Re: [PATCH 1/5] x86: Implement __WARN using UD0

[Peter Zijlstra <peterz@infradead.org>]

On Tue, Mar 21, 2017 at 09:03:40AM -0500, Josh Poimboeuf wrote:
> On Fri, Mar 17, 2017 at 10:19:19PM +0100, Peter Zijlstra wrote:

> > +/*
> > + * Since some emulators terminate on UD2, we cannot use it for WARN.
> > + * Since various instruction decoders disagree on the length of UD1,
> > + * we cannot use it either. So use UD0 for WARN.
> > + *
> > + * (binutils knows about "ud1" but {en,de}codes it as 2 bytes, whereas
> > + *  our kernel decoder thinks it takes a ModRM byte, which seems consistent
> > + *  with various things like the Intel SDM instruction encoding rules)
> > + */
> > +
> > +#define ASM_UD0		".byte 0x0f, 0xff"
> > +#define ASM_UD1		".byte 0x0f, 0xb9" /* + ModRM */
> > +#define ASM_UD2		".byte 0x0f, 0x0b"
> 
> Thas ASM_UD1 macro isn't used anywhere.

I have it there for completeness sake, and documentation purposes.

> > --- a/arch/x86/kernel/traps.c
> > +++ b/arch/x86/kernel/traps.c
> > @@ -169,6 +169,41 @@ void ist_end_non_atomic(void)
> >  	preempt_disable();
> >  }
> >  
> > +int is_valid_bugaddr(unsigned long addr)
> > +{
> > +	unsigned short ud;
> > +
> > +#ifdef CONFIG_X86_32
> > +	if (addr < PAGE_OFFSET)
> > +		return 0;
> > +#else
> > +	if ((long)addr > 0)
> > +		return 0;
> > +#endif
> 
> I think comparing with TASK_SIZE would be more correct and it wouldn't
> need an ifdef.

Dunno about more correct (the TIF_ADDR32 case is irrelevant here), but
yes, that would do away with the #ifdef.

> > +	if (probe_kernel_address((unsigned short *)addr, ud))
> > +		return 0;
> > +
> > +	return ud == 0x0b0f || ud == 0xff0f;
> > +}
> 
> This code would be easier to grok if these were defines IMO.

Would be nice if I could use the same defines; but I can't see how I can
make that happen :/ But sure; I suppose I can add more defines.

> Also, now that some of the BUG-specific functions are now also related

They already were, its just that x86 only now will use the WARN part of
it. I don't feel that should be part of this patch.

> to WARN, they should probably be renamed to describe their new purpose,
> like:
> 
>   "report_bug" -> "report_bug_or_warning"
>   "fixup_bug"  -> "fixup_bug_or_warning"
> 
> On a related note, if warn and bug are going to continue to use two
> separate ud instructions for the foreseeable future, report_bug() could
> be cleaned up a bit: e.g., for a ud0 instruction, it doesn't make sense
> to call find_bug().

I'm sure you'll break $random arch if you go futz with that. Also, I
think you mean UD2, since that's BUG. We actually need the bug_entry for
WARNs (aka UD0).

Also, you're now optimizing the BUG() code; I don't think anybody cares
about saving a few cycles there. It shouldn't happen in the first place.

> > +static int fixup_bug(struct pt_regs *regs, int trapnr)
> > +{
> > +	if (trapnr != X86_TRAP_UD)
> > +		return 0;
> > +
> > +	switch (report_bug(regs->ip, regs)) {
> > +	case BUG_TRAP_TYPE_NONE:
> > +	case BUG_TRAP_TYPE_BUG:
> > +		break;
> > +
> > +	case BUG_TRAP_TYPE_WARN:
> > +		regs->ip += 2;
> > +		return 1;
> 
> For self-documentation purposes, maybe use a define for the length of
> the ud0 instruction?

Well, UD0 and UD2 really. LENGTH_UD0_OR_UD2 is a bit of a fail, name
wise.