| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170321151446.GV3093@worktop>
Date: Tue, 21 Mar 2017 16:14:46 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: mingo@...nel.org, tglx@...utronix.de, hpa@...or.com,
linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org,
arjan@...ux.intel.com, bp@...en8.de, richard.weinberger@...il.com
Subject: Re: [PATCH 1/5] x86: Implement __WARN using UD0
On Tue, Mar 21, 2017 at 09:03:40AM -0500, Josh Poimboeuf wrote:
> On Fri, Mar 17, 2017 at 10:19:19PM +0100, Peter Zijlstra wrote:
> > +/*
> > + * Since some emulators terminate on UD2, we cannot use it for WARN.
> > + * Since various instruction decoders disagree on the length of UD1,
> > + * we cannot use it either. So use UD0 for WARN.
> > + *
> > + * (binutils knows about "ud1" but {en,de}codes it as 2 bytes, whereas
> > + * our kernel decoder thinks it takes a ModRM byte, which seems consistent
> > + * with various things like the Intel SDM instruction encoding rules)
> > + */
> > +
> > +#define ASM_UD0 ".byte 0x0f, 0xff"
> > +#define ASM_UD1 ".byte 0x0f, 0xb9" /* + ModRM */
> > +#define ASM_UD2 ".byte 0x0f, 0x0b"
>
> Thas ASM_UD1 macro isn't used anywhere.
I have it there for completeness sake, and documentation purposes.
> > --- a/arch/x86/kernel/traps.c
> > +++ b/arch/x86/kernel/traps.c
> > @@ -169,6 +169,41 @@ void ist_end_non_atomic(void)
> > preempt_disable();
> > }
> >
> > +int is_valid_bugaddr(unsigned long addr)
> > +{
> > + unsigned short ud;
> > +
> > +#ifdef CONFIG_X86_32
> > + if (addr < PAGE_OFFSET)
> > + return 0;
> > +#else
> > + if ((long)addr > 0)
> > + return 0;
> > +#endif
>
> I think comparing with TASK_SIZE would be more correct and it wouldn't
> need an ifdef.
Dunno about more correct (the TIF_ADDR32 case is irrelevant here), but
yes, that would do away with the #ifdef.
> > + if (probe_kernel_address((unsigned short *)addr, ud))
> > + return 0;
> > +
> > + return ud == 0x0b0f || ud == 0xff0f;
> > +}
>
> This code would be easier to grok if these were defines IMO.
Would be nice if I could use the same defines; but I can't see how I can
make that happen :/ But sure; I suppose I can add more defines.
> Also, now that some of the BUG-specific functions are now also related
They already were, its just that x86 only now will use the WARN part of
it. I don't feel that should be part of this patch.
> to WARN, they should probably be renamed to describe their new purpose,
> like:
>
> "report_bug" -> "report_bug_or_warning"
> "fixup_bug" -> "fixup_bug_or_warning"
>
> On a related note, if warn and bug are going to continue to use two
> separate ud instructions for the foreseeable future, report_bug() could
> be cleaned up a bit: e.g., for a ud0 instruction, it doesn't make sense
> to call find_bug().
I'm sure you'll break $random arch if you go futz with that. Also, I
think you mean UD2, since that's BUG. We actually need the bug_entry for
WARNs (aka UD0).
Also, you're now optimizing the BUG() code; I don't think anybody cares
about saving a few cycles there. It shouldn't happen in the first place.
> > +static int fixup_bug(struct pt_regs *regs, int trapnr)
> > +{
> > + if (trapnr != X86_TRAP_UD)
> > + return 0;
> > +
> > + switch (report_bug(regs->ip, regs)) {
> > + case BUG_TRAP_TYPE_NONE:
> > + case BUG_TRAP_TYPE_BUG:
> > + break;
> > +
> > + case BUG_TRAP_TYPE_WARN:
> > + regs->ip += 2;
> > + return 1;
>
> For self-documentation purposes, maybe use a define for the length of
> the ud0 instruction?
Well, UD0 and UD2 really. LENGTH_UD0_OR_UD2 is a bit of a fail, name
wise.
Powered by blists - more mailing lists