Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2488231ybt; Fri, 3 Jul 2020 10:12:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzZqre1uMZLbm0y4FFLua+4+7EdvZgBtzYxQRN+SqZDzfWYnaRnhJpZ/5WlFww0IC774kNq X-Received: by 2002:a17:906:144b:: with SMTP id q11mr21286793ejc.511.1593796326661; Fri, 03 Jul 2020 10:12:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593796326; cv=none; d=google.com; s=arc-20160816; b=GP0wfnOp9TMe+efKP+sjDiO5iEWKHXJVi8wNdpgBebvpnB+JHmC4d2oAnVjfeBvXPK fNFdWyMHbuuDX9HugNS+o1pgQHbUWO4VQDF3fW6N2H4a8s7QLuiZEvPDmixl7t5+Xu0O 1CG5TtD456mIh2gaEnkCO0nwFoNTtgzIu/y3nv5HFMaBr1I5o7mcXS17+LTjjfgkYRuU +rWQHb4uqrdFT1YZLl40V1aokoBqvTj3FxKUwzysoLUyi9FGWLIJEgJGROGFVHQU4C11 +H8McLSiTkzjQnbLjnKLa7xh2PIBexxXX1v9d41QUq0S/e7ZSMxU+qB1SUx7M/nJ/G27 b4Cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :mime-version:dkim-signature; bh=0xxRd4YqnH5I12LeR6Q0KJjFKFYDfvmyP0PgjHq+dXk=; b=V+TFtmGOAMoqwYPHaDaYCrHz7MGP/eNDaNk94quAGjvSPPM60IMPNYZWWwr9djnI+Y aw6IOm2eO3OQ6tFZgMMCNHjoBUgpaQuU1RltJQTvuOq3AxXchXA0Du92mb+ojc343n6U 4OZx6LcY0sGx7cmMDAFIvRZzxOReJ/CnJ05mHnWb29NEjmRhO/lt/xXfNKiHnYLa3nxs 4DlBoY9Sa2Ric7OxGdgCfMXwfaYbOvV7YoKHnVAgNL2wzBjmGsLATS17Qhtg51kCNJ9Q KI3FyOhe0ktcAirFmBk7ewSRDcA38nsIZXTY/DMgjDf6hXh+eb9DArdN5rCu3Ns2pE7Z 62GQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=pHjE8pN3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y17si7642543ejw.53.2020.07.03.10.11.43; Fri, 03 Jul 2020 10:12:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=pHjE8pN3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726976AbgGCRKm (ORCPT + 99 others); Fri, 3 Jul 2020 13:10:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:38240 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726148AbgGCRKl (ORCPT ); Fri, 3 Jul 2020 13:10:41 -0400 Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E6F7420899 for ; Fri, 3 Jul 2020 17:10:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1593796241; bh=eSLxwCsrnjTN1e/eMh6nr/qbzVVZVXbOT9m3hRAwgUY=; h=From:Date:Subject:To:Cc:From; b=pHjE8pN36o+e/YKNzwG1ysSGr2KqQURQ5A7ukoqZCvAeM1u7QOU8KseOSXJXzkpAT PQOIWf348pJihiEl9qg2Hi497UH6KQNOrs3zlmjR9M1StahTZyL1dHxeA5VAccfvoU 10GIlFJGhmfIeXAQX/vByyDFlLGgiXthQ7kZwzDw= Received: by mail-wr1-f47.google.com with SMTP id q5so33453219wru.6 for ; Fri, 03 Jul 2020 10:10:40 -0700 (PDT) X-Gm-Message-State: AOAM5305SZ/QwWeUTHZkt5lcNRSEirytxnYLcmMrnvlO6buPexld2TBm 0v3U76BUTXkejDw/e66sxSIOkygzFr9TbQCQMmJ7Lg== X-Received: by 2002:adf:8104:: with SMTP id 4mr38344164wrm.18.1593796239481; Fri, 03 Jul 2020 10:10:39 -0700 (PDT) MIME-Version: 1.0 From: Andy Lutomirski Date: Fri, 3 Jul 2020 10:10:28 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: FSGSBASE seems to be busted on Xen PV To: xen-devel , LKML , Juergen Gross , Andrew Cooper , Jan Beulich , Boris Ostrovsky Cc: X86 ML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Xen folks- I did some testing of the upcoming Linux FSGSBASE support on Xen PV, and I found what appears to be some significant bugs in the Xen context switching code. These bugs are causing Linux selftest failures, and they could easily cause random and hard-to-debug failures of user programs that use the new instructions in a Xen PV guest. The bugs seem to boil down to the context switching code in Xen being clever and trying to guess that a nonzero FS or GS means that the segment base must match the in-memory descriptor. This is simply not true if CR4.FSGSBASE is set -- the bases can have any canonical value, under the full control of the guest, and Xen has absolutely no way of knowing whether the values are expected to be in sync with the selectors. (The same is true of FSGSBASE except that guest funny business either requires MSR accesses or some descriptor table fiddling, and guests are perhaps less likely to care) Having written a bunch of the corresponding Linux code, I don't there's any way around just independently saving and restoring the selectors and the bases. At least it's relatively fast with FSGSBASE enabled. If you can't get this fixed in upstream Xen reasonably quickly, we may need to disable FSGSBASE in a Xen PV guest in Linux. --Andy