Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1442138pxa; Thu, 20 Aug 2020 11:22:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw2EfEXX0AgbB/5L1RL39czFkLVv7VNtw9B4CtHct1juHhhVV1J9MeTL0mqjSw8J1FhwQVJ X-Received: by 2002:aa7:d899:: with SMTP id u25mr3968293edq.255.1597947728687; Thu, 20 Aug 2020 11:22:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597947728; cv=none; d=google.com; s=arc-20160816; b=gvZqppNv5Auk5xgjS9jB6THrXyNahQpUpl+NcD8LJt60T9UwFMfUomAbXZsYDkER5C lrHVqom0OzCR4vBoPdKmtIh+dFsENTHib3WQ1vnZoFdY+i3ohum7nzuBpfO7FdoF9Spu EuVaZ0IJ+nGYF277QWWSP8aD29MdBJj8yOntbSQLuOKhszM5UjSPOHFnRb69pK6uaR2t YwqN4493R4YPUlWFJF3lQn57zUoE0Cfstkv12ZnjsEA847R2RsYWO2V1epREyltlRFtJ /tHfYCA7svPuI8YPCiYH6L+pBwMupM9lpVGSZWEJnv2o0v92llfmM6gqojEqfrdXH16e I79g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=OVfpbpqmin8cx945Hs7aPE0xp2w2+ycijaPNAI8kbbc=; b=w3c8bW6VQGFQ3kdIgLBMQOmIAlSSNa8bTyXONzQ84mOiMuRKhUM8qLj+pE0a0Tao4b ohSLSxKp7QFVJF0Evgg+74fgqFd9Y/ir5AdhV39Ko2pDqHcsMSzDYhaRQYfIRgqJTER6 IMQUqMvxcNgHdfV3+wUunzT7RfLkDiPrLt0OZ/2iPUQ1gXS1k1gfLUg06Ughz2nQy1Gd tO8oefiFB3Gdejm8fNiiwXFAxw+GKFWERmpJpewjzPb1nWiiVyfeF/FxqNBGJQFaHGxJ ZGPkQz9voT5b6T6ddWWzKXpvOaY3IrYl/iSMYr1/f8pTOg4Az9bivhd9MjPT0qb/ABO4 cdyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=cFnqWEza; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ay7si1832846edb.183.2020.08.20.11.21.43; Thu, 20 Aug 2020 11:22:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=cFnqWEza; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727047AbgHTSUi (ORCPT + 99 others); Thu, 20 Aug 2020 14:20:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54424 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726896AbgHTSUd (ORCPT ); Thu, 20 Aug 2020 14:20:33 -0400 Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6250FC061386 for ; Thu, 20 Aug 2020 11:20:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Transfer-Encoding: Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Sender:Reply-To:Content-ID:Content-Description; bh=OVfpbpqmin8cx945Hs7aPE0xp2w2+ycijaPNAI8kbbc=; b=cFnqWEzaT/0b+Q0T6xU63XmHcS +uAxyPgkhspYnQ7rJ7LSRldlUNIkB1f8VjRVJRDuDgDr7SXIklQGUv1sRmqBrQiKJlfwz2n5BeWr8 vITmZVHZbtxKFJ+TKS3N4VdSSlHp/WcxlLos/HsRfLtzS95B8Zw2w8qZy6vPfNMiD/7IBw6+G5G4G mtIowWmYzZ4X9kINU6WFHoF7jLjDFONIHMzxJ5guTGi2cTbCjJ4ceoZF8KWClMT7NZwWe3cIFrEeE CKQkriE6eLgVuLxL+5CFdp9llrRxKRJr+Md1aisAYZQ25WSPP0AmeSco0bGDajFnGPPTOV4DfVIor vh75ny6A==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by merlin.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1k8pAD-0002hD-Gd; Thu, 20 Aug 2020 18:19:49 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id DE4F2301179; Thu, 20 Aug 2020 20:19:46 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id C6EC42B410968; Thu, 20 Aug 2020 20:19:46 +0200 (CEST) Date: Thu, 20 Aug 2020 20:19:46 +0200 From: peterz@infradead.org To: Andy Lutomirski Cc: Josh Poimboeuf , Brian Gerst , the arch/x86 maintainers , Linux Kernel Mailing List , Kyle Huey , Alexandre Chartre , Robert O'Callahan , "Paul E. McKenney" , Frederic Weisbecker , Paolo Bonzini , Sean Christopherson , Masami Hiramatsu , Petr Mladek , Steven Rostedt , Joel Fernandes , Boris Ostrovsky , Juergen Gross , Andy Lutomirski Subject: Re: [RFC][PATCH 4/7] x86/debug: Move historical SYSENTER junk into exc_debug_kernel() Message-ID: <20200820181946.GF1362448@hirez.programming.kicks-ass.net> References: <20200820163453.GE1362448@hirez.programming.kicks-ass.net> <156769F5-0BCC-4FB8-A56D-0E92601F558A@amacapital.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <156769F5-0BCC-4FB8-A56D-0E92601F558A@amacapital.net> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 20, 2020 at 09:43:15AM -0700, Andy Lutomirski wrote: > I’ve lost track of how many bugs QEMU and KVM have in this space. > Let’s keep it as a warning, but a bug. But let’s get rid of the > totally bogus TIF_SINGLESTEP manipulation. OK, I've shuffled the series around to fix that ordering problem in patch 4 and added the below patch at the end. Although I'm not entirely sure it actually leaks a #DB or just wrecks the state.. *shrug*. --- Subject: x86/debug: Remove the historical junk From: Peter Zijlstra Date: Thu Aug 20 18:28:37 CEST 2020 Suggested-by: Brian Gerst Signed-off-by: Peter Zijlstra (Intel) --- arch/x86/kernel/traps.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -839,22 +839,18 @@ static __always_inline void exc_debug_ke goto out; /* - * Reload dr6, the notifier might have changed it. + * The kernel doesn't use TF single-step outside of: + * + * - Kprobes, consumed through kprobe_debug_handler() + * - KGDB, consumed through notify_debug() + * + * So if we get here with DR_STEP set, something is wonky. + * + * A known way to trigger this is through QEMU's GDB stub, + * which leaks #DB into the guest and causes IST recursion. */ - dr6 = current->thread.debugreg6; - - if (WARN_ON_ONCE(dr6 & DR_STEP)) { - /* - * Historical junk that used to handle SYSENTER single-stepping. - * This should be unreachable now. If we survive for a while - * without anyone hitting this warning, we'll turn this into - * an oops. - */ - dr6 &= ~DR_STEP; - set_thread_flag(TIF_SINGLESTEP); + if (WARN_ON_ONCE(current->thread.debugreg6 & DR_STEP)) regs->flags &= ~X86_EFLAGS_TF; - } - out: instrumentation_end(); idtentry_exit_nmi(regs, irq_state);