Received: by 2002:a05:7412:361b:b0:f9:2edb:3e4d with SMTP id ie27csp46472rdb;
        Sun, 17 Dec 2023 13:46:31 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEv2stv9dL/UeZ6ojUtvQFNwB5Gp2aj17rk7UpZ+zhKjjruC6uI6XO5TT6nB6O12nRpUHD0
X-Received: by 2002:a17:906:c7:b0:a1f:84ea:d8ce with SMTP id 7-20020a17090600c700b00a1f84ead8cemr4576728eji.44.1702849590989;
        Sun, 17 Dec 2023 13:46:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1702849590; cv=none;
        d=google.com; s=arc-20160816;
        b=0r6OFCxl8klOk0UhVL2gtXmRnJlotDVaVg5kGWooLeyMEMboUvbcCI7U+rlID0QNH4
         T6pug0joC0arXjKAQy19daXbE8ZgN+XziGhWbXZ/nO4b/lrRIBcGXjik3wCphvMJY32b
         dFWuo1syxDkj1mZ0YVqCu2BvU2ouHbdT2GezTEFpA/q5mhtzYGZ6dmR7nnw/nVEw241G
         dZTJH91G2GT2aAM1io6mJP5JPBza+9b6QdB6ASzvrXdV725FOVksB4Y2STrfcMgxZ83J
         hTVXPL9nsxV+iUxbhHeIcqnEnebLSwYIAIpFhwaF2SU6imaHKCqldmlosJwBXGJUIfvl
         z8Sg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:references:in-reply-to
         :user-agent:subject:cc:to:from:date:dkim-signature:dkim-filter;
        bh=UBkT/UbBN1VUMnPrXVesUOXFqJl0PBzlbqiMgCj6YiM=;
        fh=lKtMIy3qtq8tTEODyh+XTcky/ALlV/Hfh8N+LAdWfKU=;
        b=m7p2d0ELoPHqmwzB9GxIoThxMNhVZTjRyOeeaWdlaKxWh2ASGsEFtbi0CiyANG0YDn
         Ucem9ZXl8US40YfZlpZozWuLuqyjw23et33FQIhuoT0s4UxwNyRKQ8OkM36/pPCw20CF
         Lw21DUlvT9mNca1lu9uhwXCFl3/RjJb/L52ku8nNn+rOvoTt5M5vMzXCT+kuzkQum4iR
         6BRD97HEOE1fG0ay1ULV89eWxXscYn3EjXrOvUmCJNnAdRgBqVudhQRGl7NHvKTD97z1
         xxKiRwEjOF5LKtMBRvkNKD8rotbxDELv0l+Po1cKRilyFZuJybq/zhwjI/Sg8HpwT5uA
         wlSg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@zytor.com header.s=2023121201 header.b=Q8lWjJck;
       spf=pass (google.com: domain of linux-kernel+bounces-2831-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-2831-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com
Return-Path: <linux-kernel+bounces-2831-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id y14-20020a170906070e00b00a1ddf14301fsi1296177ejb.283.2023.12.17.13.46.30
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Dec 2023 13:46:30 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-2831-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@zytor.com header.s=2023121201 header.b=Q8lWjJck;
       spf=pass (google.com: domain of linux-kernel+bounces-2831-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-2831-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id B9DC91F21ABB
	for <linux.lists.archive@gmail.com>; Sun, 17 Dec 2023 21:46:30 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 99E3248CE7;
	Sun, 17 Dec 2023 21:46:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=fail reason="key not found in DNS" (0-bit key) header.d=zytor.com header.i=@zytor.com header.b="Q8lWjJck"
X-Original-To: linux-kernel@vger.kernel.org
Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3507B487A4
	for <linux-kernel@vger.kernel.org>; Sun, 17 Dec 2023 21:46:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com
Received: from [127.0.0.1] ([76.133.66.138])
	(authenticated bits=0)
