lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 21 Mar 2017 09:03:40 -0500
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     mingo@...nel.org, tglx@...utronix.de, hpa@...or.com,
        linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org,
        arjan@...ux.intel.com, bp@...en8.de, richard.weinberger@...il.com
Subject: Re: [PATCH 1/5] x86: Implement __WARN using UD0

On Fri, Mar 17, 2017 at 10:19:19PM +0100, Peter Zijlstra wrote:
> --- a/arch/x86/include/asm/bug.h
> +++ b/arch/x86/include/asm/bug.h
> @@ -1,36 +1,70 @@
>  #ifndef _ASM_X86_BUG_H
>  #define _ASM_X86_BUG_H
>  
> +#include <linux/stringify.h>
> +
>  #define HAVE_ARCH_BUG
>  
> -#ifdef CONFIG_DEBUG_BUGVERBOSE
> +/*
> + * Since some emulators terminate on UD2, we cannot use it for WARN.
> + * Since various instruction decoders disagree on the length of UD1,
> + * we cannot use it either. So use UD0 for WARN.
> + *
> + * (binutils knows about "ud1" but {en,de}codes it as 2 bytes, whereas
> + *  our kernel decoder thinks it takes a ModRM byte, which seems consistent
> + *  with various things like the Intel SDM instruction encoding rules)
> + */
> +
> +#define ASM_UD0		".byte 0x0f, 0xff"
> +#define ASM_UD1		".byte 0x0f, 0xb9" /* + ModRM */
> +#define ASM_UD2		".byte 0x0f, 0x0b"

Thas ASM_UD1 macro isn't used anywhere.

> --- a/arch/x86/kernel/traps.c
> +++ b/arch/x86/kernel/traps.c
> @@ -169,6 +169,41 @@ void ist_end_non_atomic(void)
>  	preempt_disable();
>  }
>  
> +int is_valid_bugaddr(unsigned long addr)
> +{
> +	unsigned short ud;
> +
> +#ifdef CONFIG_X86_32
> +	if (addr < PAGE_OFFSET)
> +		return 0;
> +#else
> +	if ((long)addr > 0)
> +		return 0;
> +#endif

I think comparing with TASK_SIZE would be more correct and it wouldn't
need an ifdef.

> +	if (probe_kernel_address((unsigned short *)addr, ud))
> +		return 0;
> +
> +	return ud == 0x0b0f || ud == 0xff0f;
> +}

This code would be easier to grok if these were defines IMO.

Also, now that some of the BUG-specific functions are now also related
to WARN, they should probably be renamed to describe their new purpose,
like:

  "report_bug" -> "report_bug_or_warning"
  "fixup_bug"  -> "fixup_bug_or_warning"

On a related note, if warn and bug are going to continue to use two
separate ud instructions for the foreseeable future, report_bug() could
be cleaned up a bit: e.g., for a ud0 instruction, it doesn't make sense
to call find_bug().

> +
> +static int fixup_bug(struct pt_regs *regs, int trapnr)
> +{
> +	if (trapnr != X86_TRAP_UD)
> +		return 0;
> +
> +	switch (report_bug(regs->ip, regs)) {
> +	case BUG_TRAP_TYPE_NONE:
> +	case BUG_TRAP_TYPE_BUG:
> +		break;
> +
> +	case BUG_TRAP_TYPE_WARN:
> +		regs->ip += 2;
> +		return 1;

For self-documentation purposes, maybe use a define for the length of
the ud0 instruction?

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