On Tue, Sep 30, 2014 at 3:21 PM, Thomas Gleixner <[email protected]> wrote: > On Tue, 30 Sep 2014, Andy Lutomirski wrote: >> Anish Bhatt noticed that user programs can set RFLAGS.NT before >> syscall or sysenter, and the kernel entry code doesn't filter out >> NT. This causes kernel C code and, depending on thread flags, the >> exit slow path to run with NT set. >> >> The former is a little bit scary (imagine calling into EFI with NT >> set), and the latter will fail with #GP and send a spurious SIGSEGV. >> >> One answer would be "don't do that". But the kernel can do better >> here. >> >> These patches, which I'm not completely thrilled by, filter NT on >> all kernel entries. For syscall (both bitnesses), this is free. >> For sysenter, it costs 15 cycles or so. As a consolation prize, we >> can speed up context switches by avoiding saving and restoring flags. > > That's a nice reason not to do any of the other ugly variants.
We could do something hideous: Don't filter NT in sysexit or on context switch. Instead, handle it in bad_iret. Up side: all common cases are maximally fast. Down side: Ugly. And malicious processes can leak NT, causing return to a different process to fault, thereby adding a thousand or two cycles (or possibly a lot more if the fault hits in the middle of espfix64. Egads.) This is not intended to be a serious suggestion... --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
