Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp2125529ybc; Wed, 20 Nov 2019 09:16:18 -0800 (PST) X-Google-Smtp-Source: APXvYqxvoZmP/3OMWR9ZHwnlg8GG742Hr5v35ak90gyU3Z293Q50eWGfKRQ8DQ/ivjrOqzp7xKg6 X-Received: by 2002:a05:600c:218e:: with SMTP id e14mr4332643wme.22.1574270178469; Wed, 20 Nov 2019 09:16:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574270178; cv=none; d=google.com; s=arc-20160816; b=iuFc2iUoDAjumglbja0KCAcb/oGU//XU6GbkvpliEFVBUeNG/L9e6rCguBrj34ZEAN AKgeSLr1pl5T62x4GkTWIqagfaHxVJNyGdZJYuaqwE5b98o1G8scvDdk8L4Sf3bd8xCx +Evm8v/PiLFI7sMB6IUu5D22q1EYVvkHbX83E8DeH36vmdL8URPQmkBnEmCq1+hirBai PK5ACXl5bQ8uueOfi5+qZYmsmDI5twX/JM37FIe5nRCIwI+yjaY7W0PYJLpo+W4IaqNM NlQ7PlFatf1wOhcSGDg91JldjtQMrgJsBw8AELJiwnUozr/Vc20bhvqO02rneRHO5utv vMkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=yOFfvevSyIuI2uXnhKhqs1DyN3AcbeT8ZG1uPgE2BRM=; b=vLr0A6Vr9Oq+rhEnDiPKMcrbuYn2r7oUmN8eOlroKgIA0wzxMMabtmqwjHohN7PSny DZSjmR9saI0rqYi9jVeoW/0m1y2jcB+07/ZwrNdEAltrTJJQzkEO4NMWNdI4YMIkgOEv lmHZzabB4riGrTKyFrtKpYW5y8bgV0JVQCgIdQ0TiInjF5qWfChE4/v/q2tI0h1QFRUl iWd1NJpNzHGIY8TOh93stwNexKX1iLJI2NUCG+QFEmz85Nxx0rxKYnlIBJWuEEeebxGF f005tRkCb78lBRy2tZsvw1fmQlJMQqmlBEOUWlQRWzgpO8+fXvuJm2JGn4RtROQbFcly FmJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=k0ZQSWb3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l19si18731448edj.414.2019.11.20.09.15.53; Wed, 20 Nov 2019 09:16:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=k0ZQSWb3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730197AbfKTOYq (ORCPT + 99 others); Wed, 20 Nov 2019 09:24:46 -0500 Received: from mail-ot1-f67.google.com ([209.85.210.67]:34599 "EHLO mail-ot1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727794AbfKTOYq (ORCPT ); Wed, 20 Nov 2019 09:24:46 -0500 Received: by mail-ot1-f67.google.com with SMTP id w11so1365923ote.1 for ; Wed, 20 Nov 2019 06:24:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yOFfvevSyIuI2uXnhKhqs1DyN3AcbeT8ZG1uPgE2BRM=; b=k0ZQSWb3hHNPjkhWrDg2UG82nir6GbQ/mlgsdzhvvgoMpyhvl+WwEu8779bjiQnu8g 8d5a4OB9oudrxxWTA3M+PIQA00bJVw9pxOwDdRafaWH8irq0hvJwWLtTy90novOcWX6v CG9/af+Aq5GNBsYEEFoaDEKOLIR5rG1HUXON1DMCuszitFxtWbIWH1IruF11xMCusAm/ MkvvNaQVNSiPZLyCItyHwGJN4fLJTo4NZxDPSdSBRGFV26B9h/LxHq8BmbKlc+ObLAfH 7/srbRhE9fSN4novjtVNT5vl07GAt0+CJE1hiUN05VDBx+Nl1cTrDF41FIEdcvMfgtj/ ehxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yOFfvevSyIuI2uXnhKhqs1DyN3AcbeT8ZG1uPgE2BRM=; b=NKh63KiIL+TJmJbmFIIsoY/mEIVZoJvslULuyO/WR+02Wyhv7GtL2KaYFa9pC2lAIW Z0YzPbNWvE6AE+cl96mRAFV/w8KZsoe9x8fztnDsKGmK9STUJwB5xSkWAQBhFVwl06Sc /C6UDYRNmeUU27qCDkl87bD9eivn1JkOGzG5kTpyPsqZ9TSW0LU8Qpdr3m+rvEdA9Jj0 B6F5EZlbMxqmn/ULr4fPSPsFzK6w6uv0HRKZ3W8fouv2yzwwlb4dahWJ89NIJ9/Kjc0h c0W6fNYnA68lH4Lam9YjoZ+SwKTXWyVet7shitZkBqqO52pLQN8aWcDhZTtYf9KBZo46 hGzA== X-Gm-Message-State: APjAAAVzMarg6tc9lVxtoWh/uLPy/q4vsR8rd2EMfA3MElyJghDMBhch kUNQro6fldDT5sttijQy77y9v03M7v0tdE/OvIEaUw== X-Received: by 2002:a9d:328:: with SMTP id 37mr2126736otv.228.1574259884942; Wed, 20 Nov 2019 06:24:44 -0800 (PST) MIME-Version: 1.0 References: <20191115191728.87338-1-jannh@google.com> <20191115191728.87338-2-jannh@google.com> <87lfsbfa2q.fsf@linux.intel.com> <20191120135607.GA84886@tassilo.jf.intel.com> In-Reply-To: <20191120135607.GA84886@tassilo.jf.intel.com> From: Jann Horn Date: Wed, 20 Nov 2019 15:24:17 +0100 Message-ID: Subject: Re: [PATCH v2 2/3] x86/traps: Print non-canonical address on #GP To: Andi Kleen Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , "the arch/x86 maintainers" , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , kasan-dev , kernel list , Andrey Konovalov , Andy Lutomirski , Sean Christopherson Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 20, 2019 at 2:56 PM Andi Kleen wrote: > > Is there a specific concern you have about the instruction decoder? As > > far as I can tell, all the paths of insn_get_addr_ref() only work if > > the instruction has a mod R/M byte according to the instruction > > tables, and then figures out the address based on that. While that > > means that there's a wide variety of cases in which we won't be able > > to figure out the address, I'm not aware of anything specific that is > > likely to lead to false positives. > > First there will be a lot of cases you'll just print 0, even > though 0 is canonical if there is no operand. Why would I print zeroes if there is no operand? The decoder logic returns a -1 if it can't find a mod r/m byte, which causes the #GP handler to not print any address at all. Or are you talking about some weird instruction that takes an operand that is actually ignored, or something weird like that? > Then it might be that the address is canonical, but triggers > #GP anyways (e.g. unaligned SSE) Which is an argument for printing the address even if it is canonical, as Ingo suggested, I guess. > Or it might be the wrong address if there is an operand, > there are many complex instructions that reference something > in memory, and usually do canonical checking there. In which case you'd probably usually see a canonical address in the instruction's argument, which causes the error message to not appear (in patch v2/v3) / to be different (in my current draft for patch v4). And as Ingo said over in the other thread, even if the argument is not directly the faulting address at all, it might still help with figuring out what's going on. > And some other odd cases. For example when the instruction length > exceeds 15 bytes. But this is the #GP handler. Don't overlong instructions give you #UD instead? > I know there is fuzzing for the instruction > decoder, but it might be worth double checking it handles > all of that correctly. I'm not sure how good the fuzzer's coverage > is. > > At a minimum you should probably check if the address is > actually non canonical. Maybe that's simple enough and weeds out > most cases. The patch you're commenting on does that already; quoting the patch: + /* Bail out if insn_get_addr_ref() failed or we got a kernel address. */ + if (addr_ref >= ~__VIRTUAL_MASK) + return; + + /* Bail out if the entire operand is in the canonical user half. */ + if (addr_ref + insn.opnd_bytes - 1 <= __VIRTUAL_MASK) + return; But at Ingo's request, I'm planning to change that in the v4 patch; see and .