Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2808575pxj; Mon, 10 May 2021 11:10:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzVFHM43gdzMYS2Cv8daBPQON7HbIXAJymZA3NVZV0TwamUXEucg7Oqb/re0MYWLojbijQn X-Received: by 2002:aa7:d6c6:: with SMTP id x6mr30509619edr.193.1620670234133; Mon, 10 May 2021 11:10:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620670234; cv=none; d=google.com; s=arc-20160816; b=kTJxa4lUNWhXHMcpqbSvBsYAyJVzfFa4l/FnhfUZ83PWLsW2UdaXAhzwYN3YArLmC/ 3xstA7MhHghGVqyI21++YWJmIPnCEbQIQ3eKwbvIbx8WgMS/fDXRW8sXmxaguQ8QXqLO /koX6yp0fdbLGGD6WoyXxEZOSEmF/d9R3T04PqPWJTl3ACG8Fi4AhBn+BeSxge7fK/4Y Nz7/Z/FsrVmVLulPdi//k2pGU8sufQ9UNjKKv622nX0Un3lLpE/aL9D1W/GVJMW1EkI6 yRQh1XNRB6EkuQ0cND7CHsgekcf8MmC5f3bYZfy8OSziPbcBwwhv7TowROJi5mTugxL+ d0wA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-filter; bh=cWMxZxjmTF92DnjVgyipJF2aSu5WXHhpAFKNFH6AIwo=; b=jlW8dRN4pgzTMUv01OK0oWUE0kwTJfW3vOxIbQiDUT7g+CGjR8Tr/icvBoR2OZBrgM OeyI4AfntJZudEB/IX1t4F2axs1/XOjZ7fgxC32xVUo2JlrH6UyBPWfgI3FgDEBpNPHo nYio3qBpmBXg1MB2ow8w8FrhbUYTqMyCVolyLpvtbYsr7FDHAyvAJ+p8P2+lW5a/+RpX +LWgkbF4h8pggPSByfGuzLhajbM0eTWS00ErEF43fH7Qay/XZkQDXKdHqNzfYptpLvTi jzTrjXtYexK758nstznQY53yBLT+ZYPoPJVJq6QRok5VGWiB16k/zq3FCLoRW1SiZyG0 vxHA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zytor.com header.s=2021042801 header.b=P8NTIcWg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 5si10300550ejw.423.2021.05.10.11.10.09; Mon, 10 May 2021 11:10:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@zytor.com header.s=2021042801 header.b=P8NTIcWg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232995AbhEJRqq (ORCPT + 99 others); Mon, 10 May 2021 13:46:46 -0400 Received: from terminus.zytor.com ([198.137.202.136]:42871 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231680AbhEJRqo (ORCPT ); Mon, 10 May 2021 13:46:44 -0400 Received: from tazenda.hos.anvin.org ([IPv6:2601:646:8602:8be0:7285:c2ff:fefb:fd4]) (authenticated bits=0) by mail.zytor.com (8.16.1/8.15.2) with ESMTPSA id 14AHjGkE2449170 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Mon, 10 May 2021 10:45:28 -0700 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 14AHjGkE2449170 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2021042801; t=1620668728; bh=cWMxZxjmTF92DnjVgyipJF2aSu5WXHhpAFKNFH6AIwo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=P8NTIcWgDQpG9GpBp6GU3R2pCW5ZUCMHN+aWCRymfDpKS3BcqRKnbZEFoYjCuGczk FvD4cigjY4eaAqcfBHuKlsiKe1EbLWGp7f1yfZwkkl6Y1Wa27OZxx+9HvadeZ5smI2 YpCoo+72e5VroZUWL2ZVRsnezk+P6BImYV1jCkCMS6+UGkvCpKszfRDXVFHCJfMjAG K2SV8KClGXRZM/tZEPpodsnkQEQ7P+vxumChB4AEqHv6dM50lBpVSO4QmiixDNbyO7 wspVbyUjdR9x50AQrhsgSL5RmSbl35mCsR9l69L3vPDV0DySnuKcdzOaaoqpsD/fNZ rnU3CGfMbnSAA== From: "H. Peter Anvin" To: Ingo Molnar , Thomas Gleixner , Andy Lutomirski , Borislav Petkov Cc: "H. Peter Anvin" , Linux Kernel Mailing List Subject: [RFC PATCH 4/6] x86/syscall: maximize MSR_SYSCALL_MASK Date: Mon, 10 May 2021 10:45:07 -0700 Message-Id: <20210510174509.3039991-5-hpa@zytor.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510174509.3039991-1-hpa@zytor.com> References: <20210510174509.3039991-1-hpa@zytor.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "H. Peter Anvin (Intel)" It is better to clear as many flags as possible when we do a system call entry, as opposed to the other way around. The fewer flags we keep, the lesser the possible interference between the kernel and user space. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/kernel/cpu/common.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index a1b756c49a93..6cf697574661 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1773,10 +1773,16 @@ void syscall_init(void) wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL); #endif - /* Flags to clear on syscall */ + /* + * Flags to clear on syscall; clear as much as possible + * to minimize user space-kernel interference. + */ wrmsrl(MSR_SYSCALL_MASK, - X86_EFLAGS_TF|X86_EFLAGS_DF|X86_EFLAGS_IF| - X86_EFLAGS_IOPL|X86_EFLAGS_AC|X86_EFLAGS_NT); + X86_EFLAGS_CF|X86_EFLAGS_PF|X86_EFLAGS_AF| + X86_EFLAGS_ZF|X86_EFLAGS_SF|X86_EFLAGS_TF| + X86_EFLAGS_IF|X86_EFLAGS_DF|X86_EFLAGS_OF| + X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_RF| + X86_EFLAGS_AC|X86_EFLAGS_ID); } #else /* CONFIG_X86_64 */ -- 2.31.1