Received: by 2002:a05:6358:701b:b0:131:369:b2a3 with SMTP id 27csp2033674rwo; Sun, 23 Jul 2023 06:20:58 -0700 (PDT) X-Google-Smtp-Source: APBJJlFUTPWVcOW6rzYf9d9EXbyDllQD8NoaoXlCNk/8JwW9CcDZPgulpi/jXDzww8uREVs/v+r/ X-Received: by 2002:a05:6a20:1446:b0:132:c07c:f042 with SMTP id a6-20020a056a20144600b00132c07cf042mr6983796pzi.15.1690118458102; Sun, 23 Jul 2023 06:20:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690118458; cv=none; d=google.com; s=arc-20160816; b=WZh6HW2E/EMUQAtq3YvIoaXJWqDrpSkUgy+R+42GkOJZLQ61msgc2jCVWKx9VVwkh+ sQOADqKR3ZAYmu+hXfiRGVSm4GANd4qkcXgPecwCf/a+OxVhPv+rjc1bBTPm7CjzMW+h dxHWXi++g3ee5/y1UQaxJ0UIH2w5welRMHU4s8wdhDq4Zih2BKSKUu3qav6/l60VLUD3 jpGh8veXZuTqNcM+AD18QwnhpqI2La89VgQIaf4vnM6dgrQdld8Hf5hlxD5vE0Dh9dCD lXirMgAtydyBw1/c/VXrXJS3/q3UdpmuP8s6lO3ErMa6PiLeDa88Vrvid/QZBTwC37BQ wXyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=BO40iUCR34boKqtV0a+boSEm0WAYtmQoWtGDnOfzR2Q=; fh=j/3oNQIO9qYmEtQypRr0eYcPNedYOvMCl2XNFwqQKXM=; b=bmwKcMGM7Qs6NVVzqjPXBRAsXBDSPYL15h6bGCP72SGVlygmWLGwdvHm181Ggx0Fms LQTHJX9qbe0CQpZi9gN9sZRxyirfnoGZPa8o7YJ4KcohjZ5vRAgMVa6svf6wGZAFjP3x hbTqObjoCEjsUXkB8dxF+qxBPhy0mGATiGiImBKWnyItyt5cMRK3ajNSx059DqUQSzaH c4Pjyc/hhPWfGzS4F6vPWxl7ljQdecgLABOabiRb2l0pNAWFt+PdCYUwPxP+yASIGBoZ 0lZxuOJnuCWlq5JltaVMqFl5hhXKmM08QTMp9P9TwTwzeabC6qfCc80YqwSf0p3NMQxE bRCw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b="VK/biSlS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g15-20020a056a001a0f00b0068658355b33si6978396pfv.167.2023.07.23.06.20.46; Sun, 23 Jul 2023 06:20:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b="VK/biSlS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229617AbjGWLSL (ORCPT + 99 others); Sun, 23 Jul 2023 07:18:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229491AbjGWLSK (ORCPT ); Sun, 23 Jul 2023 07:18:10 -0400 Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B93AA8 for ; Sun, 23 Jul 2023 04:18:08 -0700 (PDT) Received: by mail-lj1-x22a.google.com with SMTP id 38308e7fff4ca-2b974031aeaso28305391fa.0 for ; Sun, 23 Jul 2023 04:18:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690111086; x=1690715886; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=BO40iUCR34boKqtV0a+boSEm0WAYtmQoWtGDnOfzR2Q=; b=VK/biSlS5pE4EID7AILxs3ipynaIyBiv+BcJ2fOqK/u014CGOEgOE7VIfG+Tpriu/1 +4rQr3Zms/Dp9JJ5YRsKUpC5jT0yVHsZ4Pzu8o1X2mjv8kEAazpiKBJLnboWe021XfJa CrZNivugVUT8VNgs6tysfek4Eor/qsem/uD/oO7C7FTMr3tKxdTsVGKiiR6wwT+ZJPx8 km5/AhBk3tgViaUgI1NJVYDdVt0z91//5hgBKmWc/nlI7zniYP75WEQWOTvGkkZSyJij lCW+GeETpY9Z6sPG5Y09PsHcFf1q7ObW11YLshhGGx8VkeuNR+rL4dFtEPXcOCwFsCqd KXPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690111086; x=1690715886; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BO40iUCR34boKqtV0a+boSEm0WAYtmQoWtGDnOfzR2Q=; b=NFLAF37WVQ8xkbEZVtq2zzxq+X/EYtc4JXXCSNtiwA4P9J/EGiA/1Cw7g9ml/DFTHT Z093VllLkI6oSbDyfLq95GF4I5I1FR6lqSYkrayrqD3O9kAC/ZnGurKgCNtBJPqfc5GR