On Fri, Mar 27, 2026 at 01:33:15PM +0100, Peter Zijlstra wrote: > On Thu, Mar 26, 2026 at 03:06:05PM -0700, Andy Lutomirski wrote: > > > > > > On Thu, Mar 26, 2026, at 2:44 AM, Yi Lai wrote: > > > The existing 'sysret_rip' selftest asserts that 'regs->r11 == > > > regs->flags'. This check relies on the behavior of the SYSCALL > > > instruction on legacy x86_64, which saves 'RFLAGS' into 'R11'. > > > > > > However, on systems with FRED (Flexible Return and Event Delivery) > > > enabled, instead of using registers, all state is saved onto the stack. > > > Consequently, 'R11' retains its userspace value, causing the assertion > > > to fail. > > > > > > Fix this by detecting if FRED is enabled and skipping the register > > > assertion in that case. The detection is done by checking if the RPL > > > bits of the GS selector are preserved after a hardware exception. > > > IDT (via IRET) clears the RPL bits of NULL selectors, while FRED (via > > > ERETU) preserves them. > > > > > > > I don't really like this. I think we have two credible choices: > > > > 1. Define the Linux ABI to be that, on FRED systems, SYSCALL preserves > > R11 and RCX on entry and exit. And update the test to actually test > > this. > > > > 2. Define the Linux ABI to be what it has been for quite a few years: > > SYSCALL entry copies RFLAGS to R11 and RIP to RCX and SYSCALL exit > > preserves all registers. > > > > I'm in favor of #2. People love making new programming languages and > > runtimes and inline asm and, these days, vibe coded crap. And it's > > *easier* to emit a SYSCALL and forget to tell the compiler / code > > generator that RCX and R11 are clobbered than it is to remember that > > they're clobbered. And it's easy to test on FRED (well, not really, > > but it hopefully will be some day) and it's easy to publish one's > > code, and then everyone is a bit screwed when the resulting program > > crashes sometimes on non-FRED systems. And it will be miserable to > > debug. > > > > (It's *really* *really* easy to screw this up in a way that sort of > > works even on non-FRED: RCX and R11 are usually clobbered across > > function calls, so one can get into a situation in which one's > > generated code usually doesn't require that SYSCALL preserve one of > > these registers until an inlining decision changes or some code gets > > reordered, and then it will start failing. And making the failure > > depend on hardware details is just nasty. > > > > So I think we should add the ~2 lines of code to fix the SYSCALL entry > > on FRED to match non-FRED. > > Yes; I'm afraid I have to concur. Preserving the clobber on entry for > FRED systems is by far the safest choice. > > Aside from this selftest, fancy debuggers and anything that can transfer > userspace state between machines might be 'surprised'.
Thanks Andy and Peter. Indeed, making the selftest branch on FRED vs. non-FRED behavior is not a good practice. The selftest should validate ABI consistency. I agree with Andy's option #2, so this should be fixed in the FRED syscall entry implementation. Li Xin, does this direction look right to you? I can assit with validation and keep the selftest aligned with the agreed ABI. Regards, Yi Lai
