Re: [PATCH] Fix fall-through from case 30 (rld*) to case 31

[oliver <oohall@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 3533 bytes --]

> The patch summary should probably be something along the lines of
"powerpc/sstep: fix switch fall-through when analysing malformed rld*
instructions" or similar. The rest of the message should have the more
specific details of the bug you're fixing.
>
> In general, we always mention the affected subsystems in the patch
summary line and write both the summary line and the message so that other
developers can get a quick understanding of what the patch does without
actually needing to read the code. Keep in mind that commit messages will
show up in the git logs of every kernel developer, not just powerpc people.

That's fair.

> I had a cursory glance at the code and it's not obvious to me that this
is the correct way to deal with an invalid instruction. What happens when
you break out of the switch? It looks like it just ends up returning 0, the
same as any other instruction that isn't executed directly in the
analyse_instr() stage.
>
>Is there anywhere else in the sstep code that deals well with malformed
instructions?

When you break out of the switch the opcode type is marked as unknown and
when further attempts to parse the instruction fail it returns zero to
indicate failure. Also, many of the instructions handled by the function
are only valid in 64bit mode. For 32bit processors these instructions would
be illegal and the code that handles them is #ifdef`ed out when compiling
for 32 bit platforms so simply breaking out of the switch and letting it
propagate should be the right move here.

Oliver


On Wed, Jan 27, 2016 at 11:52 AM, Andrew Donnellan <
andrew.donnellan@au1.ibm.com> wrote:

> On 25/01/16 17:55, Oliver O'Halloran wrote:
>
>> I think this bug can only be triggered if the instruction to
>> simulate is malformed. The switch in the else case only handles
>> the zero and one case, but it extracts bits 4:1 from the
>> instruction word so it may be other values. It's pretty minor, but
>> a bug is a bug.
>>
>> Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
>>
>
> The patch summary should probably be something along the lines of
> "powerpc/sstep: fix switch fall-through when analysing malformed rld*
> instructions" or similar. The rest of the message should have the more
> specific details of the bug you're fixing.
>
> In general, we always mention the affected subsystems in the patch summary
> line and write both the summary line and the message so that other
> developers can get a quick understanding of what the patch does without
> actually needing to read the code. Keep in mind that commit messages will
> show up in the git logs of every kernel developer, not just powerpc people.
>
> --- a/arch/powerpc/lib/sstep.c
>> +++ b/arch/powerpc/lib/sstep.c
>> @@ -925,6 +925,7 @@ int __kprobes analyse_instr(struct instruction_op
>> *op, struct pt_regs *regs,
>>                         }
>>                 }
>>   #endif
>> +       break; /* illegal instruction */
>>
>
> I had a cursory glance at the code and it's not obvious to me that this is
> the correct way to deal with an invalid instruction. What happens when you
> break out of the switch? It looks like it just ends up returning 0, the
> same as any other instruction that isn't executed directly in the
> analyse_instr() stage.
>
> Is there anywhere else in the sstep code that deals well with malformed
> instructions?
>
> --
> Andrew Donnellan              Software Engineer, OzLabs
> andrew.donnellan@au1.ibm.com  Australia Development Lab, Canberra
> +61 2 6201 8874 (work)        IBM Australia Limited
>
>

[-- Attachment #2: Type: text/html, Size: 5111 bytes --]