From: "H. Peter Anvin" <hpa@zytor.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Dave Hansen <dave.hansen@intel.com>,
Qiaowei Ren <qiaowei.ren@intel.com>,
Ingo Molnar <mingo@redhat.com>,
x86@kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v8 07/10] x86, mpx: decode MPX instruction to get bound violation information
Date: Fri, 12 Sep 2014 06:39:55 -0700 [thread overview]
Message-ID: <5412F7AB.5040901@zytor.com> (raw)
In-Reply-To: <alpine.DEB.2.10.1409121238290.4178@nanos>
On 09/12/2014 06:10 AM, Thomas Gleixner wrote:
>>
>> I'm not wedded to that concept, by the way, but using the generic parser had a
>> whole bunch of its own problems, including the fact that you're getting bytes
>> from user space.
>
> Errm. The instruction decoder does not even know about user space.
>
> u8 buf[MAX_INSN_SIZE];
>
> memset(buf, 0, MAX_INSN_SIZE);
> if (copy_from_user(buf, addr, MAX_INSN_SIZE))
> return 0;
>
> insn_init(insn, buf, is_64bit(current));
>
> /* Process the entire instruction */
> insn_get_length(insn);
>
> /* Decode the faulting address */
> return mpx_get_addr(insn, regs);
>
> I really can't see why that should not work. insn_get_length()
> retrieves exactly the information which is required to call
> mpx_get_addr().
>
> Sure it might be a bit slower because the generic decoder does a bit
> more than the mpx private sauce, but this happens in the context of a
> bounds violation and it really does not matter at all whether SIGSEGV
> is delivered 5 microseconds later or not.
>
> The only difference is the insn->limit handling in the MPX
> decoder. The existing decoder has a limit check of:
>
> #define MAX_INSN_SIZE 16
>
> and MPX private one makes that
>
> #define MAX_MPX_INSN_SIZE 15
>
> and limits it runtime further to:
>
> MAX_MPX_INSN_SIZE - bytes_not_copied_from_user_space;
>
> This is beyond silly, really. If we cannot copy 16 bytes from user
> space, why bother in dealing with a partial copy at all.
>
The correct limit is 15 bytes, not anything else, so this is a bug in
the existing decoder. A sequence of bytes longer than 15 bytes will
#UD, regardless of being "otherwise valid".
Keep in mind the instruction may not be aligned, and you could fit an
instruction plus a jump and still overrun a page in 15 bytes.
> Aside of that the existing decoder handles the 32bit app on a 64bit
> kernel already correctly while the extra magic MPX decoder does
> not. It just adds some magically optimized and different copy of the
> existing decoder for exactly ZERO value.
>
>> It might be worthwhile to compare the older patchset which did use the generic
>> parser to make sure that it actually made sense.
>
> I can't find such a thing. The first version I found contains an even
> more convoluted private parser. Intelnal mail perhaps?
Yes, I suspect so.
-hpa
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: "H. Peter Anvin" <hpa@zytor.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Dave Hansen <dave.hansen@intel.com>,
Qiaowei Ren <qiaowei.ren@intel.com>,
Ingo Molnar <mingo@redhat.com>,
x86@kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v8 07/10] x86, mpx: decode MPX instruction to get bound violation information
Date: Fri, 12 Sep 2014 06:39:55 -0700 [thread overview]
Message-ID: <5412F7AB.5040901@zytor.com> (raw)
In-Reply-To: <alpine.DEB.2.10.1409121238290.4178@nanos>
On 09/12/2014 06:10 AM, Thomas Gleixner wrote:
>>
>> I'm not wedded to that concept, by the way, but using the generic parser had a
>> whole bunch of its own problems, including the fact that you're getting bytes
>> from user space.
>
> Errm. The instruction decoder does not even know about user space.
>
> u8 buf[MAX_INSN_SIZE];
>
> memset(buf, 0, MAX_INSN_SIZE);
> if (copy_from_user(buf, addr, MAX_INSN_SIZE))
> return 0;
>
> insn_init(insn, buf, is_64bit(current));
>
> /* Process the entire instruction */
> insn_get_length(insn);
>
> /* Decode the faulting address */
> return mpx_get_addr(insn, regs);
>
> I really can't see why that should not work. insn_get_length()
> retrieves exactly the information which is required to call
> mpx_get_addr().
>
> Sure it might be a bit slower because the generic decoder does a bit
> more than the mpx private sauce, but this happens in the context of a
> bounds violation and it really does not matter at all whether SIGSEGV
> is delivered 5 microseconds later or not.
