Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp762386ybz; Wed, 15 Apr 2020 18:24:22 -0700 (PDT) X-Google-Smtp-Source: APiQypIkfhd2tYzVPy+iRd/ccpDq1JPz2LoMC8+B3Nx3XlL3q3LUTzcaD/tVSADV+W1kJjf6C/g9 X-Received: by 2002:a05:6402:16d5:: with SMTP id r21mr18548269edx.150.1587000262358; Wed, 15 Apr 2020 18:24:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587000262; cv=none; d=google.com; s=arc-20160816; b=CunBRarTlXEVczzsLDPtoQ9XzXmfM6mCwvpzraeb4IPHBzB+LXdu7WY2Bvodd5leeH gGQBIgX9Jcf5GROw4bFj4DaidvD4Y9+CgRtdoWMPIJTPRBb860gpRVDlCuFf+LaAzx0X W5JqOJyRYYlkQtrXiQKdKMarU6jiOLyq2fqr7P6O97SoqMSVRrBFVLXFCnqrPdQLtWgI Hj/Oub52acoWcvx0/uzWxZg96WLESqMuPTCnAAGqM/Nuc1xdo6nnJZi3zLLEf5Er81fd gwNEdHOqLxxYHfQc8TqZTwxVsy2NCG+mKOYT0ibmZbecEnBrQiJBuKSJ3fR6B1Qpz04O LJrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=AoJ7LV6mfkX6mgpgpcy3Bz6EmoqNUA46m0nabRRMnWI=; b=Hz03JBwGK33dVb1zl48f+cpfwovEYm1xsEPsEDpCjJJuw73IdKV1evN+OKlIrYAeTH ylytMFH7cR/cViu3vY4XHLP/itVM8MkDq3MrfmCS80gf5Y8+QlRe6t/fbhZ4Fybkaud+ 4UBPYBriHe58FrvcKeYIczVE69+LBZn25Kl1MByWc9fWoJZG3bCludy6XYdDqLK8WZV/ 8BOKvEsGzSL/Bh5ld+ZTFU3L/1X/GS7W/6HVow7N53sXmHdCDDKNem2X3QWRCmVxoWsE GsEV7FVQV3BdlYSvti/95ZYSneNyD/fgQW9Jr4l0OAYiaAkAEfPMyG0OofScLC3j99AP yvQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="Ua/y4Cs+"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u12si4662906edb.262.2020.04.15.18.24.00; Wed, 15 Apr 2020 18:24:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="Ua/y4Cs+"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730899AbgDPBXI (ORCPT + 99 others); Wed, 15 Apr 2020 21:23:08 -0400 Received: from mail.kernel.org ([198.145.29.99]:59128 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728589AbgDPBWz (ORCPT ); Wed, 15 Apr 2020 21:22:55 -0400 Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1BCFD208E4 for ; Thu, 16 Apr 2020 01:22:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587000174; bh=WpBtJ2OE7796v0OAM/LxTWCtHsLnk0YxplA1elCpSFE=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=Ua/y4Cs+y4osdY2SSKXr6B/IiqSFdks0EILn0wDqCk6wC3WIV7aST6PZtOuSbOEUs aLaU/u5gveKMeAoPtXq2gcvEGYYAD+k8+sIA6nEUKIWC96W+aYD2NWupc4NTldpqix EuS4yiPzZYzct+ARMNjEpEh6EzCJL4swgP331xaU= Received: by mail-wr1-f50.google.com with SMTP id h9so2910616wrc.8 for ; Wed, 15 Apr 2020 18:22:54 -0700 (PDT) X-Gm-Message-State: AGi0Pubv0ZB5z7EXqyOdTS5/p7iQ8POEqyKnCyxGSE1t5HVG2VE69FeE Lcm4MVkMWV+dBxTIf5ZROKrlHam4/2fVgO32LD/b3A== X-Received: by 2002:adf:e7ca:: with SMTP id e10mr9790817wrn.18.1587000172481; Wed, 15 Apr 2020 18:22:52 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Andy Lutomirski Date: Wed, 15 Apr 2020 18:22:41 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v2] x86/arch_prctl: Add ARCH_SET_XCR0 to set XCR0 per-thread To: Keno Fischer Cc: Andy Lutomirski , Dave Hansen , Peter Zijlstra , Linux Kernel Mailing List , Thomas Gleixner , Ingo Molnar , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , "H. Peter Anvin" , Borislav Petkov , Dave Hansen , Andi Kleen , Kyle Huey , "Robert O'Callahan" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 15, 2020 at 6:17 PM Keno Fischer wrote: > > On Wed, Apr 15, 2020 at 9:14 PM Keno Fischer wrote: > > > > > Would it make matters easier if tasks with nonstandard XCR0 were not > > > allowed to use ptrace() at all? And if ARCH_SET_XCR0 were disallowed > > > if the caller is tracing anyone? > > > > That would be fine by me (as long as you're still allowed to ptrace them of > > course). > > Sorry, I realized after I had hit send that this wording may not be clear. > What I meant was that it would need to be able to have an external ptracer > (with unmodified XCR0) attach to the task, even if it had modified its XCR0. > I don't think you were suggesting that that wouldn't be possible, > but I just wanted to make sure. Yes, exactly. Just to make sure we're on the same page, I suggest: If a process modifies XCR0, then it cannot use ptrace(). Signal delivery and sigreturn use the modified XCR0. If you modify your XCR0 from within a signal handler, you get to keep both pieces. If you ptrace() a process with a modified XCR0, you see the full regset. Among other things, this means that you could ptrace() a task with a reduced XCR0, poke a value in one of the disabled register sets with ptrace(), and read that same value back out again with ptrace(). Before you implement this, you might want to make sure that at least one other x86 maintainer agrees with me. :) I'm sure the CRIU people will notice this and want to find a way to make ptrace() work from a modified-XCR0 process. They are welcome to propose semantics, since neither of the obvious ways to handle it actually seem correct. --Andy