From nobody Sun Sep  7 13:44:27 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2C5ADEB64DC
	for <linux-kernel@archiver.kernel.org>; Tue, 18 Jul 2023 13:45:06 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231664AbjGRNpE (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 18 Jul 2023 09:45:04 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45300 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232840AbjGRNpA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Jul 2023 09:45:00 -0400
Received: from mail-oo1-xc2b.google.com (mail-oo1-xc2b.google.com
 [IPv6:2607:f8b0:4864:20::c2b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 84099E9
        for <linux-kernel@vger.kernel.org>;
 Tue, 18 Jul 2023 06:44:59 -0700 (PDT)
Received: by mail-oo1-xc2b.google.com with SMTP id
 006d021491bc7-56669eb7565so4083710eaf.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 18 Jul 2023 06:44:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1689687898; x=1692279898;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=hq7HxHbLSZkIZz8Cp9SQzofzfhw66+x3AcdqZHyV/wI=;
        b=k4HJ9OnD7dtdzB4Iac0w4i15O+332x9P1rbwy1zN853Eo7fOvtUrt61CwghExTU95j
         raqZsbBSnsSsc0c2qIzbc5nooA6Evkh7AdkQstmgde1F7A8f48d7q48fGmp24glvAGMC
         llQNd4rWUYe2GzYC/LZ4Ih4o0me9BxvkaZs8S8xoWsdPYtsy5FfAdEMH4VJ3VAzS3sI3
         q/vmXgSalw/b2xQe11/2O69Pp5247CtxGoVmygd1vXrfQH64N7Sp+c43YDlMumMacRAN
         MhPv7gVwPg0e/3el1y08JkGuE5ynEUCwkCUKC4BBR9AZqJFr+RU1fk8lQ5dBs7Ut4Yzl
         Zm2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1689687898; x=1692279898;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=hq7HxHbLSZkIZz8Cp9SQzofzfhw66+x3AcdqZHyV/wI=;
        b=HsUAZW5KKWK+lYtBHfRzBD/vYKR68PtPNQzgxn+X2Z5cLyVsRSWsin4W8QNC0ZrDUG
         2l/owL2O0qywYoeMDvXrp6LTBa1EbS3Lz9wvFaUF8bHpcjZnVasUtF+SyaeLwtMTS6sn
         MyFtGt1kiXAfefMdIFKo5XxGw6VzZsXhhPZVC7M//4tSr9W5hsBCKyFunDksYh4eNukw
         Hx9tK7REj0nrT+lhfH2eCo3KeDibmFAsXz7J6aAHaBipQM0bnQewTvTQet8j5Yxs26s8
         SvzPgGUvTIdCQUaG1mEtqlLhwkq8BCncHLO1S1YJ4E8yjG6gbw8LsjI5njB3k0SJsHG+
         vqVw==
X-Gm-Message-State: ABy/qLYjei/Y7f8K2E3B9gl1h2/z8cHPqeV7YT9kl1s0xMjQwDsRUfff
        hcMV6ZhWvTegCQrAVjzMF2YILJFd8w==
X-Google-Smtp-Source: 
 APBJJlHe/xx44lIqHT69NCt2pPRefZC8tcUgS1bQBwY7vbTvD4izk7JvY/mCQlYEQ37NjQwjOmtYPQ==
X-Received: by 2002:a4a:304a:0:b0:564:e465:5d5c with SMTP id
 z10-20020a4a304a000000b00564e4655d5cmr6688742ooz.2.1689687898110;
        Tue, 18 Jul 2023 06:44:58 -0700 (PDT)
Received: from citadel.. (047-026-243-217.res.spectrum.com. [47.26.243.217])
        by smtp.gmail.com with ESMTPSA id
 q7-20020a4aac47000000b005660ed0becesm726778oon.39.2023.07.18.06.44.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 18 Jul 2023 06:44:57 -0700 (PDT)
From: Brian Gerst <brgerst@gmail.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@alien8.de>,
        "H . Peter Anvin" <hpa@zytor.com>,
        Andy Lutomirski <luto@kernel.org>,
        Brian Gerst <brgerst@gmail.com>
Subject: [PATCH 1/6] x86/entry/64: Remove obsolete comment on tracing vs.
 SYSRET
Date: Tue, 18 Jul 2023 09:44:41 -0400
Message-ID: <20230718134446.168654-2-brgerst@gmail.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230718134446.168654-1-brgerst@gmail.com>
References: <20230718134446.168654-1-brgerst@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

This comment comes from a time when the kernel attempted to use SYSRET
on all returns to userspace, including interrupts and exceptions.  Ever
since commit fffbb5dc ("Move opportunistic sysret code to syscall code
path"), SYSRET is only used for returning from system calls. The
specific tracing issue listed in this comment is not possible anymore.

Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
 arch/x86/entry/entry_64.S | 19 +++----------------
 1 file changed, 3 insertions(+), 16 deletions(-)

diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index 91f6818884fa..c01776a51545 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -166,22 +166,9 @@ SYM_INNER_LABEL(entry_SYSCALL_64_after_hwframe, SYM_L_=
GLOBAL)
 	jne	swapgs_restore_regs_and_return_to_usermode
=20
 	/*
-	 * SYSCALL clears RF when it saves RFLAGS in R11 and SYSRET cannot
-	 * restore RF properly. If the slowpath sets it for whatever reason, we
-	 * need to restore it correctly.
-	 *
-	 * SYSRET can restore TF, but unlike IRET, restoring TF results in a
-	 * trap from userspace immediately after SYSRET.  This would cause an
-	 * infinite loop whenever #DB happens with register state that satisfies
-	 * the opportunistic SYSRET conditions.  For example, single-stepping
-	 * this user code:
-	 *
-	 *           movq	$stuck_here, %rcx
-	 *           pushfq
-	 *           popq %r11
-	 *   stuck_here:
-	 *
-	 * would never get past 'stuck_here'.
