On Tue, May 5, 2020 at 10:19 PM Thomas Gleixner <t...@linutronix.de> wrote: > > Device interrupt handlers and system vector handlers are executed on the > interrupt stack. The stack switch happens in the low level assembly entry > code. This conflicts with the efforts to consolidate the exit code in C to > ensure correctness vs. RCU and tracing. > > As there is no way to move #DB away from IST due to the MOV SS issue, the > requirements vs. #DB and NMI for switching to the interrupt stack do not > exist anymore. The only requirement is that interrupts are disabled.
Hi, tglx and Andy Lutomirski, Is there any information about "no way to move #DB away from IST due to the MOV SS issue"? IST-based #DB results to ist_shift(for nested #DB) and debug_idt(for #NMI vs. #DB) which are somewhat ugly. If IST-less #DB should work, debug stack should be switched in software manner like interrupt stack. There was a "POP/MOV SS" CVE/issue about #BP which lead to moving #BP to IST-less by d8ba61ba58c8 (x86/entry/64: Don't use IST entry for #BP stack) #DB #BP are considered as #NMI due to their super-interrupt ability. But the kernel has much more control over #DB and #BP which can be disabled by putting the code snip into non-instrument sections like __entry noinstr etc. Is it possible to implement IST-less #DB? Thanks, Lai