public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Borislav Petkov <bp@alien8.de>
To: Andy Lutomirski <luto@kernel.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>, x86-ml <x86@kernel.org>,
	Joerg Roedel <jroedel@suse.de>,
	lkml <linux-kernel@vger.kernel.org>
Subject: Re: [RFC] Have insn decoder functions return success/failure
Date: Sat, 24 Oct 2020 10:23:16 +0200	[thread overview]
Message-ID: <20201024082316.GA11562@zn.tnic> (raw)
In-Reply-To: <CALCETrVQDVLPwTTXgsRYSjxVmzeK5ekmrEiT2rWkQKO0inRLGQ@mail.gmail.com>

On Fri, Oct 23, 2020 at 05:12:49PM -0700, Andy Lutomirski wrote:
> I disagree.  A real CPU does exactly what I'm describing.  If I stick

A real modern CPU fetches up to 32 bytes insn window which it tries
to decode etc. I don't know, though, what it does when that fetch
encounters a fault - I will have to ask people. I'm not sure it would
even try to feed a shorter stream of bytes to the decoder but lemme
ask...

> 0xcc at the end of a page and a make the next page not-present, I get
> #BP, not #PF.  But if I stick 0x0F at the end of a page and mark the
> next page not-present, I get #PF.  If we're trying to decode an
> instruction in user memory, we can kludge it by trying to fetch 15
> bytes and handling -EFAULT by fetching fewer bytes, but that's gross
> and doesn't really have the right semantics.  What we actually want is
> to fetch up to the page boundary and try to decode it.  If it's a
> valid instruction or if it's definitely invalid, we're done.
> Otherwise we fetch across the page boundary.

We can do that but why would you put all that logic in the insn decoder?
Is that use case sooo important?

I mean, it would work that way anyway *even* *now* - the insn decoder
will tell you that the insn it decoded wasn't valid and you, as a
caller, know that you didn't fetch the whole 15 bytes so that means
that you still need to fetch some more. You've got all the relevant
information.

> Eventually we should wrap this whole mess up in an insn_decode_user()
> helper that does the right thing.

Oh sure, you can do that easily. Just put the logic which determines
that it copied a shorter buffer and that it attempts to decode the
shorter buffer first in it. Yah, that can work.

> And we can then make that helper
> extra fancy by getting PKRU and EPT-hacker-execute-only right, whereas
> we currently get these cases wrong.
> 
> Does this make sense?

Sure, but you could point me to those cases so that I can get a better
idea what they do exactly.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

  parent reply	other threads:[~2020-10-24  8:23 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-20 12:02 [RFC] Have insn decoder functions return success/failure Borislav Petkov
2020-10-20 14:27 ` Masami Hiramatsu
2020-10-20 14:37   ` Borislav Petkov
2020-10-21  0:50     ` Masami Hiramatsu
2020-10-21  9:27       ` Borislav Petkov
2020-10-21 14:26         ` Masami Hiramatsu
2020-10-21 16:45           ` Borislav Petkov
2020-10-22  7:31             ` Masami Hiramatsu
2020-10-22  9:30               ` Borislav Petkov
2020-10-22 13:21                 ` Masami Hiramatsu
2020-10-22 17:58                   ` Andy Lutomirski
2020-10-23  9:20                     ` Borislav Petkov
2020-10-23  9:28                     ` Masami Hiramatsu
2020-10-23  9:32                       ` Borislav Petkov
2020-10-23 10:47                         ` Masami Hiramatsu
2020-10-23 23:27                           ` Borislav Petkov
2020-10-24  0:12                             ` Andy Lutomirski
2020-10-24  7:21                               ` Masami Hiramatsu
2020-10-24  8:23                               ` Borislav Petkov [this message]
2020-10-24 16:10                                 ` Andy Lutomirski
2020-10-27 13:42                                   ` Borislav Petkov
2020-10-28 11:36                                     ` Masami Hiramatsu
2020-10-24  7:13                             ` Masami Hiramatsu
2020-10-24  8:24                               ` Borislav Petkov
2020-10-29 12:42                             ` Borislav Petkov
2020-10-30  1:24                               ` Masami Hiramatsu
2020-10-30 13:07                                 ` Borislav Petkov
2020-10-23  9:17                   ` Borislav Petkov
2020-10-22  8:04             ` Peter Zijlstra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201024082316.GA11562@zn.tnic \
    --to=bp@alien8.de \
    --cc=jroedel@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mhiramat@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox