Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp1017795ybc; Tue, 19 Nov 2019 13:04:43 -0800 (PST) X-Google-Smtp-Source: APXvYqzjGjovnMNQCxCDr7trTRBXZ7cmW4OuS20sn/NULHCEat8dGBM09uwdbwn7WyPlDhRSPMVw X-Received: by 2002:a17:906:9458:: with SMTP id z24mr36719227ejx.289.1574197483260; Tue, 19 Nov 2019 13:04:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574197483; cv=none; d=google.com; s=arc-20160816; b=eWeQqo1ZVkvz8WyQvJYFGKMHYLSH2Bl26hxpC7GP/YQ5ZXa57DLz7oJf3g2MjoyJz6 qazaDfm6XXdnxrhAUL+Dg0MKiSWXpOcfMdGgzeq7q5wJ3J6jB9rQG2vP/ZxsHuzwyLTT dICXd+5KoCPf0h5Gir5LG+M51Tpb2WLV+B6s6cLT3PkEWe1z4c7DXLcRip+s09OPLxe1 v0GJQw/tOpDNyrZ1me2HZMqP3xaMKNn7zMOX5teTWOeaXGMwezGvojs2Rs7e6TvrsAU1 UYeetN75PkkGo0uNS+W1p32uNk1OdUb58TFttbNuXA+gSt6SqwZX4TLwiTBI0JKqPDe6 g00A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :robot-unsubscribe:robot-id:message-id:mime-version:references :in-reply-to:cc:subject:to:reply-to:from:date; bh=xM5VRmwkJXnY8bnwcjoqBXbqrYjV2qiqrWJiV/gFhXU=; b=dWlXdENy9+M3EutAD2XZO3oCB2jhgyruc5PUZx7QJ3XNxWj2wpqdn9iDLWS/fGthcx nEI3CMHLgS2kNHiT1MgiCfTDDFXXIG1YF3/ZLA0qisq9BvdoGZkBBV9suPtBikzCsNOq LwPsZO30jZTE9TeS81NedKXGX6LVx6fPkXs02RgJScNxwBCofQ30tgakivtuQWeF/n16 u+JF1nXJ6MkbI1mSfB10kCebq+2DZpu/J2066U8PZBfFoh+WRdBkNAIE+c/2ckgODhfV 8o/g5tTVw+VS4qpjYZtn1Oi6Mhi+7a2TGuw54gLsdL/TXzw3oo5XvMrXkVCsQbCUMiPI J1Kg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g6si10190213eje.140.2019.11.19.13.04.18; Tue, 19 Nov 2019 13:04:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727343AbfKSVCH (ORCPT + 99 others); Tue, 19 Nov 2019 16:02:07 -0500 Received: from Galois.linutronix.de ([193.142.43.55]:54580 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727264AbfKSVCH (ORCPT ); Tue, 19 Nov 2019 16:02:07 -0500 Received: from [5.158.153.53] (helo=tip-bot2.lab.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iXAdI-0003Cs-NZ; Tue, 19 Nov 2019 22:01:56 +0100 Received: from [127.0.1.1] (localhost [IPv6:::1]) by tip-bot2.lab.linutronix.de (Postfix) with ESMTP id 535981C19F2; Tue, 19 Nov 2019 22:01:56 +0100 (CET) Date: Tue, 19 Nov 2019 21:01:56 -0000 From: "tip-bot2 for Jan Beulich" Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] x86/xen/32: Simplify ring check in xen_iret_crit_fixup() Cc: Jan Beulich , Thomas Gleixner , Juergen Gross , Ingo Molnar , Borislav Petkov , linux-kernel@vger.kernel.org In-Reply-To: References: MIME-Version: 1.0 Message-ID: <157419731617.12247.7937196185823441455.tip-bot2@tip-bot2> X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 922eea2ce5c799228d9ff1be9890e6873ce8fff6 Gitweb: https://git.kernel.org/tip/922eea2ce5c799228d9ff1be9890e6873ce8fff6 Author: Jan Beulich AuthorDate: Mon, 11 Nov 2019 15:32:59 +01:00 Committer: Thomas Gleixner CommitterDate: Tue, 19 Nov 2019 21:58:28 +01:00 x86/xen/32: Simplify ring check in xen_iret_crit_fixup() This can be had with two instead of six insns, by just checking the high CS.RPL bit. Also adjust the comment - there would be no #GP in the mentioned cases, as there's no segment limit violation or alike. Instead there'd be #PF, but that one reports the target EIP of said branch, not the address of the branch insn itself. Signed-off-by: Jan Beulich Signed-off-by: Thomas Gleixner Reviewed-by: Juergen Gross Link: https://lkml.kernel.org/r/a5986837-01eb-7bf8-bf42-4d3084d6a1f5@suse.com --- arch/x86/xen/xen-asm_32.S | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S index 392e033..cd17777 100644 --- a/arch/x86/xen/xen-asm_32.S +++ b/arch/x86/xen/xen-asm_32.S @@ -153,22 +153,15 @@ hyper_iret: * it's still on stack), we need to restore its value here. */ ENTRY(xen_iret_crit_fixup) - pushl %ecx /* * Paranoia: Make sure we're really coming from kernel space. * One could imagine a case where userspace jumps into the * critical range address, but just before the CPU delivers a - * GP, it decides to deliver an interrupt instead. Unlikely? - * Definitely. Easy to avoid? Yes. The Intel documents - * explicitly say that the reported EIP for a bad jump is the - * jump instruction itself, not the destination, but some - * virtual environments get this wrong. + * PF, it decides to deliver an interrupt instead. Unlikely? + * Definitely. Easy to avoid? Yes. */ - movl 3*4(%esp), %ecx /* nested CS */ - andl $SEGMENT_RPL_MASK, %ecx - cmpl $USER_RPL, %ecx - popl %ecx - je 2f + testb $2, 2*4(%esp) /* nested CS */ + jnz 2f /* * If eip is before iret_restore_end then stack