Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1299084ybz; Sat, 25 Apr 2020 15:49:24 -0700 (PDT) X-Google-Smtp-Source: APiQypIzqPlkklshysEkF/u+i/BeFokk3kXzLN20vn6aj/yEX14fgBsosquCG+oBBPPHcrwbCXSu X-Received: by 2002:aa7:c3c2:: with SMTP id l2mr13328440edr.362.1587854964797; Sat, 25 Apr 2020 15:49:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587854964; cv=none; d=google.com; s=arc-20160816; b=R5N2I6xOgO4+80tG5l8HHA9B6nc8zd4RJk0nxrvwEp4AzFulp5VVTFHtwUdvPS4Z+M 3C2sR373oP1M2jjuz+3s4r3F+42I9zqySZm/GsPAYlLDYuQ7iR0IgFBgxsTzrsVMeaNB NfkgPVbK/wxvJVIrOe8NzVKcypkVFb8X/na6KIi91hhnBGn3Oliih9SOoRGcBqGH7GXL bMfQyO6eBIa7psrnY8lKRoC9Av/sIhG3q3vfmVQBCW+/jkPsKHIoHmMVuT25VVIYS9Cl qiCxYdnU+OVLIZtU3YJJ+Kryr5i1WCRBLPIafxchIhXbINKAaAE9Zxlo+l6DyThZsWC4 +1zA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Xk3RVCa/ck+dhlvsnjotZre7R1z1MCV9pbCP/ocBo5M=; b=BHhnM0CjAthlQWJnIGKEuZ6pYVyPv0TKCwBIrWZoIUQk8wXiE0s1bnbfa4hbVDfhTH djezmB/Np179zRfL1FUBQYZDxGHWR9ncfS8m6QtyjtxXJ/ZwxnVAkm+q3xEqpQkikQU6 gRLiPHvTswt42mfKVeyMr63U2Wy2P8bW0DL9hqxtkjT1gB6duhRgD44VJYbqgrwSvfOa gCb7iqfi2ZSKInS/G4BVvOZ22o4TqOegBm4mlzWLSq9EqSknrFn/HiGXVwg6CraTplFm T4caWpI+Vy/xKP7WgRcnu/UC6mCFaED0ecmGKeFL5WZxDFmaIBtE5Zo8yaPHGHV9+MoU elsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ulgRM1Yh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n25si6124304ejl.342.2020.04.25.15.49.01; Sat, 25 Apr 2020 15:49:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ulgRM1Yh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726294AbgDYWrK (ORCPT + 99 others); Sat, 25 Apr 2020 18:47:10 -0400 Received: from mail.kernel.org ([198.145.29.99]:48576 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726232AbgDYWrK (ORCPT ); Sat, 25 Apr 2020 18:47:10 -0400 Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A4E7220A8B for ; Sat, 25 Apr 2020 22:47:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587854829; bh=kP398qOE5TjgjtbpA5y6DmoQlCCioUw7MqXaxIp9uwo=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=ulgRM1YhUOtxRzw2IZxk1rB0axcCCPgM49Zp7qlH6jYYLSPtFR+uc7rh7DZ9RMEzP DWAz5ZQ0h3Pn+0nryfnsch1UEStrVh5NaN9LnkgSLykUMSDtA+Copit56NCjF6+30M LFu4xJIjiZZ4D9laFjljRNc6kYrgBQrCG1GNdbbE= Received: by mail-wr1-f41.google.com with SMTP id t14so16007377wrw.12 for ; Sat, 25 Apr 2020 15:47:09 -0700 (PDT) X-Gm-Message-State: AGi0Pua3u2eGNFaymfrZcCRu0VJQZiI1t//9MH6iQFN3yT+rptukpsje q85Q1Z5DvAPgj5HaVkJAFyy1Ekfc2zyvOFkhsvkyaQ== X-Received: by 2002:adf:e586:: with SMTP id l6mr18787167wrm.184.1587854828036; Sat, 25 Apr 2020 15:47:08 -0700 (PDT) MIME-Version: 1.0 References: <20200423232207.5797-1-sashal@kernel.org> <20200423232207.5797-2-sashal@kernel.org> In-Reply-To: <20200423232207.5797-2-sashal@kernel.org> From: Andy Lutomirski Date: Sat, 25 Apr 2020 15:46:56 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v10 01/18] x86/ptrace: Prevent ptrace from clearing the FS/GS selector To: Sasha Levin Cc: LKML , Thomas Gleixner , Borislav Petkov , Andrew Lutomirski , "H. Peter Anvin" , Dave Hansen , Tony Luck , Andi Kleen , "Ravi V. Shankar" , "Bae, Chang Seok" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 23, 2020 at 4:22 PM Sasha Levin wrote: > > From: "Chang S. Bae" > > When a ptracer writes a ptracee's FS/GS base with a different value, the > selector is also cleared. This behavior is not correct as the selector > should be preserved. > > Update only the base value and leave the selector intact. To simplify the > code further remove the conditional checking for the same value as this > code is not performance-critical. > > The only recognizable downside of this change is when the selector is > already nonzero on write. The base will be reloaded according to the > selector. But the case is highly unexpected in real usages. After spending a while reading this patch, I think it's probably okay, but this ptrace stuff is utter garbage. The changelog should explain why common cases work with the current code, what you think the point (if any) of the condition you're removing is, and why it's okay to make this change. Certainly the current changelog is wrong. You say "The base will be reloaded according to the selector". The code you're changing calls x86_fs/gsbase_write_task(), which is, effectively: task->thread.fsbase = fsbase; This doesn't reload anything. Maybe what you're trying to say is "with this patch applied, as is or with FSGSBASE disabled, if the tracee has FS != 0 and a tracer modifies only fs_base, then the change won't stick." --Andy