All of lore.kernel.org
 help / color / mirror / Atom feed
From: Borislav Petkov <bp@alien8.de>
To: Andy Lutomirski <luto@kernel.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>, x86-ml <x86@kernel.org>,
	Joerg Roedel <jroedel@suse.de>,
	lkml <linux-kernel@vger.kernel.org>
Subject: Re: [RFC] Have insn decoder functions return success/failure
Date: Sat, 24 Oct 2020 10:23:16 +0200	[thread overview]
Message-ID: <20201024082316.GA11562@zn.tnic> (raw)
In-Reply-To: <CALCETrVQDVLPwTTXgsRYSjxVmzeK5ekmrEiT2rWkQKO0inRLGQ@mail.gmail.com>

On Fri, Oct 23, 2020 at 05:12:49PM -0700, Andy Lutomirski wrote:
> I disagree.  A real CPU does exactly what I'm describing.  If I stick

A real modern CPU fetches up to 32 bytes insn window which it tries
to decode etc. I don't know, though, what it does when that fetch
encounters a fault - I will have to ask people. I'm not sure it would
even try to feed a shorter stream of bytes to the decoder but lemme
ask...

> 0xcc at the end of a page and a make the next page not-present, I get
> #BP, not #PF.  But if I stick 0x0F at the end of a page and mark the
> next page not-present, I get #PF.  If we're trying to decode an
> instruction in user memory, we can kludge it by trying to fetch 15
> bytes and handling -EFAULT by fetching fewer bytes, but that's gross
> and doesn't really have the right semantics.  What we actually want is
> to fetch up to the page boundary and try to decode it.  If it's a
> valid instruction or if it's definitely invalid, we're done.
> Otherwise we fetch across the page boundary.

We can do that but why would you put all that logic in the insn decoder?
Is that use case sooo important?

I mean, it would work that way anyway *even* *now* - the insn decoder
will tell you that the insn it decoded wasn't valid and you, as a
caller, know that you didn't fetch the whole 15 bytes so that means
that you still need to fetch some more. You've got all the relevant
information.

> Eventually we should wrap this whole mess up in an insn_decode_user()
> helper that does the right thing.

Oh sure, you can do that easily. Just put the logic which determines
that it copied a shorter buffer and that it attempts to decode the
shorter buffer first in it. Yah, that can work.

> And we can then make that helper
> extra fancy by getting PKRU and EPT-hacker-execute-only right, whereas
> we currently get these cases wrong.
> 
> Does this make sense?

Sure, but you could point me to those cases so that I can get a better
idea what they do exactly.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

  parent reply	other threads:[~2020-10-24  8:23 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-20 12:02 [RFC] Have insn decoder functions return success/failure Borislav Petkov
2020-10-20 14:27 ` Masami Hiramatsu
2020-10-20 14:37   ` Borislav Petkov
2020-10-21  0:50     ` Masami Hiramatsu
2020-10-21  9:27       ` Borislav Petkov
2020-10-21 14:26         ` Masami Hiramatsu
2020-10-21 16:45           ` Borislav Petkov
2020-10-22  7:31             ` Masami Hiramatsu
2020-10-22  9:30               ` Borislav Petkov
2020-10-22 13:21                 ` Masami Hiramatsu
2020-10-22 17:58                   ` Andy Lutomirski
2020-10-23  9:20                     ` Borislav Petkov
2020-10-23  9:28                     ` Masami Hiramatsu
2020-10-23  9:32                       ` Borislav Petkov
2020-10-23 10:47                         ` Masami Hiramatsu
2020-10-23 23:27                           ` Borislav Petkov
2020-10-24  0:12                             ` Andy Lutomirski
2020-10-24  7:21                               ` Masami Hiramatsu
2020-10-24  8:23                               ` Borislav Petkov [this message]
2020-10-24 16:10                                 ` Andy Lutomirski
2020-10-27 13:42                                   ` Borislav Petkov
2020-10-28 11:36                                     ` Masami Hiramatsu
2020-10-24  7:13                             ` Masami Hiramatsu
2020-10-24  8:24                               ` Borislav Petkov
2020-10-29 12:42                             ` Borislav Petkov
2020-10-30  1:24                               ` Masami Hiramatsu
2020-10-30 13:07                                 ` Borislav Petkov
2020-10-23  9:17                   ` Borislav Petkov
2020-10-22  8:04             ` Peter Zijlstra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201024082316.GA11562@zn.tnic \
    --to=bp@alien8.de \
    --cc=jroedel@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mhiramat@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.