NyDf6SFyTYHhrhkXhUZ7DpuvTYraSYlMgNj3br0T4Ippq7GTVI90znLhaEdJh7UlNf5r cIrseD66lyWYSpqhfgqcoWJAyaHFIcfZ+CGHGJ3kPbajFZJsTAQjDYlEx3k/gefDQTXw 1ZFWMSD33ugNZCqcKeCkQRZlOAxAQWOFeYoQp4Z4KqfJw6mz3/3BxSBTYWEip0kRaQ64 YbQw== X-Gm-Message-State: ABy/qLbx+TLPBHA+aRvR2dVzkBlcK2PfRG5T66nEPkfGFwkBrbMZQdnj 443JRIFZG/7A7X/Pjxqo7rqdlh4EzoKzSwOCVQ== X-Received: by 2002:a05:651c:20b:b0:2b6:efc7:2aee with SMTP id y11-20020a05651c020b00b002b6efc72aeemr4267883ljn.51.1690111086216; Sun, 23 Jul 2023 04:18:06 -0700 (PDT) MIME-Version: 1.0 References: <20230721161018.50214-1-brgerst@gmail.com> <20230721161018.50214-3-brgerst@gmail.com> In-Reply-To: From: Brian Gerst Date: Sun, 23 Jul 2023 07:17:53 -0400 Message-ID: Subject: Re: [PATCH v2 2/6] x86/entry/64: Convert SYSRET validation tests to C To: "Li, Xin3" Cc: "linux-kernel@vger.kernel.org" , "x86@kernel.org" , Thomas Gleixner , Borislav Petkov , "H . Peter Anvin" , "Lutomirski, Andy" , =?UTF-8?Q?Mika_Penttil=C3=A4?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 23, 2023 at 5:53=E2=80=AFAM Li, Xin3 wrote: > > > > @@ -84,6 +85,43 @@ __visible noinstr void do_syscall_64(struct pt_regs = *regs, int > > nr) > > > > instrumentation_end(); > > syscall_exit_to_user_mode(regs); > > Would it be better to make the following code a new function? > > And then the similar changes in patch 6 could be merged into the new > function with #ifdef CONFIG_X86_64. > > > + > > + /* > > + * Check that the register state is valid for using SYSRET to exi= t > > + * to userspace. Otherwise use the slower but fully capable IRET > > + * exit path. > > + */ > > + > > + /* XEN PV guests always use IRET path */ > > + if (cpu_feature_enabled(X86_FEATURE_XENPV)) > > + return false; > > + > > + /* SYSRET requires RCX =3D=3D RIP and R11 =3D=3D EFLAGS */ > > + if (unlikely(regs->cx !=3D regs->ip || regs->r11 !=3D regs->flags= )) > > + return false; > > + > > + /* CS and SS must match the values set in MSR_STAR */ > > + if (unlikely(regs->cs !=3D __USER_CS || regs->ss !=3D __USER_DS)) > > + return false; > > + > > + /* > > + * On Intel CPUs, SYSRET with non-canonical RCX/RIP will #GP > > + * in kernel space. This essentially lets the user take over > > + * the kernel, since userspace controls RSP. > > + */ > > + if (unlikely(!__is_canonical_address(regs->ip, __VIRTUAL_MASK_SHI= FT + > > 1))) > > + return false; > > + > > + /* > > + * SYSRET cannot restore RF. It can restore TF, but unlike IRET, > > + * restoring TF results in a trap from userspace immediately afte= r > > + * SYSRET. > > + */ > > + if (unlikely(regs->flags & (X86_EFLAGS_RF | X86_EFLAGS_TF))) > > + return false; > > + > > + /* Use SYSRET to exit to userspace */ > > + return true; > > } > > #endif > > The tests are similar but not enough to combine them. If IA32_EMULATION is enabled, both versions are needed so one copy of the function with #ifdefs won't work.. Brian Gerst