+	 * SYSRET cannot restore RF.  It can restore TF, but unlike IRET,
+	 * restoring TF results in a trap from userspace immediately after
+	 * SYSRET.
 	 */
 	testq	$(X86_EFLAGS_RF|X86_EFLAGS_TF), %r11
 	jnz	swapgs_restore_regs_and_return_to_usermode
--=20
2.41.0
From nobody Sun Sep  7 13:44:27 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A6537EB64DC
	for <linux-kernel@archiver.kernel.org>; Tue, 18 Jul 2023 13:45:10 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231463AbjGRNpI (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 18 Jul 2023 09:45:08 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45310 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231169AbjGRNpC (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Jul 2023 09:45:02 -0400
Received: from mail-oa1-x36.google.com (mail-oa1-x36.google.com
 [IPv6:2001:4860:4864:20::36])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4193DD1
        for <linux-kernel@vger.kernel.org>;
 Tue, 18 Jul 2023 06:45:01 -0700 (PDT)
Received: by mail-oa1-x36.google.com with SMTP id
 586e51a60fabf-1b3c503af99so3968303fac.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 18 Jul 2023 06:45:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1689687900; x=1692279900;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=9lEWUAIqsSfnKHfBAoJe/16DZctl9ATFmFT415kFxyk=;
        b=HpoRg2kORxwsOdZ9M6pI5W+pBvHeF6xR4uOJiDqPTdKNLzxhEq4nm0Gk29gLqXF+/t
         GEwI8KLl0wfVC8+E5HXjA2c+ToTQJjZmqghDtKGtgMerlfJQXUxlKzUTrY9uvLc9TfJN
         RbP3HMBy8iwb38Snrku/MEH+DooQBbcgISpK25LH+OOZr8nfH8hGkcIQNq04TXmTfRTr
         n+yw3jDo2XkjZcSTnUcnFX9ryNBcfJEaEuE4cpjlZ0V9E8qZDDzHw5laC8w3OVqFO6nI
         UoIe3ZW/qC8WnwVEw1dMmHxxPl1RFnOvAe/IpGy8MspjPYwv8hNet9smabZpb+nS8YBY
         z2fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1689687900; x=1692279900;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=9lEWUAIqsSfnKHfBAoJe/16DZctl9ATFmFT415kFxyk=;
        b=EmgQln3ZGo3vYA9jSNZZYnMEIoOVfdmPzLMJV/YHZBcYqPcwr7mdGWVaHeAmUe1XuJ
         6w3Vd3FEjbc/UlzpxeAlKaDs1mJStPMrbiClq9FrJh+8xQgGuhiSgPzj/5xQOmRexjYS
         KIFkBx1ytuMXSXXAyJ+UVbvApDVdaRj7UOxOW4Z8iitXjX5lwdU+wXRNBBXm6cmpmbZU
         MKH4aH4ZKxRhuVd1Bn0EtjrTir6ChC/JfD4+2CCt/1tYnEaBGHdCHYeAqchcbHWkvVOV
         WAQGLUdT+zWbaYEt3RkUDBniaXswEjeTV6dbKnxOFz5ooey53fzJbW950i3idEgKrZE3
         46ag==
X-Gm-Message-State: ABy/qLaaQI0B4CVhDfJ7dcZZFMb7HDOMibI/VH+POt50JWl43l2CmHaD
        wwrX+ZwnYo0x01zqESIORRxXXsqJeg==
X-Google-Smtp-Source: 
 APBJJlEm1OAOJDfGCou/M5BV3u17gOhDf6JryXMzwJ9d8Luc2k0Ogkll7rUWR9yyrAWLZ1+hC2inPQ==
X-Received: by 2002:a05:6871:9b:b0:1b7:4c74:e1af with SMTP id
 u27-20020a056871009b00b001b74c74e1afmr16748571oaa.59.1689687899753;
        Tue, 18 Jul 2023 06:44:59 -0700 (PDT)
Received: from citadel.. (047-026-243-217.res.spectrum.com. [47.26.243.217])
        by smtp.gmail.com with ESMTPSA id
 q7-20020a4aac47000000b005660ed0becesm726778oon.39.2023.07.18.06.44.58
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 18 Jul 2023 06:44:58 -0700 (PDT)
From: Brian Gerst <brgerst@gmail.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@alien8.de>,
        "H . Peter Anvin" <hpa@zytor.com>,
        Andy Lutomirski <luto@kernel.org>,
        Brian Gerst <brgerst@gmail.com>
Subject: [PATCH 2/6] x86/entry/64: Convert SYSRET validation tests to C
Date: Tue, 18 Jul 2023 09:44:42 -0400
Message-ID: <20230718134446.168654-3-brgerst@gmail.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230718134446.168654-1-brgerst@gmail.com>
References: <20230718134446.168654-1-brgerst@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
 arch/x86/entry/common.c        | 50 ++++++++++++++++++++++++++++++-
 arch/x86/entry/entry_64.S      | 55 ++--------------------------------
 arch/x86/include/asm/syscall.h |  2 +-
 3 files changed, 52 insertions(+), 55 deletions(-)

diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
index 6c2826417b33..afe79c3f1c5b 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -70,8 +70,12 @@ static __always_inline bool do_syscall_x32(struct pt_reg=
s *regs, int nr)
 	return false;
 }
=20
-__visible noinstr void do_syscall_64(struct pt_regs *regs, int nr)
+/* Returns true to return using SYSRET, or false to use IRET */
+__visible noinstr bool do_syscall_64(struct pt_regs *regs, int nr)
 {
+	long rip;
+	unsigned int shift_rip;
+
 	add_random_kstack_offset();
 	nr =3D syscall_enter_from_user_mode(regs, nr);
=20
@@ -84,6 +88,50 @@ __visible noinstr void do_syscall_64(struct pt_regs *reg=
s, int nr)
=20
 	instrumentation_end();
 	syscall_exit_to_user_mode(regs);
+
+	/*
+	 * Check that the register state is valid for using SYSRET to exit
+	 * to userspace.  Otherwise use the slower but fully capable IRET
+	 * exit path.