>
> The only difference is the insn->limit handling in the MPX
> decoder. The existing decoder has a limit check of:
>
> #define MAX_INSN_SIZE 16
>
> and MPX private one makes that
>
> #define MAX_MPX_INSN_SIZE 15
>
> and limits it runtime further to:
>
> MAX_MPX_INSN_SIZE - bytes_not_copied_from_user_space;
>
> This is beyond silly, really. If we cannot copy 16 bytes from user
> space, why bother in dealing with a partial copy at all.
>
The correct limit is 15 bytes, not anything else, so this is a bug in
the existing decoder. A sequence of bytes longer than 15 bytes will
#UD, regardless of being "otherwise valid".
Keep in mind the instruction may not be aligned, and you could fit an
instruction plus a jump and still overrun a page in 15 bytes.
> Aside of that the existing decoder handles the 32bit app on a 64bit
> kernel already correctly while the extra magic MPX decoder does
> not. It just adds some magically optimized and different copy of the
> existing decoder for exactly ZERO value.
>
>> It might be worthwhile to compare the older patchset which did use the generic
>> parser to make sure that it actually made sense.
>
> I can't find such a thing. The first version I found contains an even
> more convoluted private parser. Intelnal mail perhaps?
Yes, I suspect so.
-hpa
next prev parent reply other threads:[~2014-09-12 13:40 UTC|newest]
Thread overview: 130+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-11 8:46 [PATCH v8 00/10] Intel MPX support Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 8:46 ` [PATCH v8 01/10] x86, mpx: introduce VM_MPX to indicate that a VMA is MPX specific Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 8:46 ` [PATCH v8 02/10] x86, mpx: add MPX specific mmap interface Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 8:46 ` [PATCH v8 03/10] x86, mpx: add macro cpu_has_mpx Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 8:46 ` [PATCH v8 04/10] x86, mpx: hook #BR exception handler to allocate bound tables Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-12 22:58 ` Dave Hansen
2014-09-12 22:58 ` Dave Hansen
2014-09-13 7:24 ` Ren, Qiaowei
2014-09-13 7:24 ` Ren, Qiaowei
2014-09-24 14:40 ` Dave Hansen
2014-09-24 14:40 ` Dave Hansen
2014-09-11 8:46 ` [PATCH v8 05/10] x86, mpx: extend siginfo structure to include bound violation information Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 8:46 ` [PATCH v8 06/10] mips: sync struct siginfo with general version Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 22:13 ` Thomas Gleixner
2014-09-11 22:13 ` Thomas Gleixner
2014-09-12 2:54 ` Ren, Qiaowei
2014-09-12 2:54 ` Ren, Qiaowei
2014-09-12 8:17 ` Thomas Gleixner
2014-09-12 8:17 ` Thomas Gleixner
2014-09-13 7:13 ` Ren, Qiaowei
2014-09-13 7:13 ` Ren, Qiaowei
2014-09-11 8:46 ` [PATCH v8 07/10] x86, mpx: decode MPX instruction to get bound violation information Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 22:18 ` Thomas Gleixner
2014-09-11 22:18 ` Thomas Gleixner
2014-09-11 22:32 ` Dave Hansen
2014-09-11 22:32 ` Dave Hansen
2014-09-11 22:35 ` H. Peter Anvin
2014-09-11 22:35 ` H. Peter Anvin
2014-09-11 23:37 ` Thomas Gleixner
2014-09-11 23:37 ` Thomas Gleixner
2014-09-12 4:44 ` H. Peter Anvin
2014-09-12 4:44 ` H. Peter Anvin
2014-09-12 13:10 ` Thomas Gleixner
2014-09-12 13:10 ` Thomas Gleixner
