Re: [PATCH v3] x86/fsgsbase/64: Fix the base write helper functions

From: Bae, Chang Seok
Date: Wed Nov 14 2018 - 16:50:49 EST

Next message: Will Deacon: "Re: [PATCH v4 1/4] kgdb: Remove irq flags from roundup"
Previous message: Colin King: "[PATCH][next] reset: fix null pointer dereference on dev by dev_name"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Nov 6, 2018, at 17:23, Andy Lutomirski <luto@xxxxxxxxxx> wrote:
>
> On Thu, Nov 1, 2018 at 1:32 PM Chang S. Bae <chang.seok.bae@xxxxxxxxx> wrote:
>>
>> @@ -392,12 +384,7 @@ int x86_fsbase_write_task(struct task_struct *task, unsigned long fsbase)
>> if (unlikely(fsbase >= TASK_SIZE_MAX))
>> return -EPERM;
>>
>> - preempt_disable();
>> task->thread.fsbase = fsbase;
>> - if (task == current)
>> - x86_fsbase_write_cpu(fsbase);
>> - task->thread.fsindex = 0;
>> - preempt_enable();
>>
>> return 0;
>> }
>
> Similar objection to last time. If you get rid of the task == current
> check, you should WARN_ON_ONCE(task != current).
>

From your previous comments, I was a bit confused by a mixture of options.
It looks like youâd intended to suggest two different ways (by our own words):

1. The _write_task() functions must not be called on current. Then
there should be a warning, and you shouldn't call them on current.

2. The _write_task() functions should work correctly on current. In
this case, you shouldn't need to *also* called _write_cpu /
_write_cpu_inactive. You'll still need the special loadseg handling
in do_arch_prctl_64().

The option 1 looks to be simple and straight forward. So, let me go with that.

Nit. I think it should be WARN_ON_ONCE(task == current).

>> @@ -758,11 +740,41 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
>>
>> switch (option) {
>> case ARCH_SET_GS: {
>> + preempt_disable();
>> ret = x86_gsbase_write_task(task, arg2);
>> + if (ret == 0) {
>> + /*
>> + * ARCH_SET_GS has always overwritten the index
>> + * and the base. Zero is the most sensible value
>> + * to put in the index, and is the only value that
>> + * makes any sense if FSGSBASE is unavailable.
>> + */
>> + if (task == current) {
>> + loadseg(GS, 0);
>> + x86_gsbase_write_cpu_inactive(arg2);
>> + } else {
>> + task->thread.gsindex = 0;
>> + }
>> + }
>> + preempt_enable();
>
> And you should drop the redundant ...write_task if task == current.

To avoid the redundancy, the sanity check for a base value can be moved out here.

>>
>> diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
>> index ffae9b9740fd..e4ab1abca5b5 100644
>> --- a/arch/x86/kernel/ptrace.c
>> +++ b/arch/x86/kernel/ptrace.c
>> @@ -397,11 +397,11 @@ static int putreg(struct task_struct *child,
>> if (value >= TASK_SIZE_MAX)
>> return -EIO;
>> /*
>> - * When changing the FS base, use the same
>> - * mechanism as for do_arch_prctl_64().
>> + * When changing the FS base, use do_arch_prctl_64()
>> + * to set the index and the base.
>
> to set the index to zero and to set the base as requested.

Thanks for the edit.
Chang

Next message: Will Deacon: "Re: [PATCH v4 1/4] kgdb: Remove irq flags from roundup"
Previous message: Colin King: "[PATCH][next] reset: fix null pointer dereference on dev by dev_name"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]