+	 */
+
+	/* XEN PV guests always use IRET path */
+	if (cpu_feature_enabled(X86_FEATURE_XENPV))
+		return false;
+
+	/* SYSRET requires RCX =3D=3D RIP and R11 =3D=3D EFLAGS */
+	if (unlikely(regs->cx !=3D regs->ip || regs->r11 !=3D regs->flags))
+		return false;
+
+	/* CS and SS must match the values set in MSR_STAR */
+	if (unlikely(regs->cs !=3D __USER_CS || regs->ss !=3D __USER_DS))
+		return false;
+
+	/*
+	 * On Intel CPUs, SYSRET with non-canonical RCX/RIP will #GP
+	 * in kernel space.  This essentially lets the user take over
+	 * the kernel, since userspace controls RSP.
+	 *
+	 * Change top bits to match most significant bit (47th or 56th bit
+	 * depending on paging mode) in the address.
+	 */
+	shift_rip =3D (64 - __VIRTUAL_MASK_SHIFT + 1);
+	rip =3D (long) regs->ip;
+	rip <<=3D shift_rip;
+	rip >>=3D shift_rip;
+	if (unlikely((unsigned long) rip !=3D regs->ip))
+		return false;
+
+	/*
+	 * SYSRET cannot restore RF.  It can restore TF, but unlike IRET,
+	 * restoring TF results in a trap from userspace immediately after
+	 * SYSRET.
+	 */
+	if (unlikely(regs->flags & (X86_EFLAGS_RF | X86_EFLAGS_TF)))
+		return false;
+
+	/* Use SYSRET to exit to userspace */
+	return true;
 }
 #endif
=20
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index c01776a51545..b1288e22cae8 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -123,60 +123,9 @@ SYM_INNER_LABEL(entry_SYSCALL_64_after_hwframe, SYM_L_=
GLOBAL)
 	 * Try to use SYSRET instead of IRET if we're returning to
 	 * a completely clean 64-bit userspace context.  If we're not,
 	 * go to the slow exit path.
-	 * In the Xen PV case we must use iret anyway.
 	 */
-
-	ALTERNATIVE "", "jmp	swapgs_restore_regs_and_return_to_usermode", \
-		X86_FEATURE_XENPV
-
-	movq	RCX(%rsp), %rcx
-	movq	RIP(%rsp), %r11
-
-	cmpq	%rcx, %r11	/* SYSRET requires RCX =3D=3D RIP */
-	jne	swapgs_restore_regs_and_return_to_usermode
-
-	/*
-	 * On Intel CPUs, SYSRET with non-canonical RCX/RIP will #GP
-	 * in kernel space.  This essentially lets the user take over
-	 * the kernel, since userspace controls RSP.
-	 *
-	 * If width of "canonical tail" ever becomes variable, this will need
-	 * to be updated to remain correct on both old and new CPUs.
-	 *
-	 * Change top bits to match most significant bit (47th or 56th bit
-	 * depending on paging mode) in the address.
-	 */
-#ifdef CONFIG_X86_5LEVEL
-	ALTERNATIVE "shl $(64 - 48), %rcx; sar $(64 - 48), %rcx", \
-		"shl $(64 - 57), %rcx; sar $(64 - 57), %rcx", X86_FEATURE_LA57
-#else
-	shl	$(64 - (__VIRTUAL_MASK_SHIFT+1)), %rcx
-	sar	$(64 - (__VIRTUAL_MASK_SHIFT+1)), %rcx
-#endif
-
-	/* If this changed %rcx, it was not canonical */
-	cmpq	%rcx, %r11
-	jne	swapgs_restore_regs_and_return_to_usermode
-
-	cmpq	$__USER_CS, CS(%rsp)		/* CS must match SYSRET */
-	jne	swapgs_restore_regs_and_return_to_usermode
-
-	movq	R11(%rsp), %r11
-	cmpq	%r11, EFLAGS(%rsp)		/* R11 =3D=3D RFLAGS */
-	jne	swapgs_restore_regs_and_return_to_usermode
-
-	/*
-	 * SYSRET cannot restore RF.  It can restore TF, but unlike IRET,
-	 * restoring TF results in a trap from userspace immediately after
-	 * SYSRET.
