From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1757553AbdJKT5o (ORCPT <rfc822;w@1wt.eu>);
        Wed, 11 Oct 2017 15:57:44 -0400
Received: from mga09.intel.com ([134.134.136.24]:39602 "EHLO mga09.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1757389AbdJKT5f (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 11 Oct 2017 15:57:35 -0400
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.43,362,1503385200"; 
   d="scan'208";a="159455224"
Message-ID: <1507751821.17492.28.camel@linux.intel.com>
Subject: Re: [PATCH v9 15/29] x86/insn-eval: Add utility functions to get
 segment descriptor base address and limit
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
To: Borislav Petkov <bp@suse.de>
Cc: Ingo Molnar <mingo@redhat.com>, Thomas Gleixner <tglx@linutronix.de>,
        "H. Peter Anvin" <hpa@zytor.com>, Andy Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Brian Gerst <brgerst@gmail.com>, Chris Metcalf <cmetcalf@mellanox.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Masami Hiramatsu <mhiramat@kernel.org>, Huang Rui <ray.huang@amd.com>,
        Jiri Slaby <jslaby@suse.cz>, Jonathan Corbet <corbet@lwn.net>,
        "Michael S. Tsirkin" <mst@redhat.com>,
        Paul Gortmaker <paul.gortmaker@windriver.com>,
        Vlastimil Babka <vbabka@suse.cz>, Chen Yucong <slaoub@gmail.com>,
        "Ravi V. Shankar" <ravi.v.shankar@intel.com>,
        Shuah Khan <shuah@kernel.org>, linux-kernel@vger.kernel.org,
        x86@kernel.org, Adam Buchbinder <adam.buchbinder@gmail.com>,
        Colin Ian King <colin.king@canonical.com>,
        Lorenzo Stoakes <lstoakes@gmail.com>,
        Qiaowei Ren <qiaowei.ren@intel.com>,
        Arnaldo Carvalho de Melo <acme@redhat.com>,
        Adrian Hunter <adrian.hunter@intel.com>,
        Kees Cook <keescook@chromium.org>,
        Thomas Garnier <thgarnie@google.com>,
        Dmitry Vyukov <dvyukov@google.com>
Date: Wed, 11 Oct 2017 12:57:01 -0700
In-Reply-To: <20171011151518.i2euii23o7vmdiuo@pd.tnic>
References: <1507089272-32733-1-git-send-email-ricardo.neri-calderon@linux.intel.com>
         <1507089272-32733-16-git-send-email-ricardo.neri-calderon@linux.intel.com>
         <20171011151518.i2euii23o7vmdiuo@pd.tnic>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2017-10-11 at 17:15 +0200, Borislav Petkov wrote:
> On Tue, Oct 03, 2017 at 08:54:18PM -0700, Ricardo Neri wrote:
> > 
> > With segmentation, the base address of the segment is needed to compute a
> > linear address. This base address is obtained from the applicable segment
> > descriptor. Such segment descriptor is referenced from a segment selector.
> ...
> 
> > 
> > +unsigned long insn_get_seg_base(struct pt_regs *regs, int seg_reg_idx)
> > +{
> > +	struct desc_struct *desc;
> > +	short sel;
> > +
> > +	sel = get_segment_selector(regs, seg_reg_idx);
> > +	if (sel < 0)
> > +		return -1L;
> > +
> > +	if (v8086_mode(regs))
> > +		/*
> > +		 * Base is simply the segment selector shifted 4
> > +		 * positions to the right.
> > +		 */
> > +		return (unsigned long)(sel << 4);
> > +
> > +	if (user_64bit_mode(regs)) {
> > +		/*
> > +		 * Only FS or GS will have a base address, the rest of
> > +		 * the segments' bases are forced to 0.
> > +		 */
> > +		unsigned long base;
> > +
> > +		if (seg_reg_idx == INAT_SEG_REG_FS)
> > +			rdmsrl(MSR_FS_BASE, base);
> > +		else if (seg_reg_idx == INAT_SEG_REG_GS)
> > +			/*
> > +			 * swapgs was called at the kernel entry point.
> > Thus,
> > +			 * MSR_KERNEL_GS_BASE will have the user-space GS
> > base.
> > +			 */
> > +			rdmsrl(MSR_KERNEL_GS_BASE, base);
> > +		else if (seg_reg_idx != INAT_SEG_REG_IGNORE)
> > +			/* We should ignore the rest of segment registers.
> > */
> > +			base = -1L;
> When is that case ever possible in long mode? You either have GS/FS
> bases or 0. What's the meaning of -1L in that case?

This is meant to be an error case. In long mode, only INAT_SEG_REG_IGNORE/FS/GS
are valid. All other indices are invalid.

Perhaps we could return -EINVAL instead?

> Otherwise just minor things:
> 
> ---
> diff --git a/arch/x86/lib/insn-eval.c b/arch/x86/lib/insn-eval.c
> index 7ba5379a2923..e7e82b343bd0 100644
> --- a/arch/x86/lib/insn-eval.c
> +++ b/arch/x86/lib/insn-eval.c
> @@ -515,13 +515,13 @@ static struct desc_struct *get_desc(unsigned short sel)
>   *
>   * Obtain the base address of the segment as indicated by the segment
> descriptor
>   * pointed by the segment selector. The segment selector is obtained from the
> - * input segment register index seg_reg_idx.
> + * input segment register index @seg_reg_idx.
>   *
>   * Returns:
>   *
>   * In protected mode, base address of the segment. Zero in long mode,
>   * except when FS or GS are used. In virtual-8086 mode, the segment
> - * selector shifted 4 positions to the right.
> + * selector shifted 4 bits to the right.
>   *
>   * -1L in case of error.
>   */
> @@ -537,7 +537,7 @@ unsigned long insn_get_seg_base(struct pt_regs *regs, int
> seg_reg_idx)
>  	if (v8086_mode(regs))
>  		/*
>  		 * Base is simply the segment selector shifted 4
> -		 * positions to the right.
> +		 * bits to the right.
>  		 */
>  		return (unsigned long)(sel << 4);

Thanks! I will incorporate these changes along with your Improvements-by tag.

BR,
Ricardo