKxEizCHVHLx8R/WBNZ1Hg4QmpFgmWGwTWUDSiGZX9re8DE6zp h/BA0CL/9CtgQLSsDCyO+wHvSpIqUmI= X-Received: by 2002:a2e:1311:: with SMTP id 17mr33453109ljt.75.1556577033160; Mon, 29 Apr 2019 15:30:33 -0700 (PDT) Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com. [209.85.167.49]) by smtp.gmail.com with ESMTPSA id o17sm1676763lji.23.2019.04.29.15.30.32 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Apr 2019 15:30:32 -0700 (PDT) Received: by mail-lf1-f49.google.com with SMTP id w23so9128779lfc.9 for ; Mon, 29 Apr 2019 15:30:32 -0700 (PDT) X-Received: by 2002:a19:48c9:: with SMTP id v192mr33003752lfa.136.1556576545296; Mon, 29 Apr 2019 15:22:25 -0700 (PDT) MIME-Version: 1.0 References: <20190427100639.15074-4-nstange@suse.de> <20190427102657.GF2623@hirez.programming.kicks-ass.net> <20190428133826.3e142cfd@oasis.local.home> <20190429220814.GF31379@linux.intel.com> In-Reply-To: <20190429220814.GF31379@linux.intel.com> From: Linus Torvalds Date: Mon, 29 Apr 2019 15:22:09 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 3/4] x86/ftrace: make ftrace_int3_handler() not to skip fops invocation To: Sean Christopherson Cc: Andrew Lutomirski , Steven Rostedt , Peter Zijlstra , Nicolai Stange , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , "the arch/x86 maintainers" , Josh Poimboeuf , Jiri Kosina , Miroslav Benes , Petr Mladek , Joe Lawrence , Shuah Khan , Konrad Rzeszutek Wilk , Tim Chen , Sebastian Andrzej Siewior , Mimi Zohar , Juergen Gross , Nick Desaulniers , Nayna Jain , Masahiro Yamada , Joerg Roedel , Linux List Kernel Mailing , live-patching@vger.kernel.org, "open list:KERNEL SELFTEST FRAMEWORK" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 29, 2019 at 3:08 PM Sean Christopherson wrote: > > FWIW, Lakemont (Quark) doesn't block NMI/SMI in the STI shadow, but I'm > not sure that counters the "horrible errata" statement ;-). SMI+RSM saves > and restores STI blocking in that case, but AFAICT NMI has no such > protection and will effectively break the shadow on its IRET. Ugh. I can't say I care deeply about Quark (ie never seemed to go anywhere), but it's odd. I thought it was based on a Pentium core (or i486+?). Are you saying those didn't do it either? I have this dim memory about talking about this with some (AMD?) engineer, and having an alternative approach for the sti shadow wrt NMI - basically not checking interrupts in the instruction you return to with 'iret'. I don't think it was even conditional on the "iret from NMI", I think it was basically any iret also did the sti shadow thing. But I can find no actual paper to back that up, so this may be me just making sh*t up. > KVM is generally ok with respect to STI blocking, but ancient versions > didn't migrate STI blocking and there's currently a hole where > single-stepping a guest (from host userspace) could drop STI_BLOCKING > if a different VM-Exit occurs between the single-step #DB VM-Exit and the > instruction in the shadow. Though "don't do that" may be a reasonable > answer in that case. I thought the sti shadow blocked the single-step exception too? I know "mov->ss" does block debug interrupts too. Or are you saying that it's some "single step by emulation" that just miss setting the STI_BLOCKING flag? Linus