Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp159677pxb; Thu, 21 Apr 2022 20:07:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzZT2FM4GQiKBrhF6Abl6AQr1TYeodAx3UrL/9Y0jbSuyRH1OHLlGFVq2RClCIxl3WBgb9n X-Received: by 2002:aa7:cb96:0:b0:413:8d05:ebc with SMTP id r22-20020aa7cb96000000b004138d050ebcmr2650742edt.81.1650596858710; Thu, 21 Apr 2022 20:07:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650596858; cv=none; d=google.com; s=arc-20160816; b=DUIvLfF/AbbPRV88sbkpX3v6Xua9ObqyszSHMj7IblkBamERuy3LeeqOKoWtKN5guN oxOA5qyXCG87GC3iqwU3/txq3Af8Dc1NUN/bXiLtno1g3RR2gBcE/qToipnQ758gjkm3 UREdMlN9R0ybvjPsfG4ajNDiNNm1CooG8j6qyWFyxvwmhHAQMFIU6fILlsGIRtIs/pRD jmzCCcu2+VRyXoWhmi2cWO77Jxx0kATLUXx8Jt7ZJavvTg7VLXwJEpTHXVi6WikeHHRQ dEUd6GcGplOXAVmF7eQTJHVjjRd/T6P8C6WkwoxX+dOIPR/oM0O0u/gNeKbpbtEoC+Co 225w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=vcScalISLTRGa9X7fknkSeaZRuC9IWrN8eSAEHhs9bA=; b=ze9S54oZjmej0F1TV3jbBzPs2uWUiqXXSvKRep00Z2hwtns36rZbmhkpkezzz1JycB ghkL5fEwkRudYoIwnlJlxpg655Finfj2znQQVSvtbIWU2Y0hizkcBPe9oDxT0a5RaFpa gvs9ZwYm5bza84l/Wyc4jJY1SJsFaj6+K1eUJCsN2hRonB3y4HkF90mT1KgM04MUB4ym bnrDUy0NSmIxCLIlEcFcf1O5kEpMmiN3mZ1o2l6JQuliCPnoFOr68JVVbMysjvhc3ZXk JW1WHhlMjc238Syh5zLe2+Oa2oZY1ZNaNYyG3Pg9TDzHD4m2WMQBfVGx4CN0fk4AHWlD gLuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=gXXzQZpX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n18-20020a1709067b5200b006e87fcf4cc5si5591895ejo.734.2022.04.21.20.07.14; Thu, 21 Apr 2022 20:07:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=gXXzQZpX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354847AbiDTDYQ (ORCPT + 99 others); Tue, 19 Apr 2022 23:24:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52398 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238897AbiDTDYP (ORCPT ); Tue, 19 Apr 2022 23:24:15 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 4E5C021E13 for ; Tue, 19 Apr 2022 20:21:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650424889; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=vcScalISLTRGa9X7fknkSeaZRuC9IWrN8eSAEHhs9bA=; b=gXXzQZpXMFH6xIcMJCsXwew75khO5IGZVgqVp0nbzxJD7cKkbts96ViP3q14XPyEAKcnVM xs1MUbLUBmwvDKZUEwVwpQQFhlcp3CDyku1ZhLeDsMnf+LUW4bVGkuEbYM+lQkNb9iQJ0e xjPIsv+AKh3y7QXYTQqzl9kalESTf4I= Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com [209.85.219.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-110-8us0FuqaMyu6M_q7H8XUbA-1; Tue, 19 Apr 2022 23:21:27 -0400 X-MC-Unique: 8us0FuqaMyu6M_q7H8XUbA-1 Received: by mail-qv1-f70.google.com with SMTP id j7-20020a05621419c700b004461f75de48so483640qvc.10 for ; Tue, 19 Apr 2022 20:21:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=vcScalISLTRGa9X7fknkSeaZRuC9IWrN8eSAEHhs9bA=; b=poJv7rQUdFeBX/3muDnG+dp7l/5TsiYomMrJ/1Ps+q2fx69Au9OT03FBl5i6YzPheW Z65gYCCfEk1E77vK06k9G8xKrYRbxCFO2dtAt5xIYsNDoiH8JKEbifu+sc+qhXadsAlg IF0Sb2AOvTIlimrk2KD7uujo569xoXcSNxrC5qP+ZFBZe5M/Ji1nXTHpZy2I0U8KMZgr hrtT9POgKkPr07V94CmcICx+Oyituj/0nHH9uMySap19kr8u68Dyd10b9B6sRUWEmT7T /fEdu34XMHZmhuIeLZEOmjZxJEBrcy8kcVpC078Yw4M7jGH6mXU0TRHm8StyhUCckubo dtVQ== X-Gm-Message-State: AOAM532jvN4Ghfx9Sn9zxAmIGihk7HlNaWLH0QjQz2Bi4g2nkpIwg5lB lLb6gTx5vp/OPBd5SU3Ljpf2whYf7JvfutxlwjZhL1FnjsDTFt10ezWDEYILtlnV53wQffi71rD B1a2rwpocVqFCtZUUmgdg4HNC X-Received: by 2002:a05:620a:c4f:b0:67d:4996:fd8 with SMTP id u15-20020a05620a0c4f00b0067d49960fd8mr10966321qki.518.1650424887530; Tue, 19 Apr 2022 20:21:27 -0700 (PDT) X-Received: by 2002:a05:620a:c4f:b0:67d:4996:fd8 with SMTP id u15-20020a05620a0c4f00b0067d49960fd8mr10966309qki.518.1650424887306; Tue, 19 Apr 2022 20:21:27 -0700 (PDT) Received: from treble ([2600:1700:6e32:6c00::35]) by smtp.gmail.com with ESMTPSA id o6-20020a05622a044600b002e1b9be8e6fsm1060745qtx.36.2022.04.19.20.21.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Apr 2022 20:21:26 -0700 (PDT) Date: Tue, 19 Apr 2022 20:21:23 -0700 From: Josh Poimboeuf To: Peter Zijlstra Cc: x86@kernel.org, brgerst@gmail.com, jiangshanlai@gmail.com, Andrew.Cooper3@citrix.com, linux-kernel@vger.kernel.org, Andy Lutomirski Subject: Re: [PATCH 2/2] x86,entry: Use PUSH_AND_CLEAR_REGS for compat Message-ID: <20220420032123.6c344rjr4poockjr@treble> References: <20220419204109.520779286@infradead.org> <20220419205241.339242797@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20220419205241.339242797@infradead.org> X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 19, 2022 at 10:41:11PM +0200, Peter Zijlstra wrote: > Since the upper regs don't exist for ia32 code, preserving them > doesn't hurt and it simplifies the code. But an attacker can still control those registers, so clearing them on the stack is better, as it reduces user control over the kernel stack. 64-bit syscalls *do* have to save those registers to the stack, so whether it truly matters if compat mode is made equally insecure, I can't say. But without evidence to the contrary, my feeling is that we should err on the side of caution. -- Josh