From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Ingo Molnar <mingo@kernel.org>, Jann Horn <jannh@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
the arch/x86 maintainers <x86@kernel.org>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Alexander Potapenko <glider@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
kasan-dev <kasan-dev@googlegroups.com>,
kernel list <linux-kernel@vger.kernel.org>,
Andrey Konovalov <andreyknvl@google.com>,
Andy Lutomirski <luto@kernel.org>,
Andi Kleen <ak@linux.intel.com>
Subject: Re: [PATCH v3 2/4] x86/traps: Print non-canonical address on #GP
Date: Wed, 20 Nov 2019 08:21:43 -0800 [thread overview]
Message-ID: <20191120162143.GB32572@linux.intel.com> (raw)
In-Reply-To: <20191120133913.GG2634@zn.tnic>
On Wed, Nov 20, 2019 at 02:39:13PM +0100, Borislav Petkov wrote:
> On Wed, Nov 20, 2019 at 02:28:30PM +0100, Ingo Molnar wrote:
> > I'd rather we not trust the decoder and the execution environment so much
> > that it never produces a 0 linear address in a #GP:
>
> I was just scratching my head whether I could trigger a #GP with address
> of 0. But yeah, I agree, let's be really cautious here. I wouldn't want
> to debug a #GP with a wrong address reported.
It's definitely possible, there are a handful of non-SIMD instructions that
generate #GP(0) it CPL=0 in 64-bit mode *and* have a memory operand. Some
of them might even be legitimately encountered in the wild.
- CMPXCHG16B if it's not supported by the CPU.
- VMXON if CR4 is misconfigured or VMX isn't enabled in FEATURE_CONTROL.
- MONITOR if ECX has an invalid hint (although MONITOR hardcodes the
address in DS:RAX and so doesn't have a ModR/M byte).
Undoudbtedly there are other instructions with similar sources of #GP.
next prev parent reply other threads:[~2019-11-20 16:21 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-20 10:36 [PATCH v3 1/4] x86/insn-eval: Add support for 64-bit kernel mode Jann Horn
2019-11-20 10:36 ` [PATCH v3 2/4] x86/traps: Print non-canonical address on #GP Jann Horn
2019-11-20 11:18 ` Ingo Molnar
2019-11-20 11:24 ` Borislav Petkov
2019-11-20 12:25 ` Jann Horn
2019-11-20 12:41 ` Borislav Petkov
2019-11-20 13:16 ` Ingo Molnar
2019-11-20 13:23 ` Jann Horn
2019-11-20 14:05 ` Ingo Molnar
2019-11-20 12:14 ` Jann Horn
2019-11-20 12:30 ` Ingo Molnar
2019-11-20 12:39 ` Borislav Petkov
2019-11-20 12:42 ` Jann Horn
2019-11-20 13:28 ` Ingo Molnar
2019-11-20 13:39 ` Borislav Petkov
2019-11-20 16:21 ` Sean Christopherson [this message]
2019-11-20 17:37 ` Borislav Petkov
2019-11-20 10:36 ` [PATCH v3 3/4] x86/dumpstack: Split out header line printing from __die() Jann Horn
2019-11-20 10:36 ` [PATCH v3 4/4] x86/kasan: Print original address on #GP Jann Horn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191120162143.GB32572@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=ak@linux.intel.com \
--cc=andreyknvl@google.com \
--cc=aryabinin@virtuozzo.com \
--cc=bp@alien8.de \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.