	by mail.zytor.com (8.17.2/8.17.1) with ESMTPSA id 3BHLjrZP415745
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO);
	Sun, 17 Dec 2023 13:45:54 -0800
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 3BHLjrZP415745
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com;
	s=2023121201; t=1702849554;
	bh=UBkT/UbBN1VUMnPrXVesUOXFqJl0PBzlbqiMgCj6YiM=;
	h=Date:From:To:CC:Subject:In-Reply-To:References:From;
	b=Q8lWjJck6lo62970EYOSiAdoOQSYPD2tS12Sy4JJqusCXUNTUZp2BaEEMgM9paE1m
	 0BbhJtj4d1bauy+7ILwlABKR0aPdrhfRM27JOawwgau08BD+Cn7NYe/lM7NcpUH6sp
	 YJMj6pbfA7N7MF3N2xslYQKZN+ih450F+RqlspH7Anz1ULCPI/ITHqmp2KqMLrFo49
	 9l+btLU5uKpL3iDLfa2Hquv3ioAo06L3F0GJPmfw3Z7ZGqVdcAoBjp05IO8gYI+Fvn
	 +z5c3qnxVsA2Vj34SDnhvyR4iWlmo2nNybFar31RV8iVaM8zlUBBqEAu5HCpu9uEVs
	 y41WkMTSuaPgg==
Date: Sun, 17 Dec 2023 13:45:50 -0800
From: "H. Peter Anvin" <hpa@zytor.com>
To: Linus Torvalds <torvalds@linuxfoundation.org>
CC: Brian Gerst <brgerst@gmail.com>, linux-kernel@vger.kernel.org,
        x86@kernel.org, Ingo Molnar <mingo@kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>, Borislav Petkov <bp@alien8.de>,
        Peter Zijlstra <peterz@infradead.org>, Michal Luczaj <mhal@rbox.co>
Subject: Re: [PATCH 3/3] x86/sigreturn: Reject system segements
User-Agent: K-9 Mail for Android
In-Reply-To: <CAHk-=wgOxf3u-4qp9z+50y93dw2aj_nnx3Y8zLo_GGBA4U92BQ@mail.gmail.com>
References: <20231213163443.70490-1-brgerst@gmail.com> <20231213163443.70490-4-brgerst@gmail.com> <CAHk-=whXt7QZV+HDA8=PN1pTBSNTL0ZJrcqtc4af=FtJpjPQeQ@mail.gmail.com> <C7EB5080-639B-41EE-B494-869D5D6F60A7@zytor.com> <CAHk-=wgOxf3u-4qp9z+50y93dw2aj_nnx3Y8zLo_GGBA4U92BQ@mail.gmail.com>
Message-ID: <2D83F195-CFE8-41D2-87AB-60B148CC5672@zytor.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable

On December 17, 2023 1:40:53 PM PST, Linus Torvalds <torvalds@linuxfoundati=
on=2Eorg> wrote:
>On Sun, 17 Dec 2023 at 13:08, H=2E Peter Anvin <hpa@zytor=2Ecom> wrote:
>>
>> On December 13, 2023 10:54:00 AM PST, Linus Torvalds <torvalds@linuxfou=
ndation=2Eorg> wrote:
>]> >Side note: the SS/CS checks could be stricter than the usual selector=
 tests=2E
>> >
>> >In particular, normal segments can be Null segments=2E But CS/SS must =
not be=2E
>> >
>> >Also, since you're now checking the validity, maybe we shouldn't do
>> >the "force cpl3" any more, and just make it an error to try to load a
>> >non-cpl3 segment at sigreturn=2E=2E
>> >
>> >That forcing was literally just because we weren't checking it for san=
ity=2E=2E=2E
>> >
>> >           Linus
>>
>> Not to mention that changing a null descriptor to 3 is wrong=2E
>
>I don't think it is=2E All of 0-3 are "Null selectors"=2E The RPL of the
>selector simply doesn't matter when the index is zero, afaik=2E
>
>But we obviously only do this for CS/SS, which can't be (any kind of)
>Null selector and iret will GP on them regardless of the RPL in the
>selector=2E
>
>              Linus

Of course not for CS/SS, but I would agree that if the selector is 0 befor=
e the signal it shouldn't mysteriously and asynchronously become 3=2E