From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NO_DNS_FOR_FROM,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from localhost.localdomain (unknown [182.253.183.169]) by gnuweeb.org (Postfix) with ESMTPSA id 3527A83127; Mon, 20 Feb 2023 03:10:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org; s=default; t=1676862627; bh=Hke7N4a3CN0c5boF6cakkDs3zb+KxALxVpws4FxKUhQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bqG32IUXAHkf+UslyWMU9sKGoy90xLT5AFuq1oPfpnBXIjxYHf47HU0PCN9/4haPR atl4SuVGTY+H/qM77bM9Tv6mROlq3J3/sgys2vIG46PHPWpbrKs1zM0jQnx+tbc9Se QKGo92x3NSwuiiHyfA6GsCmWSNv+emMyTd231lRMJ3QYU/tiE/lvwmRkdkJg5ZvIA8 Y2burWXmcX7ubRtkPvW4+kj9zro4a5M0Lwkgx0nzMvOZMsg906M4SLD/34TcLK2DgM Wx/ijjV7Sb1pPm0Pkc7QsPwC3u0ziIXrsc7HN6CMtGtxoq90GtgQ3lHqMF80OmbIwP gzckuk0ltYsfg== From: Ammar Faizi To: Ingo Molnar , "H. Peter Anvin" , Dave Hansen , Xin Li Cc: Ammar Faizi , Andrew Cooper , Andy Lutomirski , Borislav Petkov , Thomas Gleixner , Dave Hansen , Peter Zijlstra , "Kirill A. Shutemov" , x86 Mailing List , Linux Kernel Mailing List , Linux Kselftest Mailing List , GNU/Weeb Mailing List Subject: [RESEND RFC PATCH v8 2/3] selftests/x86: sysret_rip: Add more tests to verify the 'syscall' behavior Date: Mon, 20 Feb 2023 10:09:58 +0700 Message-Id: <20230220030959.119222-3-ammarfaizi2@gnuweeb.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230220030959.119222-1-ammarfaizi2@gnuweeb.org> References: <20230220030959.119222-1-ammarfaizi2@gnuweeb.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: There are two cases: A) 'syscall' in a FRED system preserves %rcx and %r11. B) 'syscall' in a non-FRED system sets %rcx=%rip and %r11=%rflags. When the do_syscall() function is called for the first time, it will memorize the behavior, either (A) or (B). Then, the next do_syscall() call will verify that the 'syscall' behavior is the same. Test them with trivial system calls like __NR_getppid and friends, which are highly likely to return with SYSRET on an IDT system. The purposes of this test are: - Ensure that the syscall behavior is consistent. It must always be (A) or always be (B). Not a mix of them. - Ensure that the kernel doesn't leak its internal data when returning to userspace. Cc: Xin Li Link: https://lore.kernel.org/lkml/25b96960-a07e-a952-5c23-786b55054126@zytor.com Co-developed-by: H. Peter Anvin (Intel) Signed-off-by: H. Peter Anvin (Intel) Signed-off-by: Ammar Faizi --- tools/testing/selftests/x86/sysret_rip.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/x86/sysret_rip.c b/tools/testing/selftests/x86/sysret_rip.c index 300104900192d396..1531593b50d02150 100644 --- a/tools/testing/selftests/x86/sysret_rip.c +++ b/tools/testing/selftests/x86/sysret_rip.c @@ -266,8 +266,21 @@ static void test_syscall_fallthrough_to(unsigned long ip) printf("[OK]\tWe survived\n"); } +/* See the comment in do_syscall(). */ +static void test_syscall_rcx_r11_consistent(void) +{ + do_syscall(__NR_getpid, 0, 0, 0, 0, 0, 0); + do_syscall(__NR_gettid, 0, 0, 0, 0, 0, 0); + do_syscall(__NR_getppid, 0, 0, 0, 0, 0, 0); +} + int main() { + int i; + + for (i = 0; i < 32; i++) + test_syscall_rcx_r11_consistent(); + /* * When the kernel returns from a slow-path syscall, it will * detect whether SYSRET is appropriate. If it incorrectly @@ -275,7 +288,7 @@ int main() * it'll crash on Intel CPUs. */ sethandler(SIGUSR1, sigusr1, 0); - for (int i = 47; i < 64; i++) + for (i = 47; i < 64; i++) test_sigreturn_to(1UL<