2014-09-12 13:39 ` H. Peter Anvin [this message]
2014-09-12 13:39 ` H. Peter Anvin
2014-09-12 17:48 ` Thomas Gleixner
2014-09-12 17:48 ` Thomas Gleixner
2014-09-12 17:52 ` Thomas Gleixner
2014-09-12 17:52 ` Thomas Gleixner
2014-09-12 19:07 ` H. Peter Anvin
2014-09-12 19:07 ` H. Peter Anvin
2014-09-11 8:46 ` [PATCH v8 08/10] x86, mpx: add prctl commands PR_MPX_REGISTER, PR_MPX_UNREGISTER Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 15:03 ` Dave Hansen
2014-09-11 15:03 ` Dave Hansen
2014-09-12 3:10 ` Ren, Qiaowei
2014-09-12 3:10 ` Ren, Qiaowei
2014-09-11 23:28 ` Thomas Gleixner
2014-09-11 23:28 ` Thomas Gleixner
2014-09-12 0:10 ` Dave Hansen
2014-09-12 0:10 ` Dave Hansen
2014-09-12 8:11 ` Thomas Gleixner
2014-09-12 8:11 ` Thomas Gleixner
2014-09-12 9:24 ` Thomas Gleixner
2014-09-12 9:24 ` Thomas Gleixner
2014-09-12 14:36 ` Dave Hansen
2014-09-12 14:36 ` Dave Hansen
2014-09-12 17:34 ` Thomas Gleixner
2014-09-12 17:34 ` Thomas Gleixner
2014-09-12 18:42 ` Thomas Gleixner
2014-09-12 18:42 ` Thomas Gleixner
2014-09-12 20:35 ` Dave Hansen
2014-09-12 20:35 ` Dave Hansen
2014-09-12 20:18 ` Dave Hansen
2014-09-12 20:18 ` Dave Hansen
2014-09-13 9:01 ` Thomas Gleixner
2014-09-13 9:01 ` Thomas Gleixner
2014-09-12 15:22 ` Dave Hansen
2014-09-12 15:22 ` Dave Hansen
2014-09-12 17:42 ` Thomas Gleixner
2014-09-12 17:42 ` Thomas Gleixner
2014-09-12 20:33 ` Dave Hansen
2014-09-12 20:33 ` Dave Hansen
2014-09-15 0:00 ` One Thousand Gnomes
2014-09-15 0:00 ` One Thousand Gnomes
2014-09-16 3:20 ` Ren, Qiaowei
2014-09-16 3:20 ` Ren, Qiaowei
2014-09-16 4:17 ` Dave Hansen
2014-09-16 4:17 ` Dave Hansen
2014-09-16 7:50 ` Kevin Easton
2014-09-16 7:50 ` Kevin Easton
2014-09-18 0:40 ` Ren, Qiaowei
2014-09-18 0:40 ` Ren, Qiaowei
2014-09-18 3:23 ` Kevin Easton
2014-09-18 3:23 ` Kevin Easton
2014-09-18 2:37 ` Ren, Qiaowei
2014-09-18 2:37 ` Ren, Qiaowei
2014-09-18 4:43 ` Dave Hansen
2014-09-18 4:43 ` Dave Hansen
2014-09-18 7:17 ` Kevin Easton
2014-09-18 7:17 ` Kevin Easton
2014-09-18 6:20 ` Dave Hansen
2014-09-18 6:20 ` Dave Hansen
2014-09-11 8:46 ` [PATCH v8 09/10] x86, mpx: cleanup unused bound tables Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 14:59 ` Dave Hansen
2014-09-11 14:59 ` Dave Hansen
2014-09-12 3:02 ` Ren, Qiaowei
2014-09-12 3:02 ` Ren, Qiaowei
2014-09-12 4:59 ` Dave Hansen
2014-09-12 4:59 ` Dave Hansen
2014-09-15 20:53 ` Dave Hansen
2014-09-15 20:53 ` Dave Hansen
2014-09-16 8:06 ` Ren, Qiaowei
2014-09-16 8:06 ` Ren, Qiaowei
2014-09-11 8:46 ` [PATCH v8 10/10] x86, mpx: add documentation on Intel MPX Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-12 0:51 ` [PATCH v8 00/10] Intel MPX support Dave Hansen
2014-09-12 0:51 ` Dave Hansen
2014-09-12 19:21 ` Thomas Gleixner
2014-09-12 19:21 ` Thomas Gleixner
2014-09-12 21:23 ` Dave Hansen
2014-09-12 21:23 ` Dave Hansen
2014-09-13 9:25 ` Thomas Gleixner
2014-09-13 9:25 ` Thomas Gleixner
2014-09-12 21:31 ` Dave Hansen
2014-09-12 21:31 ` Dave Hansen
2014-09-12 22:08 ` Dave Hansen
2014-09-12 22:08 ` Dave Hansen
2014-09-13 9:39 ` Thomas Gleixner
2014-09-13 9:39 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5412F7AB.5040901@zytor.com \
--to=hpa@zytor.com \
--cc=dave.hansen@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=qiaowei.ren@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.