From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BFA367C for ; Wed, 17 Aug 2022 07:45:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=45RsTvvQpAn/sSf9KQMAsIEwdB3TRL9b7yAQ8edqZtc=; b=rQtLOXCrBQhDRm/70fh1y3S2/5 Zvjv3iR9bXRxOX13MCcEc+zLzE1ul+eO189lBhcYzwcTX+W1j/mi2IgUa+iUyMVGaK8aYo36zJjSY NkCmlQy650FpaTgpiFwTVE4INDiafqOmRl68kXZHmAHqlDDBq0ErZdxHYP6lyJAeElBUCv6Vt8FIY bf/z+K5QWA5XTj32dh1I+lB8Kzy9/+y9UNrjbghtVzObo1Si4ugnWoJA85F98bM8STwICsN6Huv2z pdHljpDabBsJ59lxHnBBhfJFWRny5gkRtg3Z4buBCxMiC6dFPr7tF7TLfLLlH38venKpOxQl61ZM/ T7NlV8ng==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=worktop.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1oODkH-003CgF-VP; Wed, 17 Aug 2022 07:45:46 +0000 Received: by worktop.programming.kicks-ass.net (Postfix, from userid 1000) id 4881A98007A; Wed, 17 Aug 2022 09:45:45 +0200 (CEST) Date: Wed, 17 Aug 2022 09:45:45 +0200 From: Peter Zijlstra To: Linus Torvalds Cc: Al Viro , Nathan Chancellor , Nick Desaulniers , Jeff Layton , Ilya Dryomov , ceph-devel@vger.kernel.org, Linux Kernel Mailing List , Matthew Wilcox , clang-built-linux Subject: Re: Simplify load_unaligned_zeropad() (was Re: [GIT PULL] Ceph updates for 5.20-rc1) Message-ID: References: Precedence: bulk X-Mailing-List: llvm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Tue, Aug 16, 2022 at 10:57:45AM -0700, Linus Torvalds wrote: > > > + if (insn_decode(&insn, (void *) regs->ip, len, INSN_MODE_KERN)) > > > + return false; > > > > We have insn_decode_kernel() for exactly this (very) common case. > > I did that originally, and then I undid it in disgust, because that > interface is too simple. > > In particular, it just uses MAX_INSN_SIZE blindly. Which I didn't want > to do when I actually had the instruction size. > > Yes, yes, I also check the decode size after-the-fact, but I didn't > want the decoder to even look at the invalid bytes. > > This exception case is about the data being at the end of the page, I > wanted the fixup to be aware of code being at the end of a page too. I don't want to argue this point too much; but I will anyway :-) IMO if the decoder ends up out of bounds its a decoder bug either way around. That is, we *know* there is a full instruction at the given IP because we got into this exception path. ( it would be possible to add further constraints on trapnr ) Irrespective of the length constraint given to the decoder, it should not decode/access things past this instruction (without being careful about it). Anyway, I'm fine with the patch as you have it.