Re: [PATCH 0/6] x86/entry: disallow #DB more

From: Peter Zijlstra
Date: Fri May 29 2020 - 04:00:53 EST

Next message: Kees Cook: "Re: [PATCH v2 1/2] seccomp: notify user trap about unused filter"
Previous message: Christian Brauner: "Re: [PATCH v2 2/2] tests: test seccomp filter notifications"
In reply to: Lai Jiangshan: "Re: [PATCH 0/6] x86/entry: disallow #DB more"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 29, 2020 at 07:05:54AM +0800, Lai Jiangshan wrote:
> On Fri, May 29, 2020 at 6:48 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> >
> > On Fri, May 29, 2020 at 06:42:46AM +0800, Lai Jiangshan wrote:
> > > On Fri, May 29, 2020 at 4:25 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> > > >
> > > > These patches disallow #DB during NMI/#MC and allow removing a lot of fugly code.
> > > >
> > >
> > > Hello
> > >
> > > Will #DB be allowed in #DF?
> >
> > No, that whole thing is noinstr.
>
> But it calls many functions, including die(), panic().
> We don't want #DB to interfere how it die() and panic().
> Since it is in fragile #DF, the #DB may mess it up and
> make #DF fails to report and die.

The only recoverable #DF is the ESPFIX shit. If we do not take that,
we're on the way to panic(), I really can't be arsed if you crash the
box before that, we're going to die anyway.

Next message: Kees Cook: "Re: [PATCH v2 1/2] seccomp: notify user trap about unused filter"
Previous message: Christian Brauner: "Re: [PATCH v2 2/2] tests: test seccomp filter notifications"
In reply to: Lai Jiangshan: "Re: [PATCH 0/6] x86/entry: disallow #DB more"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]