-	 */
-	testq	$(X86_EFLAGS_RF|X86_EFLAGS_TF), %r11
-	jnz	swapgs_restore_regs_and_return_to_usermode
-
-	/* nothing to check for RSP */
-
-	cmpq	$__USER_DS, SS(%rsp)		/* SS must match SYSRET */
-	jne	swapgs_restore_regs_and_return_to_usermode
+	testb	%al, %al
+	jz	swapgs_restore_regs_and_return_to_usermode
=20
 	/*
 	 * We win! This label is here just for ease of understanding
diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h
index 4fb36fba4b5a..be6c5515e0b9 100644
--- a/arch/x86/include/asm/syscall.h
+++ b/arch/x86/include/asm/syscall.h
@@ -126,7 +126,7 @@ static inline int syscall_get_arch(struct task_struct *=
task)
 		? AUDIT_ARCH_I386 : AUDIT_ARCH_X86_64;
 }
=20
-void do_syscall_64(struct pt_regs *regs, int nr);
+bool do_syscall_64(struct pt_regs *regs, int nr);
=20
 #endif	/* CONFIG_X86_32 */
=20
--=20
2.41.0
From nobody Sun Sep  7 13:44:27 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D1401EB64DC
	for <linux-kernel@archiver.kernel.org>; Tue, 18 Jul 2023 13:45:16 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232882AbjGRNpP (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 18 Jul 2023 09:45:15 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45404 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232452AbjGRNpI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Jul 2023 09:45:08 -0400
Received: from mail-oa1-x31.google.com (mail-oa1-x31.google.com
 [IPv6:2001:4860:4864:20::31])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5B1DEA
        for <linux-kernel@vger.kernel.org>;
 Tue, 18 Jul 2023 06:45:02 -0700 (PDT)
Received: by mail-oa1-x31.google.com with SMTP id
 586e51a60fabf-1b0606bee45so4444879fac.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 18 Jul 2023 06:45:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1689687901; x=1692279901;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=tjiy+RZzhIETh3eDrX+VMpaBXAb3ySzD13mUYqdBjXY=;
        b=g+sYUxKzTb++c6teRndf67/J+dzoTsMqnhAxJxdpRybA10LSWB8nV2KaAWKjwdytiI
         Qq0y7I5NnojxL/CQj0sVI+h1EQ8VF0ckGo5yySR0B5VeX+B/JEDkHxkMYktU488yKbFB
         +a0vioe8dDWbOZZPU+Za0o8GgJo2/ac2HesxJAyUj+oK+J3jhuc1vHe0f1KoxprPgTfg
         i2E+7G7uEETjxA/Wt98brLVjOVBLz9muSnbIORuriSZSxdaekBkl+iQWox7HqUiAOJUf
         vBnMSKaoAJyWL4r/jgI8wh/O0MK9e+Nt9dCd427qf8VrRC9A/cLCA7PKtMlWer3CZBCI
         BlfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1689687901; x=1692279901;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=tjiy+RZzhIETh3eDrX+VMpaBXAb3ySzD13mUYqdBjXY=;
        b=ILOK0odIEelaK3TZCMLeTLdO4DIUGQ0alTmWoBp07MXF8+B3Rgzi9ttxe5yu8Bx9Qi
         dhMbQVw71wfDLGjYiXvuFmYNVJldRZC/6ZEpN+wcu7K2wxINnIdR0YJCVpdRyHz14/FD
         2ntTgAwpNi7tpKeo9jsxx3i95xKXsEtYNybsOK3dV6q7mWNf1teB8hsTACFgYYJ7/Sp6
         5zvwOvQEWi3SRCa417x1L7Wgysad6REFnvEhiwvekksFng+nb6hQkk4CJ5bKGux8XnqB
         Rb+hyjex6+o6ZvvvAQKlrEThcYYQwK3tzqIx8SRFhcYU1fMOCTtpLRGXQng+y9OlDCfg
         PD5g==
X-Gm-Message-State: ABy/qLbtEqEaFXZ654hcjChrpT45t5QS54dZ4VyfUtIzV60po5awA16T
        LAzxy+yWzWWBUWphqjzO8U0I/RZqaA==
X-Google-Smtp-Source: 
 APBJJlH1B9L2R6oy0FxumtXqvegIURkv3Sn99fjw3Ib62L06dlyaTN3r07/P7Dg72RjO+GKx+UQydQ==
X-Received: by 2002:a05:6870:3307:b0:1b0:b15:245 with SMTP id
 x7-20020a056870330700b001b00b150245mr3032884oae.16.1689687901411;
        Tue, 18 Jul 2023 06:45:01 -0700 (PDT)
Received: from citadel.. (047-026-243-217.res.spectrum.com. [47.26.243.217])
        by smtp.gmail.com with ESMTPSA id
 q7-20020a4aac47000000b005660ed0becesm726778oon.39.2023.07.18.06.44.59
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 18 Jul 2023 06:45:00 -0700 (PDT)
From: Brian Gerst <brgerst@gmail.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@alien8.de>,
        "H . Peter Anvin" <hpa@zytor.com>,
        Andy Lutomirski <luto@kernel.org>,
        Brian Gerst <brgerst@gmail.com>
Subject: [PATCH 3/6] x86/entry/compat: Combine return value test from syscall
 handler
Date: Tue, 18 Jul 2023 09:44:43 -0400
Message-ID: <20230718134446.168654-4-brgerst@gmail.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230718134446.168654-1-brgerst@gmail.com>
References: <20230718134446.168654-1-brgerst@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

Move the sysret32_from_system_call label to remove a duplicate test of
the return value from the syscall handler.

Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
 arch/x86/entry/entry_64_compat.S | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_com=
pat.S
index 70150298f8bd..b16272395f1a 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -118,9 +118,6 @@ SYM_INNER_LABEL(entry_SYSENTER_compat_after_hwframe, SY=
M_L_GLOBAL)
=20
 	movq	%rsp, %rdi
 	call	do_SYSENTER_32
-	/* XEN PV guests always use IRET path */
-	ALTERNATIVE "testl %eax, %eax; jz swapgs_restore_regs_and_return_to_userm=
ode", \
-		    "jmp swapgs_restore_regs_and_return_to_usermode", X86_FEATURE_XENPV
 	jmp	sysret32_from_system_call
=20
 .Lsysenter_fix_flags:
@@ -212,13 +209,15 @@ SYM_INNER_LABEL(entry_SYSCALL_compat_after_hwframe, S=
YM_L_GLOBAL)
=20
 	movq	%rsp, %rdi
 	call	do_fast_syscall_32
+
+sysret32_from_system_call:
 	/* XEN PV guests always use IRET path */
 	ALTERNATIVE "testl %eax, %eax; jz swapgs_restore_regs_and_return_to_userm=
ode", \
 		    "jmp swapgs_restore_regs_and_return_to_usermode", X86_FEATURE_XENPV
=20
-	/* Opportunistic SYSRET */
-sysret32_from_system_call:
 	/*
+	 * Opportunistic SYSRET
+	 *
 	 * We are not going to return to userspace from the trampoline
 	 * stack. So let's erase the thread stack right now.
