[ On mobile, sorry for html ]
On Mar 5, 2018 02:26, "Joerg Roedel" <joro@xxxxxxxxxx> wrote:
From: Joerg Roedel <jroedel@xxxxxxx>
Restoring the segments can cause exceptions that need to be
handled. With PTI enabled, we still need to be on kernel cr3
when the exception happens. For the cr3-switch we need
at least one integer scratch register, so we can't switch
with the user integer registers already loaded.
This fundamentally seems wrong.
The things is, we *know* that we will restore two segment registers with the user cr3 already loaded: CS and SS get restored with the final iret.
And yes, the final iret can fault due to CS/SS no longer being valid, either because of ptrace or because the ldt was changed.
So making it be a "rule" that segment registers be restored with the kernel cr3 active seems bogus. It just means that you're making a rule that cannot possibly be generic.
So has this been tested with
- single-stepping through sysenter
This takes a DB fault in the first kernel instruction. We're in kernel mode, but with user cr3.
- ptracing and setting CS/SS to something bad
That should test the "exception on iret" case - again in kernel mode, but with user cr3 restored for the return.
I didn't look closely at the whole series, so maybe this is all fine. I mainly reacted to the "With PTI enabled, we still need to be on kernel cr3
when the exception happens" part of the explanation..
Linus
