Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp857885pxb; Fri, 22 Apr 2022 12:47:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyJW4l5tJ0B68/gR+MClNRJNZVMTGzdNG23xMMOfbK9lgA6LWVY32PZFix0pVAC8S+qHGMR X-Received: by 2002:a63:e706:0:b0:3a9:fb93:2011 with SMTP id b6-20020a63e706000000b003a9fb932011mr5298307pgi.259.1650656839271; Fri, 22 Apr 2022 12:47:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650656839; cv=none; d=google.com; s=arc-20160816; b=mon/JUxxxNWyuUjq9nIinSIWVODk/tpPRRQl0ivZJV/WmXnvE1G91N3KiLg/0eoE13 DjqxHjzoJD/69oL/io4q2AwCoQHVwEnVfYdm/u/kd69xTLBKO4EAZ7Huuyy0c6LcLSGk ODBK6Mb/uXgxgwkQCmiRf8M3uQHwBjNFd7rTtCwzbGud/VmcFc4PrL+iLnJdCPi4li2a NttX5w4u4kiZlSFd8YVgFRW9G5ShHj1ZccvVilHZn4FQX6ut4P1ErwtIPJeYd9iIJQwu 5GPBATFYOvg0Jr6ErM5HXbRgYlHaAhvzvS+dptK+t9j/O4GgJ2mWvS/cxaOZM0QVX+wT 1feg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Eew1vcVRWgxdl8FVkHcJEWW3P0l9fvQWBN1beOCN3aY=; b=XDnkiMwL7LogfgYLi3nvry7GZyJ0Ip2Mz1mDvFvQZXdRcqrgJ5UHFezoQjy6wiXmqa bnxQg+w2ZaArQoWUvQormgBEcVZVxQSnDZaxOsRice0nmknBv6cYnnaZhx90cLh2WWhe bCDO8tObPMHXDcpVlnmfBWU2RVaYeIXaQvPd/ER6jx9z6se/uoLCAmy0mL7pjxDBD8vz 7JOtBOf6EDukDoPv0WQmLkW9KszfERkyKrupR3p7U1dXyZVZfU75FKNxtJZSLXccraaC Epy1gx2ZI+rgzWqwmDMYiKUHLNcTxADgFEbr/2+Jp+28XPVrx2zF7zkZ7/gJWa1yzPTV 94ww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=Z1EWrAMq; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id w1-20020a637b01000000b003aa74f3deebsi9523952pgc.334.2022.04.22.12.47.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Apr 2022 12:47:19 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=Z1EWrAMq; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 3B4E01334EF; Fri, 22 Apr 2022 11:49:22 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1359582AbiDTHKa (ORCPT + 99 others); Wed, 20 Apr 2022 03:10:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55944 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231806AbiDTHK2 (ORCPT ); Wed, 20 Apr 2022 03:10:28 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34E4A255A6 for ; Wed, 20 Apr 2022 00:07:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=Eew1vcVRWgxdl8FVkHcJEWW3P0l9fvQWBN1beOCN3aY=; b=Z1EWrAMqhJP9gbeGLhx3yllU/j IkU+/vtkf0sWHJP8ZL+/uIn/sb5dOoSyEEmyWorREVskY/tyJE6vVOu+rSJ/JXgG9VM7p+iHlk+k+ 8kVC3QOiewlk8ma8YFGhAYZDMQb0BycCurXSy9zyxgeu+sGEuVg6Wc7bXpRDnb3XYzE56f/eyNdUn Q56RHihyME9xPspjnx3vOsuCkkYda3jQ1oOpIE2mTZPpCyZ/AwEsw4gHShZw81xHFmZi4Used9SiW /0oKEIRHQUfcwnbff36N0+RCYZkcjIIly4fGK6gSMtbOfFxsKgdxl+jAlty8T6ogaBfs3OrycSUK3 FHTqmbSw==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=worktop.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1nh4R2-003qyW-NM; Wed, 20 Apr 2022 07:07:32 +0000 Received: by worktop.programming.kicks-ass.net (Postfix, from userid 1000) id B04859861A4; Wed, 20 Apr 2022 09:07:30 +0200 (CEST) Date: Wed, 20 Apr 2022 09:07:30 +0200 From: Peter Zijlstra To: Josh Poimboeuf Cc: x86@kernel.org, brgerst@gmail.com, jiangshanlai@gmail.com, Andrew.Cooper3@citrix.com, linux-kernel@vger.kernel.org, Andy Lutomirski Subject: Re: [PATCH 2/2] x86,entry: Use PUSH_AND_CLEAR_REGS for compat Message-ID: <20220420070730.GB2731@worktop.programming.kicks-ass.net> References: <20220419204109.520779286@infradead.org> <20220419205241.339242797@infradead.org> <20220420032123.6c344rjr4poockjr@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220420032123.6c344rjr4poockjr@treble> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 19, 2022 at 08:21:23PM -0700, Josh Poimboeuf wrote: > On Tue, Apr 19, 2022 at 10:41:11PM +0200, Peter Zijlstra wrote: > > Since the upper regs don't exist for ia32 code, preserving them > > doesn't hurt and it simplifies the code. > > But an attacker can still control those registers, so clearing them on > the stack is better, as it reduces user control over the kernel stack. > > 64-bit syscalls *do* have to save those registers to the stack, so > whether it truly matters if compat mode is made equally insecure, I > can't say. But without evidence to the contrary, my feeling is that we > should err on the side of caution. Right, so earlier Brian said simpler might be better, and I figured I'd try to see if I could make that stick, because I too like simpler ;-) Also, since int80 already has to do this, attackers already have their attack surface.