 	 */
--=20
2.41.0
From nobody Sun Sep  7 13:44:27 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AE852EB64DA
	for <linux-kernel@archiver.kernel.org>; Tue, 18 Jul 2023 13:45:20 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232592AbjGRNpT (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 18 Jul 2023 09:45:19 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45424 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232466AbjGRNpI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Jul 2023 09:45:08 -0400
Received: from mail-oo1-xc29.google.com (mail-oo1-xc29.google.com
 [IPv6:2607:f8b0:4864:20::c29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A1EFFB
        for <linux-kernel@vger.kernel.org>;
 Tue, 18 Jul 2023 06:45:04 -0700 (PDT)
Received: by mail-oo1-xc29.google.com with SMTP id
 006d021491bc7-56598263d1dso3697303eaf.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 18 Jul 2023 06:45:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1689687903; x=1692279903;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=NsmzW3+TOJWaHVqRnCHb10JWPn8aclhCfGzeZRzD6io=;
        b=ZpTniNHZZhXCH/EIwNBiZB4HUT2XWQ0y1u+qYMbmTahrbxi3rBoPmOnkei+n6l55tx
         IO7WTM4lL3ME2Ck/EJEGhRA43553gt8vuaoK9WTOZjfmQe32ymNO1UKkGV9lda4ag1tu
         bp6cQWTNz1at5F09GoY/X/0b018sUpWDg7q7EGHEtDKZ44qPjyXeFc+mtgKjR7wtAG7v
         ItROc8J8kLLinbWWbefZfk5gBfCB5/wfonr1+yqNfpQqXhza/NzX0TgZvH6RKpPzf/PE
         DjY/Yd1ac7zCYw3INJ2aIxuSA6Kdl7znXvSidHPmYhxWgIYLcVN8mtWPLi5DRGbPfBR4
         fJpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1689687903; x=1692279903;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=NsmzW3+TOJWaHVqRnCHb10JWPn8aclhCfGzeZRzD6io=;
        b=cMZuSiCbEcdzK5cd52DHM0PW853NMUbsohz2QoOA6ufWQSKHh8zLvKrmIMUEeapz+n
         VSe+OuRAAiykDWP+WZBlxQpcTlGxbNDU37uuFkmyNb6U2PYDYOlhTUkSwfNxOkjWE+p9
         D0ol2YZ5YFvngocJuab7gj2ez8LvXS9U2ZI83ouIkzvnUJZ1rsdUL1HZ14o08TW8daZV
         4AhHuRE9QmL+rw9gJgPBKat2o+BNiRmBuuKm5zijRKeP76sBHEZv4haO6VEb7vZdCcYs
         tSXr3q5oHf4FNO+EQK2gV2k2f7eLA1f2GQpo7pzOKOylnJJ74LN98IFvRxlb6POa+9/n
         uc3w==
X-Gm-Message-State: ABy/qLbNbIFz/MkFXfQsUR+9EsjBG10Qzg516xoBMwVRWqmxAmGuAyvG
        GZ0sGimna2xTfW03fUZgQRLtg9YxLA==
X-Google-Smtp-Source: 
 APBJJlEtNly/PjYwGGz4q4Cr/lc3ONuP/hDLEspZvOsn6iVYNDQlFoqxnKEgvLV2N8wM1OgaqTaCFQ==
X-Received: by 2002:a4a:838a:0:b0:566:f614:20ba with SMTP id
 h10-20020a4a838a000000b00566f61420bamr5301121oog.4.1689687902889;
        Tue, 18 Jul 2023 06:45:02 -0700 (PDT)
Received: from citadel.. (047-026-243-217.res.spectrum.com. [47.26.243.217])
        by smtp.gmail.com with ESMTPSA id
 q7-20020a4aac47000000b005660ed0becesm726778oon.39.2023.07.18.06.45.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 18 Jul 2023 06:45:02 -0700 (PDT)
From: Brian Gerst <brgerst@gmail.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@alien8.de>,
        "H . Peter Anvin" <hpa@zytor.com>,
        Andy Lutomirski <luto@kernel.org>,
        Brian Gerst <brgerst@gmail.com>
Subject: [PATCH 4/6] x86/entry/32: Convert do_fast_syscall_32() to bool return
 type
Date: Tue, 18 Jul 2023 09:44:44 -0400
Message-ID: <20230718134446.168654-5-brgerst@gmail.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230718134446.168654-1-brgerst@gmail.com>
References: <20230718134446.168654-1-brgerst@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
 arch/x86/entry/common.c          | 10 +++++-----
 arch/x86/entry/entry_32.S        |  2 +-
 arch/x86/entry/entry_64_compat.S |  2 +-
 arch/x86/include/asm/syscall.h   |  4 ++--
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
index afe79c3f1c5b..15660f936ede 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -230,8 +230,8 @@ static noinstr bool __do_fast_syscall_32(struct pt_regs=
 *regs)
 	return true;
 }
=20
-/* Returns 0 to return using IRET or 1 to return using SYSEXIT/SYSRETL. */
-__visible noinstr long do_fast_syscall_32(struct pt_regs *regs)
+/* Returns true to return using SYSEXIT/SYSRETL, or false to use IRET */
+__visible noinstr bool do_fast_syscall_32(struct pt_regs *regs)
 {
 	/*
 	 * Called using the internal vDSO SYSENTER/SYSCALL32 calling
@@ -249,7 +249,7 @@ __visible noinstr long do_fast_syscall_32(struct pt_reg=
s *regs)
=20
