lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 21 Jan 2021 14:35:51 -0800
From:   Sean Christopherson <seanjc@...gle.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     kernel test robot <lkp@...el.com>,
        Andy Lutomirski <luto@...capital.net>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        kbuild-all@...ts.01.org, clang-built-linux@...glegroups.com,
        X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v1 11/19] x86/sev-es: Convert to insn_decode()

On Thu, Jan 21, 2021, Borislav Petkov wrote:
> On Mon, Dec 28, 2020 at 11:15:11AM -0800, Sean Christopherson wrote:
> > Alternatively, could the kernel case use insn_decode_regs()?  If
> > vc_fetch_insn_kernel() were also modified to mirror insn_fetch_from_user(), the
> > two code paths could be unified except for the the fetch and the PFEC.  E.g.
> 
> Personal Firearms Eligibility Check?

Ha, Page Fault Error Code.

> In any case, I prefer simple, easy to follow code at a quick glance.
> Stuff like...
> 
> > 
> > static int vc_fetch_insn_kernel(struct es_em_ctxt *ctxt,
> > 				unsigned char *buffer)
> > {
> > 	if (copy_from_kernel_nofault(buffer, (unsigned char *)ctxt->regs->ip, MAX_INSN_SIZE))
> > 		return 0;
> > 
> > 	return MAX_INSN_SIZE;
> > }
> > 
> > static enum es_result vc_decode_insn(struct es_em_ctxt *ctxt)
> > {
> > 	char buffer[MAX_INSN_SIZE];
> > 	int nbytes;
> > 
> > 	if (user_mode(ctxt->regs))
> > 		nbytes = insn_fetch_from_user(ctxt->regs, buffer);
> > 	else
> > 		nbytes = vc_fetch_insn_kernel(ctxt, buffer);
> > 
> > 	if (!nbytes) {
> > 		ctxt->fi.vector     = X86_TRAP_PF;
> > 		ctxt->fi.error_code = X86_PF_INSTR;
> > 		if (user_mode(ctxt->regs))
> 
> ... this second repeated check here is not what I would call that.

But then you're stuck maintaining two separate flows that do the same thing.

> But this is my personal preference only so it's up for a vote now.

Rock Paper Scissors?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