Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp1328839ybm; Sat, 30 May 2020 05:48:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJztXSMGkLxhqJNuV+Kfg2ZoDB1Rk5nKEi4n3TTQqD6fexOfUwYqMKFvDiFUZxqJisITz6bH X-Received: by 2002:a17:906:af62:: with SMTP id os2mr11738592ejb.345.1590842891590; Sat, 30 May 2020 05:48:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590842891; cv=none; d=google.com; s=arc-20160816; b=ED8sEakfMA79cS7r7fKfzAyNaEcEOepQqX9k5Jgn0R5Gf+fw2DLvoOTscLLXMRq/Iq MADjh0+AgW465v9Jc3x5DIfbwmrccAGN6zLqYbRMM6rmu9EnyACwRyzwgunMpQC7HHda XyEOIuc3U/VhStqDYanmys/wPO5PYyjc613lOPHM5Vy+HU9ZzqsUTBeVKDjpgb7MXlYR FTAduVegrIecBdmlA16HZ79T78bBzAXKR1IGRl6HA0vxD8+rDKeTRWGOAKzwvCa5mThZ pU4TukxHHbxKcAUk7Eii/vmHK37JN34JF/eB/hA+k2CyKJkzBdx5u8Qj1cn8bYvCcgkL BEYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=vLx9lzkx2irzS6O2ReLaSwNRTMJ4Gr5XAoPlG8xkCMo=; b=CmyNO5CS5mrPACw4YPyxcig79YkZQ7J0Hil3cE3+tOmOyRADyViZ31IVlwNp1FsaZW mitCk8cTBT90wesbEjcyMQchvdL8XacmHH6vkgHE8tPSe1KjCb5VisU8psWDI3FLAEOU O9yK30wXxJc+1R78rupkTTJ/BvR47d0tThlJWc/yL/DoDXPc+SWTcStQxZS2ZMOjgqKu KjX5y9pX5UP8fHSXUUyKyYVWU/rOQREh89FK+YLxeQM9AHTqG/AwKu/IUppzKCWgNzxQ KdYUIMgsGuTaZptuSOyIvdcE2k3NCS0nCOjlcZelN3v12B7eBdTziz7bG97bxJVJ55y/ sKxQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=citrix.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r15si4131243ejs.733.2020.05.30.05.47.48; Sat, 30 May 2020 05:48:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=citrix.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728957AbgE3MqF (ORCPT + 99 others); Sat, 30 May 2020 08:46:05 -0400 Received: from ppsw-31.csi.cam.ac.uk ([131.111.8.131]:36998 "EHLO ppsw-31.csi.cam.ac.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728922AbgE3MqE (ORCPT ); Sat, 30 May 2020 08:46:04 -0400 X-Cam-AntiVirus: no malware found X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus Received: from 88-109-182-220.dynamic.dsl.as9105.com ([88.109.182.220]:44144 helo=[192.168.1.219]) by ppsw-31.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:465) with esmtpsa (PLAIN:amc96) (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) id 1jf0rw-000HK8-MS (Exim 4.92.3) (return-path ); Sat, 30 May 2020 13:45:45 +0100 Subject: Re: [PATCH 02/14] x86/hw_breakpoint: Prevent data breakpoints on direct GDT To: Peter Zijlstra , tglx@linutronix.de, luto@amacapital.net Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Lai Jiangshan , sean.j.christopherson@intel.com, daniel.thompson@linaro.org, a.darwish@linutronix.de, rostedt@goodmis.org, bigeasy@linutronix.de References: <20200529212728.795169701@infradead.org> <20200529213320.840953950@infradead.org> From: Andrew Cooper Message-ID: <582d9136-8f8b-fa07-862e-9ea5d440c09f@citrix.com> Date: Sat, 30 May 2020 13:45:43 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <20200529213320.840953950@infradead.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-GB Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 29/05/2020 22:27, Peter Zijlstra wrote: > From: Lai Jiangshan > > A data breakpoint on the GDT is terrifying and should be avoided. > The GDT on CPU entry area is already protected. The direct GDT > should be also protected, although it is seldom used and only > used for short time. While I agree with the sentiment... > > Signed-off-by: Lai Jiangshan > Signed-off-by: Peter Zijlstra (Intel) > Link: https://lkml.kernel.org/r/20200526014221.2119-3-laijs@linux.alibaba.com > --- > arch/x86/kernel/hw_breakpoint.c | 30 ++++++++++++++++++++++-------- > 1 file changed, 22 insertions(+), 8 deletions(-) > > --- a/arch/x86/kernel/hw_breakpoint.c > +++ b/arch/x86/kernel/hw_breakpoint.c > @@ -32,6 +32,7 @@ > #include > #include > #include > +#include > > /* Per cpu debug control register value */ > DEFINE_PER_CPU(unsigned long, cpu_dr7); > @@ -237,13 +238,26 @@ static inline bool within_area(unsigned > } > > /* > - * Checks whether the range from addr to end, inclusive, overlaps the CPU > - * entry area range. > + * Checks whether the range from addr to end, inclusive, overlaps the fixed > + * mapped CPU entry area range or other ranges used for CPU entry. > */ > -static inline bool within_cpu_entry_area(unsigned long addr, unsigned long end) > +static inline bool within_cpu_entry(unsigned long addr, unsigned long end) > { > - return within_area(addr, end, CPU_ENTRY_AREA_BASE, > - CPU_ENTRY_AREA_TOTAL_SIZE); > + int cpu; > + > + /* CPU entry erea is always used for CPU entry */ > + if (within_area(addr, end, CPU_ENTRY_AREA_BASE, > + CPU_ENTRY_AREA_TOTAL_SIZE)) > + return true; > + > + for_each_possible_cpu(cpu) { > + /* The original rw GDT is being used after load_direct_gdt() */ > + if (within_area(addr, end, (unsigned long)get_cpu_gdt_rw(cpu), > + GDT_SIZE)) ... why the O(n) loop over the system? It is only GDTs which might ever be active on this local CPU(/thread) which are a problem, because the breakpoint registers are similarly local. Nothing is going to go wrong If I put a breakpoint on someone else's live GDT, because they wont interact in the "fun" ways we're trying to avoid. ~Andrew