 	/* Invoke the syscall. If it failed, keep it simple: use IRET. */
 	if (!__do_fast_syscall_32(regs))
-		return 0;
+		return false;
=20
 #ifdef CONFIG_X86_64
 	/*
@@ -282,8 +282,8 @@ __visible noinstr long do_fast_syscall_32(struct pt_reg=
s *regs)
 #endif
 }
=20
-/* Returns 0 to return using IRET or 1 to return using SYSEXIT/SYSRETL. */
-__visible noinstr long do_SYSENTER_32(struct pt_regs *regs)
+/* Returns true to return using SYSEXIT/SYSRETL, or false to use IRET */
+__visible noinstr bool do_SYSENTER_32(struct pt_regs *regs)
 {
 	/* SYSENTER loses RSP, but the vDSO saved it in RBP. */
 	regs->sp =3D regs->bp;
diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S
index 6e6af42e044a..c73047bf9f4b 100644
--- a/arch/x86/entry/entry_32.S
+++ b/arch/x86/entry/entry_32.S
@@ -837,7 +837,7 @@ SYM_FUNC_START(entry_SYSENTER_32)
=20
 	movl	%esp, %eax
 	call	do_SYSENTER_32
-	testl	%eax, %eax
+	testb	%al, %al
 	jz	.Lsyscall_32_done
=20
 	STACKLEAK_ERASE
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_com=
pat.S
index b16272395f1a..27c05d08558a 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -212,7 +212,7 @@ SYM_INNER_LABEL(entry_SYSCALL_compat_after_hwframe, SYM=
_L_GLOBAL)
=20
 sysret32_from_system_call:
 	/* XEN PV guests always use IRET path */
-	ALTERNATIVE "testl %eax, %eax; jz swapgs_restore_regs_and_return_to_userm=
ode", \
+	ALTERNATIVE "testb %al, %al; jz swapgs_restore_regs_and_return_to_usermod=
e", \
 		    "jmp swapgs_restore_regs_and_return_to_usermode", X86_FEATURE_XENPV
=20
 	/*
diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h
index be6c5515e0b9..f44e2f9ab65d 100644
--- a/arch/x86/include/asm/syscall.h
+++ b/arch/x86/include/asm/syscall.h
@@ -131,7 +131,7 @@ bool do_syscall_64(struct pt_regs *regs, int nr);
 #endif	/* CONFIG_X86_32 */
=20
 void do_int80_syscall_32(struct pt_regs *regs);
-long do_fast_syscall_32(struct pt_regs *regs);
-long do_SYSENTER_32(struct pt_regs *regs);
+bool do_fast_syscall_32(struct pt_regs *regs);
+bool do_SYSENTER_32(struct pt_regs *regs);
=20
 #endif	/* _ASM_X86_SYSCALL_H */
--=20
2.41.0
From nobody Sun Sep  7 13:44:27 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 720FFEB64DA
	for <linux-kernel@archiver.kernel.org>; Tue, 18 Jul 2023 13:45:23 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232199AbjGRNpW (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 18 Jul 2023 09:45:22 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45430 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232865AbjGRNpI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Jul 2023 09:45:08 -0400
Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com
 [IPv6:2607:f8b0:4864:20::32e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0409B13D
        for <linux-kernel@vger.kernel.org>;
 Tue, 18 Jul 2023 06:45:06 -0700 (PDT)
Received: by mail-ot1-x32e.google.com with SMTP id
 46e09a7af769-6b9c9089d01so1621491a34.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 18 Jul 2023 06:45:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1689687904; x=1692279904;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Mhx7ZNTqJJ5S4apOkLmOT04A37Dl3XYqjJCOeSe5i6M=;
        b=ac/UA9oQieeU7aKWTU7r/VlMO91BsBamlxGWOzMoRGB3MvyWn+GHeyMYYwXQdsCP1r
         EMr4rzY2EzSci18/H9ze9ypL1Y2iAokvbSVRVzanUX4t88iAwEiadokLF7YgcjLMZ0wq
         Naks0DCzYb+6dQBs+bujxrxHdwz+QBfxWodCyOj5WU8xUGMcqHbIbRQOIZD47gafJ6t9
         B13j3+H8mVt+AYmwgf8tafpVWdZYCCsYiXi+o91ANyIKnyIq592P1UY1s9LKHjpkIJfn
         D4sc5g5gzpJNkgSGoSX1tRfLMDDte6gGP0ucocI9jGm+ADrHf27JPXbf+BsUqfVcBkrh
         SiWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1689687904; x=1692279904;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Mhx7ZNTqJJ5S4apOkLmOT04A37Dl3XYqjJCOeSe5i6M=;
        b=PkvYvBFg5AVY0AcU0oMkGLN1O3HNtoIhG67KTg/YumHdBdzVWroTSYJp2s43Jfyb5a
         emVgVlHzHd7ii5FyyARfIUsop8K42k8tEjCgY5BM70y3Yw+MgQ0vbEU4m045EUfOGqCI
         c8nN61AZhvLbMu4o4XC6JMh1lCnbZzf0QAFyc/CfAJWaoh74FQ4PKpfoMQ5YUQid6dL4
         /4SsNJQGFvKLPFK1dtjJYps8vSzmXWEfjZcII8Op1xFsFFKrxKJTDnST5Im1+ay9N1mX
         A9pcqjE7FMiJV5kQhS1EL2diiG326rVfWMq0O5duRo8Pgh3A3lJMhLpfQbZgJp3U3gl4
         XMeg==
X-Gm-Message-State: ABy/qLbqGbXKT+N1H3+bOCLoX7Ua5vO6vFtsCCO57tHRz/VjYAueUUON
        jES1YC2PorSQjD5+sMQeyZo43zQw0w==
