From patchwork Mon Aug 14 05:53:36 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andy Lutomirski <luto@kernel.org>
X-Patchwork-Id: 9898099
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	52960602D9 for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 14 Aug 2017 05:57:13 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 39C262853A
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 14 Aug 2017 05:57:13 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2C4A5285B0; Mon, 14 Aug 2017 05:57:13 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B54BB2853A
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 14 Aug 2017 05:57:12 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1dh8KA-00075E-Tq; Mon, 14 Aug 2017 05:54:02 +0000
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <luto@kernel.org>) id 1dh8K9-000758-To
	for xen-devel@lists.xenproject.org; Mon, 14 Aug 2017 05:54:02 +0000
Received: from [193.109.254.147] by server-4.bemta-6.messagelabs.com id
	70/9D-02962-9FA31995; Mon, 14 Aug 2017 05:54:01 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrPIsWRWlGSWpSXmKPExsVybKJssu4Pq4m
	RBrd+Mlp83zKZyYHR4/CHKywBjFGsmXlJ+RUJrBl3OqazFPQIVMzudW5gvM/TxcjFISRwkEni
	yYkLjF2MnBwsAg4S6+53sHYxcnAwCsRIPPhhDRJmFPCXmPamgwnEFhKYySix9hUniC0hkCdx4
	PtBFgi7UGLehYdsIDavgKDEyZlPWCDqvSTW3HsIZnMKBEp8nzqDDWLvbEaJN/v72UB2sQmoS7
	R0+kKcoCpxvL+HGWJmosSidfuZIGYGSGw/2gY2R1jAUeLz/QdgtoiAn8TuFQuYQGYyC1xlkph
	/ZgNYA7OApkTr9t/sExiFZyG5aRaS1AJGplWMGsWpRWWpRbrGBnpJRZnpGSW5iZk5uoYGZnq5
	qcXFiempOYlJxXrJ+bmbGIHBzAAEOxj/rg08xCjJwaQkypvg0xspxJeUn1KZkVicEV9UmpNaf
	IhRhoNDSYKXDxgdQoJFqempFWmZOcC4gklLcPAoifBetgRK8xYXJOYWZ6ZDpE4xGnNcubLuCx
	PHlAPbvzAJseTl56VKifPuBykVACnNKM2DGwSL90uMslLCvIxApwnxFKQW5WaWoMq/YhTnYFQ
	S5s0FmcKTmVcCt+8V0ClMQKf0gXzBW1ySiJCSamAMnF3Ms8tL7f92K5XGeXyxC9a+nqt9zmVN
	eNkxCcbYU/F8dYs9VeVqs3c+c6pZ4iuwR7n8VYVO7oxbAe71H+3kTlhuYFpYdEjD+fTEnscfL
	DyaM21fWbzQmxux9+XFjJ0HVrdbPldU6FmRUMmk53CrXk7WkXGLeY779RbrcJPqeu6J8976mC
	mxFGckGmoxFxUnAgC8xVyH8gIAAA==
X-Env-Sender: luto@kernel.org
X-Msg-Ref: server-2.tower-27.messagelabs.com!1502690038!52082790!1
X-Originating-IP: [198.145.29.99]
X-SpamReason: No, hits=0.3 required=7.0 tests=RCVD_BY_IP
X-StarScan-Received: 
X-StarScan-Version: 9.4.45; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 22816 invoked from network); 14 Aug 2017 05:53:59 -0000
Received: from mail.kernel.org (HELO mail.kernel.org) (198.145.29.99)
	by server-2.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 14 Aug 2017 05:53:59 -0000
Received: from mail-vk0-f54.google.com (mail-vk0-f54.google.com
	[209.85.213.54])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPSA id AA861239F6
	for <xen-devel@lists.xenproject.org>;
	Mon, 14 Aug 2017 05:53:57 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AA861239F6
Received: by mail-vk0-f54.google.com with SMTP id r199so28460990vke.4
	for <xen-devel@lists.xenproject.org>;
	Sun, 13 Aug 2017 22:53:57 -0700 (PDT)
X-Gm-Message-State: AHYfb5ghYubO9SaMu4Xyzav/R3JOvEfkZ/87VwDrS+r8jGuE6f49t4R7
	qNLz5XlsMUJCUOvy+iYfKuu+Nyhg8p1R
X-Received: by 10.31.12.77 with SMTP id 74mr11961250vkm.172.1502690036699;
	Sun, 13 Aug 2017 22:53:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.5.199 with HTTP; Sun, 13 Aug 2017 22:53:36 -0700 (PDT)
In-Reply-To: 
 <CAMzpN2h7UyjJ3034ospL-_eZbiEFgi85XCZRX=sQU2rAkzpzqg@mail.gmail.com>
References: 
 <7c88ed36805d36841ab03ec3b48b4122c4418d71.1502164668.git.luto@kernel.org>
	<CAMzpN2h7UyjJ3034ospL-_eZbiEFgi85XCZRX=sQU2rAkzpzqg@mail.gmail.com>
From: Andy Lutomirski <luto@kernel.org>
Date: Sun, 13 Aug 2017 22:53:36 -0700
X-Gmail-Original-Message-ID: 
 <CALCETrUUyBzPv4ZqXJ6pC8YVTZBs+rw305f53yw_xc1xi6EEjw@mail.gmail.com>
Message-ID: 
 <CALCETrUUyBzPv4ZqXJ6pC8YVTZBs+rw305f53yw_xc1xi6EEjw@mail.gmail.com>
To: Brian Gerst <brgerst@gmail.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Juergen Gross <jgross@suse.com>, X86 ML <x86@kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Andy Lutomirski <luto@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
	"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>,
	Borislav Petkov <bpetkov@suse.de>
Subject: Re: [Xen-devel] [PATCH v2] x86/xen/64: Rearrange the SYSCALL entries
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

