Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2839917pxj; Mon, 10 May 2021 11:56:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxPLcjXTy0WBh7NKNGphJJngWq8Ok6GOtqYMT6mdzcMeD5JR4d8/SfhcfzqeWmtXUIItMUQ X-Received: by 2002:a17:907:7749:: with SMTP id kx9mr27695928ejc.90.1620672960517; Mon, 10 May 2021 11:56:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620672960; cv=none; d=google.com; s=arc-20160816; b=ALUNUl/MtakVT3AOWUmzbwPmTWaCP5WvKWpWwz+ZDt+zKnwFGLCjDUym9JA1MlwV3m AjFhZt2mMZdDExoncyC+0B3AXcHMgqq6Y29/N50MURtK09bGFDxeC3LmB3P2rQyi2q8j j81M1crdWHR3pbXplLtlcQuo8VN0n+D8KKPJEapntcPo5cann3jw9KJnd1VR1FQPj6Ef pkOO0aAKZyz+9v2NMVb+bMV/ttw2nAMd+8gLk/RUs4mNwvFDLB5Cu7WeXTe+/DeqCt7k 2Hwd9yAPczCkT4Bgq0sOXMBJuaVOSRr+FiQ2+dEtAGY7TXoab5EFLMCPFxuxOSg/Gu5p Q5/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-filter; bh=XW2xI9mQyvmteVzirDc4pCwKf03ZI3QdAzMh8DgfPMU=; b=cD3tbU+foFp92MED3IYp4LcKKA04Y/qDLRkgaoMDLB2BmeWyK6sxKdbxER6rtebEqo uVGmOwK7qL7r5X2ZzJ72f6eTC6VjRdtzmH8Jyql9hSFS0Gzf+eHNEj273ddvqk2ln6En Xb568ciKqL/yEfhZ7cCc57DNEF4byYLsnmf+Pqw2wQ7Fm9H8AdeT80IQmsjF38/T++sv wyhR1A6BbSGQe+52TNrfdJ0Qd2l9HMuuHbCeu6EVb3i6BBGQhXSUXad/lVpzw4YCv2GG y6Ei8XNclovZZFiMqXdzPMhKaIgmSLRUJ8l+N6/nfvYhKhe4CxlSRYCyzsk8aBp7NNtN lQZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zytor.com header.s=2021042801 header.b="r/toyUaT"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bt12si11021688ejb.669.2021.05.10.11.55.36; Mon, 10 May 2021 11:56:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@zytor.com header.s=2021042801 header.b="r/toyUaT"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233165AbhEJSy5 (ORCPT + 99 others); Mon, 10 May 2021 14:54:57 -0400 Received: from terminus.zytor.com ([198.137.202.136]:37909 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232929AbhEJSyq (ORCPT ); Mon, 10 May 2021 14:54:46 -0400 Received: from tazenda.hos.anvin.org ([IPv6:2601:646:8602:8be0:7285:c2ff:fefb:fd4]) (authenticated bits=0) by mail.zytor.com (8.16.1/8.15.2) with ESMTPSA id 14AIrNlg2459085 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Mon, 10 May 2021 11:53:32 -0700 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 14AIrNlg2459085 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2021042801; t=1620672812; bh=XW2xI9mQyvmteVzirDc4pCwKf03ZI3QdAzMh8DgfPMU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=r/toyUaT3PGFUpMbk59NsiWK1PJDtKwGkdR4MmH7BzJF7A322GUNje9ExkBWI5RHn WL8uCdtNtwzPdE9Twz90WcnnOwA6/1c5kDHUvIz6rgHig9ZN6O4QBon62hqWgrfCsK /jb4mQaKBuMwmakCi+m+RfJpUWF/c5AQy6Ex1dHycfxM0PkBXjQdmdsICj9VQfYX/L Fs5miRmLXUKURgXhlI1Wt+PjaHIZwcZXd6zdbr+QQ1WY7MBvdRTKL0eX7JNu/x7cTE k6KROoiKqrDENvbTvr9ph8uStIhVMd2Dht+GkNCR7RcK4JOC37xhc7s1Eg/zcwY64w qH6vVf6jIuxYw== From: "H. Peter Anvin" To: Ingo Molnar , Thomas Gleixner , Borislav Petkov , Andy Lutomirski Cc: "H. Peter Anvin" , Linux Kernel Mailing List Subject: [RFC v2 PATCH 4/7] x86/syscall: maximize MSR_SYSCALL_MASK Date: Mon, 10 May 2021 11:53:13 -0700 Message-Id: <20210510185316.3307264-5-hpa@zytor.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510185316.3307264-1-hpa@zytor.com> References: <20210510185316.3307264-1-hpa@zytor.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "H. Peter Anvin (Intel)" It is better to clear as many flags as possible when we do a system call entry, as opposed to the other way around. The fewer flags we keep, the lesser the possible interference between the kernel and user space. The flags changed are: CF, PF, AF, ZF, SF, OF: these are arithmetic flags which affect branches, possibly speculatively. They should be cleared for the same reasons we now clear all GPRs on entry. RF: suppresses a code breakpoint on the subsequent instruction. It is probably impossible to enter the kernel with RF set, but if it is somehow not, it would break a kernel debugger setting a breakpoint on the entry point. Either way, user space should not be able to control kernel behavior here. ID: this flag has no direct effect (it is a scratch bit only.) However, there is no reason to retain the user space value in the kernel, and the standard should be to clear unless needed, not the other way around. Signed-off-by: H. Peter Anvin (Intel) --- arch/x86/kernel/cpu/common.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index a1b756c49a93..6cf697574661 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1773,10 +1773,16 @@ void syscall_init(void) wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL); #endif - /* Flags to clear on syscall */ + /* + * Flags to clear on syscall; clear as much as possible + * to minimize user space-kernel interference. + */ wrmsrl(MSR_SYSCALL_MASK, - X86_EFLAGS_TF|X86_EFLAGS_DF|X86_EFLAGS_IF| - X86_EFLAGS_IOPL|X86_EFLAGS_AC|X86_EFLAGS_NT); + X86_EFLAGS_CF|X86_EFLAGS_PF|X86_EFLAGS_AF| + X86_EFLAGS_ZF|X86_EFLAGS_SF|X86_EFLAGS_TF| + X86_EFLAGS_IF|X86_EFLAGS_DF|X86_EFLAGS_OF| + X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_RF| + X86_EFLAGS_AC|X86_EFLAGS_ID); } #else /* CONFIG_X86_64 */ -- 2.31.1