X-Google-Smtp-Source: 
 APBJJlHHEpYaPtmPlelVXaPLRa+62+5m60Gw2B6Oe+j+yg61RVtMGwTH/3TcsXAu7Hc9TYTk7dHUtg==
X-Received: by 2002:a05:6870:9a17:b0:1ad:2b76:c3 with SMTP id
 fo23-20020a0568709a1700b001ad2b7600c3mr14234488oab.39.1689687904726;
        Tue, 18 Jul 2023 06:45:04 -0700 (PDT)
Received: from citadel.. (047-026-243-217.res.spectrum.com. [47.26.243.217])
        by smtp.gmail.com with ESMTPSA id
 q7-20020a4aac47000000b005660ed0becesm726778oon.39.2023.07.18.06.45.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 18 Jul 2023 06:45:03 -0700 (PDT)
From: Brian Gerst <brgerst@gmail.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@alien8.de>,
        "H . Peter Anvin" <hpa@zytor.com>,
        Andy Lutomirski <luto@kernel.org>,
        Brian Gerst <brgerst@gmail.com>
Subject: [PATCH 5/6] x86/entry/32: Remove SEP test for SYSEXIT
Date: Tue, 18 Jul 2023 09:44:45 -0400
Message-ID: <20230718134446.168654-6-brgerst@gmail.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230718134446.168654-1-brgerst@gmail.com>
References: <20230718134446.168654-1-brgerst@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

SEP must be already be present in order for do_fast_syscall_32() to be
called on native 32-bit, so checking it again is unnecessary.

Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
 arch/x86/entry/common.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
index 15660f936ede..fca6f2b7daf3 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -275,8 +275,7 @@ __visible noinstr bool do_fast_syscall_32(struct pt_reg=
s *regs)
 	 * We don't allow syscalls at all from VM86 mode, but we still
 	 * need to check VM, because we might be returning from sys_vm86.
 	 */
-	return static_cpu_has(X86_FEATURE_SEP) &&
-		regs->cs =3D=3D __USER_CS && regs->ss =3D=3D __USER_DS &&
+	return regs->cs =3D=3D __USER_CS && regs->ss =3D=3D __USER_DS &&
 		regs->ip =3D=3D landing_pad &&
 		(regs->flags & (X86_EFLAGS_RF | X86_EFLAGS_TF | X86_EFLAGS_VM)) =3D=3D 0;
 #endif
--=20
2.41.0
From nobody Sun Sep  7 13:44:27 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1D24FEB64DA
	for <linux-kernel@archiver.kernel.org>; Tue, 18 Jul 2023 13:45:27 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231169AbjGRNpZ (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 18 Jul 2023 09:45:25 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45404 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230168AbjGRNpN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Jul 2023 09:45:13 -0400
Received: from mail-oo1-xc2c.google.com (mail-oo1-xc2c.google.com
 [IPv6:2607:f8b0:4864:20::c2c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B407D1B3
        for <linux-kernel@vger.kernel.org>;
 Tue, 18 Jul 2023 06:45:07 -0700 (PDT)
Received: by mail-oo1-xc2c.google.com with SMTP id
 006d021491bc7-563531a3ad2so3168610eaf.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 18 Jul 2023 06:45:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1689687906; x=1692279906;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Huw48BaOQUuOLcXfmSLnMJM9tEVQhPgOu4wW/uM09EY=;
        b=pz5VyQbX0Pn/sjxkqXPRPR+fJjc/hXtGXYqbhu/GnJxcdHOYiKW5a2/1i8xJzIdBWj
         FY1tj3QCP2xktCaF41/siSUNadHKS50Im92sw1+nvschQohxrE4ecQCZEI/cChSKuaDE
         1VOiYeQDaaXoaaELCuMG94lC4rA/NEj7yzShpt78DqWdy0nas9GtpHYLa+Bic3pQbQtY
         TchA1E37tU0v9PdzcSYqfqeVV+HMbJ0ucFxb8dBSNgsn8I53GeRYtPv/7d94wKjlkaP3
         aXL/pMWTfKf/fF7ICMgI9JAsdsKpK/P2LO21W5hAgwU+RbPuA62V5zjEIEwqVuAti1GB
         oY3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1689687906; x=1692279906;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Huw48BaOQUuOLcXfmSLnMJM9tEVQhPgOu4wW/uM09EY=;
        b=Mnm841vq1AhsGsDm58JCHCXBRiBVCLaOWxDMV3Iert50z3bPjbvNZec9+Qy2+Q+Ebn
         CDSrv00SyvrpsgFr4sFiL39DOrvuECIiKC4KxR0ctniH/+Au0wBaLbyVW4FhVI/R1a4a
         RI/1xSYbaB42M/Qw2/z6MiA4bLplDzu5BpN77UNo1IP8E8iAy5+9XEid9R13CEnE4jF9
         NItK500AqO94M0JFBm4AM+YadspFsx6lL7yuVJsOG8sGYKf9PbuU21GMgh2thAIchEgw
         IbVAOU8Nxyd6kVxamtodgprp2G7M1SBOxee4e6BMSiZcV/3KeEZXdpRw/XM4jrg3YHSp
         bAfg==
X-Gm-Message-State: ABy/qLbJsnWVGhr/HHkvs9Q1AiQay+mFZVjZPvXS2ATTPCJyYr1HKRsi
        1+wA7vcuGdST+qAbT2DO4Q0AL5piFw==
X-Google-Smtp-Source: 
