Re: CONFIG_PAGE_TABLE_ISOLATION=y on x86_64 causes gcc to segfault when building x86_32 binaries

From: Andy Lutomirski
Date: Wed Jan 03 2018 - 18:43:16 EST

Next message: Andy Lutomirski: "Re: "bad pmd" errors + oops with KPTI on 4.14.11 after loading X.509 certs"
Previous message: Paolo Bonzini: "Re: [PATCH v2] KVM: x86: do not read FS/GS base MSRs when saving them"
In reply to: Thomas Gleixner: "Re: CONFIG_PAGE_TABLE_ISOLATION=y on x86_64 causes gcc to segfault when building x86_32 binaries"
Next in thread: Dave Hansen: "Re: CONFIG_PAGE_TABLE_ISOLATION=y on x86_64 causes gcc to segfault when building x86_32 binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Jan 3, 2018, at 2:22 PM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
>
>> On Wed, 3 Jan 2018, Andy Lutomirski wrote:
>>
>>> On Wed, Jan 3, 2018 at 10:52 AM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
>>>> On Wed, 3 Jan 2018, Thomas Gleixner wrote:
>>>>
>>>>> On Wed, 3 Jan 2018, Lars Wendler wrote:
>>>>> Am Wed, 3 Jan 2018 13:05:38 +0100 (CET)
>>>>> schrieb Thomas Gleixner <tglx@xxxxxxxxxxxxx>:
>>>>>> Also can you please try Linus v4.15-rc6 with PTI enabled so we can see
>>>>>> whether that's a backport issue or a general one?
>>>>>
>>>>> Same problem with 4.15-rc6. So I suppose that means it's a general
>>>>> issue.
>>>>
>>>> Just a shot in the dark as I just decoded another issue on a AMD CPU. Can
>>>> you please try the patch below?
>>>
>>> Ok. Found the real issue. This is a problem on AMD boxen.
>>>
>>> Fix below.
>>>
>>> Can Xen folks please have a look at that as well?
>>>
>>> Thanks,
>>>
>>> tglx
>>>
>>> 8<-------------------
>>>
>>> arch/x86/entry/entry_64_compat.S | 13 ++++++-------
>>> 1 file changed, 6 insertions(+), 7 deletions(-)
>>>
>>> --- a/arch/x86/entry/entry_64_compat.S
>>> +++ b/arch/x86/entry/entry_64_compat.S
>>> @@ -190,8 +190,13 @@ ENTRY(entry_SYSCALL_compat)
>>> /* Interrupts are off on entry. */
>>> swapgs
>>>
>>> - /* Stash user ESP and switch to the kernel stack. */
>>> + /* Stash user ESP */
>>> movl %esp, %r8d
>>> +
>>> + /* Use %rsp as scratch reg. User ESP is stashed in r8 */
>>> + SWITCH_TO_KERNEL_CR3 scratch_reg=%rsp
>>> +
>>> + /* Switch to the kernel stack */
>>> movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
>>>
>>> /* Construct struct pt_regs on stack */
>>> @@ -220,12 +225,6 @@ GLOBAL(entry_SYSCALL_compat_after_hwfram
>>> pushq $0 /* pt_regs->r15 = 0 */
>>>
>>> /*
>>> - * We just saved %rdi so it is safe to clobber. It is not
>>> - * preserved during the C calls inside TRACE_IRQS_OFF anyway.
>>> - */
>>> - SWITCH_TO_KERNEL_CR3 scratch_reg=%rdi
>>> -
>>> - /*
>>> * User mode is traced as though IRQs are on, and SYSENTER
>>> * turned them off.
>>> */
>>
>> What's the issue that this is fixing?
>
>>> movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
>
> before switching CR3 is obviously broken ...
>
>

Duh.

This is what happens when we have five hundred versions of the patches and we change how it all works half way through. And the 0day bot doesn't test the AMD path.

>

Next message: Andy Lutomirski: "Re: "bad pmd" errors + oops with KPTI on 4.14.11 after loading X.509 certs"
Previous message: Paolo Bonzini: "Re: [PATCH v2] KVM: x86: do not read FS/GS base MSRs when saving them"
In reply to: Thomas Gleixner: "Re: CONFIG_PAGE_TABLE_ISOLATION=y on x86_64 causes gcc to segfault when building x86_32 binaries"
Next in thread: Dave Hansen: "Re: CONFIG_PAGE_TABLE_ISOLATION=y on x86_64 causes gcc to segfault when building x86_32 binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]