On Sun, Aug 13, 2017 at 7:44 PM, Brian Gerst <brgerst@gmail.com> wrote:
> On Mon, Aug 7, 2017 at 11:59 PM, Andy Lutomirski <luto@kernel.org> wrote:
>>  /* Normal 64-bit system call target */
>>  ENTRY(xen_syscall_target)
>> -       undo_xen_syscall
>> -       jmp entry_SYSCALL_64_after_swapgs
>> +       popq %rcx
>> +       popq %r11
>> +       jmp entry_SYSCALL_64_after_hwframe
>>  ENDPROC(xen_syscall_target)
>>
>>  #ifdef CONFIG_IA32_EMULATION
>>
>>  /* 32-bit compat syscall target */
>>  ENTRY(xen_syscall32_target)
>> -       undo_xen_syscall
>> -       jmp entry_SYSCALL_compat
>> +       popq %rcx
>> +       popq %r11
>> +       jmp entry_SYSCALL_compat_after_hwframe
>>  ENDPROC(xen_syscall32_target)
>>
>>  /* 32-bit compat sysenter target */
>>  ENTRY(xen_sysenter_target)
>> -       undo_xen_syscall
>> +       mov 0*8(%rsp), %rcx
>> +       mov 1*8(%rsp), %r11
>> +       mov 5*8(%rsp), %rsp
>>         jmp entry_SYSENTER_compat
>>  ENDPROC(xen_sysenter_target)
>
> This patch causes the iopl_32 and ioperm_32 self-tests to fail on a
> 64-bit PV kernel.  The 64-bit versions pass. It gets a seg fault after
> "parent: write to 0x80 (should fail)", and the fault isn't caught by
> the signal handler.  It just dumps back to the shell.  The tests pass
> after reverting this.

I can reproduce it if I emulate an AMD machine.  I can "fix" it like this:

but I haven't tried to diagnose precisely what's going on.

Xen seems to be putting the 0xe0?? values in ss and cs, which oughtn't
to be a problem, but it kills opportunistic sysretl.  Maybe that's
triggering a preexisting bug?

diff --git a/arch/x86/xen/xen-asm_64.S b/arch/x86/xen/xen-asm_64.S
index a8a4f4c460a6..6255e00f425e 100644
--- a/arch/x86/xen/xen-asm_64.S
+++ b/arch/x86/xen/xen-asm_64.S
@@ -97,6 +97,9 @@ ENDPROC(xen_syscall_target)
 ENTRY(xen_syscall32_target)
        popq %rcx
        popq %r11
+       movq $__USER32_DS, 4*8(%rsp)
+       movq $__USER32_CS, 1*8(%rsp)
+       movq %r11, 2*8(%rsp)
        jmp entry_SYSCALL_compat_after_hwframe
 ENDPROC(xen_syscall32_target)