 APBJJlGVrd/EJYF5gN97/ix9d+P+TjNduq2U3jpLMSbokCnwaO+rtwGl4fL7APi7V3Vsfeg94/zQjg==
X-Received: by 2002:a4a:7309:0:b0:566:c876:e85b with SMTP id
 s9-20020a4a7309000000b00566c876e85bmr5917320ooc.9.1689687906211;
        Tue, 18 Jul 2023 06:45:06 -0700 (PDT)
Received: from citadel.. (047-026-243-217.res.spectrum.com. [47.26.243.217])
        by smtp.gmail.com with ESMTPSA id
 q7-20020a4aac47000000b005660ed0becesm726778oon.39.2023.07.18.06.45.04
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 18 Jul 2023 06:45:05 -0700 (PDT)
From: Brian Gerst <brgerst@gmail.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@alien8.de>,
        "H . Peter Anvin" <hpa@zytor.com>,
        Andy Lutomirski <luto@kernel.org>,
        Brian Gerst <brgerst@gmail.com>
Subject: [PATCH 6/6] x86/entry/32: Clean up syscall fast exit tests
Date: Tue, 18 Jul 2023 09:44:46 -0400
Message-ID: <20230718134446.168654-7-brgerst@gmail.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230718134446.168654-1-brgerst@gmail.com>
References: <20230718134446.168654-1-brgerst@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

Merge compat and native code and clarify comments.

Signed-off-by: Brian Gerst <brgerst@gmail.com>
---
 arch/x86/entry/common.c          | 48 +++++++++++++++-----------------
 arch/x86/entry/entry_64_compat.S |  5 ++--
 2 files changed, 24 insertions(+), 29 deletions(-)

diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
index fca6f2b7daf3..b975dc1d0812 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -251,34 +251,30 @@ __visible noinstr bool do_fast_syscall_32(struct pt_r=
egs *regs)
 	if (!__do_fast_syscall_32(regs))
 		return false;
=20
-#ifdef CONFIG_X86_64
 	/*
-	 * Opportunistic SYSRETL: if possible, try to return using SYSRETL.
-	 * SYSRETL is available on all 64-bit CPUs, so we don't need to
-	 * bother with SYSEXIT.
-	 *
-	 * Unlike 64-bit opportunistic SYSRET, we can't check that CX =3D=3D IP,
-	 * because the ECX fixup above will ensure that this is essentially
-	 * never the case.
+	 * Check that the register state is valid for using SYSRETL/SYSEXIT
+	 * to exit to userspace.  Otherwise use the slower but fully capable
+	 * IRET exit path.
 	 */
-	return regs->cs =3D=3D __USER32_CS && regs->ss =3D=3D __USER_DS &&
-		regs->ip =3D=3D landing_pad &&
-		(regs->flags & (X86_EFLAGS_RF | X86_EFLAGS_TF)) =3D=3D 0;
-#else
-	/*
-	 * Opportunistic SYSEXIT: if possible, try to return using SYSEXIT.
-	 *
-	 * Unlike 64-bit opportunistic SYSRET, we can't check that CX =3D=3D IP,
-	 * because the ECX fixup above will ensure that this is essentially
-	 * never the case.
-	 *
-	 * We don't allow syscalls at all from VM86 mode, but we still
-	 * need to check VM, because we might be returning from sys_vm86.
-	 */
-	return regs->cs =3D=3D __USER_CS && regs->ss =3D=3D __USER_DS &&
-		regs->ip =3D=3D landing_pad &&
-		(regs->flags & (X86_EFLAGS_RF | X86_EFLAGS_TF | X86_EFLAGS_VM)) =3D=3D 0;
-#endif
+
+	/* XEN PV guests always use IRET path */
+	if (cpu_feature_enabled(X86_FEATURE_XENPV))
+		return false;
+
+	/* EIP must point to the VDSO landing pad */
+	if (unlikely(regs->ip !=3D landing_pad))
+		return false;
+
+	/* CS and SS must match the values set in MSR_STAR */
+	if (unlikely(regs->cs !=3D __USER32_CS || regs->ss !=3D __USER_DS))
+		return false;
+
+	/* If the TF, RF, or VM flags are set, use IRET */
+	if (unlikely(regs->flags & (X86_EFLAGS_RF | X86_EFLAGS_TF | X86_EFLAGS_VM=
)))
+		return false;
+
+	/* Use SYSRETL/SYSEXIT to exit to userspace */
+	return true;
 }
=20
 /* Returns true to return using SYSEXIT/SYSRETL, or false to use IRET */
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_com=
pat.S
index 27c05d08558a..84e21d1ebf10 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -211,9 +211,8 @@ SYM_INNER_LABEL(entry_SYSCALL_compat_after_hwframe, SYM=
_L_GLOBAL)
 	call	do_fast_syscall_32
=20
 sysret32_from_system_call:
-	/* XEN PV guests always use IRET path */
-	ALTERNATIVE "testb %al, %al; jz swapgs_restore_regs_and_return_to_usermod=
e", \
-		    "jmp swapgs_restore_regs_and_return_to_usermode", X86_FEATURE_XENPV
+	testb	%al, %al		/* Is SYSRET allowed? */
+	jz	swapgs_restore_regs_and_return_to_usermode
=20
 	/*
 	 * Opportunistic SYSRET
--=20
2.41.0