Received: by 2002:a05:6520:4211:b029:f4:110d:56bc with SMTP id o17csp1552233lkv; Wed, 19 May 2021 12:35:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwkMXDo2+4nxN1cMAV8vj/L4sWp1Ej6lwbx7aZDngtPTBQQ+qXmPmxteUR/KEXuxJiAa5XQ X-Received: by 2002:a05:6402:111a:: with SMTP id u26mr693650edv.260.1621452952207; Wed, 19 May 2021 12:35:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621452952; cv=none; d=google.com; s=arc-20160816; b=qTpl7W0NX+BbaHzAE1x//PqjpkgXRuJBsu2TVTsUgpL0gzLmBTMIriYecg563jEvuk HroWHotKNN2DNrQQ23G9TTFmD4OI3/gtS9oXuQ9IroifDmX18rkPCQwVp6XV4zOoL/xZ CnAa5tQaJB+N5GCLnAfAjaCsxcvxcx8ViN2WOxuJbeUL4KFolJp7C+QXX/4qvvBiJTEj tpDMsWtdeUPvIiCQnC/c9ACMo5orsKUDxvHg4Dk2XDZfEqBnyFIfFOi5/VjUMFpvG4BU NF/YjHD+YZ/7sIVDK8IC6f9VNVwd9mgrEuQow2D3qj7Ew0x4SGjwL1MpwPGzdVctJBlQ lyYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=zVkIV0RziscApFFR8vCxlsh12Etnk6CMd2asOnf2dUQ=; b=u2UlhzkrQ9yXJvQUq/1a3Qk7yC+FEJLyK+H05ueI6T7tCZmoEN8ld/r9Y76QeCQdVF lRCYxmAtYeLneoJPe/WhBjkW+VfLXZolCX3f2s4UEsUu8wTWaDtxrRZsZqItlx2a7sdc pZPQaq32xaSg64oGtth5acQn0qAb6Vcn72TkmOXHkWEQh393xpWAfoGTeHX7pOr7KhLI dm58DUBtUQ3wSAF92F++G9B5rcSONG3NUGUlfXJE7W8u08qP1GyKKVFlSuellucgogKo JPjLWaWos/yIewQW7prVzL94uQnlNONLPItHd0mgiOPOQ3g1+j9s4uEfhqXRcWQr3Ea/ TUyg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c16si106364ede.83.2021.05.19.12.35.25; Wed, 19 May 2021 12:35:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241584AbhESNSD (ORCPT + 99 others); Wed, 19 May 2021 09:18:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235765AbhESNSC (ORCPT ); Wed, 19 May 2021 09:18:02 -0400 Received: from theia.8bytes.org (8bytes.org [IPv6:2a01:238:4383:600:38bc:a715:4b6d:a889]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43F9CC06175F; Wed, 19 May 2021 06:16:42 -0700 (PDT) Received: by theia.8bytes.org (Postfix, from userid 1000) id 63C252FA; Wed, 19 May 2021 15:16:39 +0200 (CEST) Date: Wed, 19 May 2021 15:16:38 +0200 From: Joerg Roedel To: Sean Christopherson Cc: x86@kernel.org, Hyunwook Baek , Joerg Roedel , stable@vger.kernel.org, hpa@zytor.com, Andy Lutomirski , Dave Hansen , Peter Zijlstra , Jiri Slaby , Dan Williams , Tom Lendacky , Juergen Gross , Kees Cook , David Rientjes , Cfir Cohen , Erdem Aktas , Masami Hiramatsu , Mike Stunes , Martin Radev , Arvind Sankar , linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: Re: [PATCH 2/6] x86/sev-es: Forward page-faults which happen during emulation Message-ID: References: <20210512075445.18935-1-joro@8bytes.org> <20210512075445.18935-3-joro@8bytes.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Sean, On Wed, May 12, 2021 at 05:31:03PM +0000, Sean Christopherson wrote: > This got me looking at the flows that "inject" #PF, and I'm pretty sure there > are bugs in __vc_decode_user_insn() + insn_get_effective_ip(). > > Problem #1: __vc_decode_user_insn() assumes a #PF if insn_fetch_from_user_inatomic() > fails, but the majority of failure cases in insn_get_seg_base() are #GPs, not #PF. > > res = insn_fetch_from_user_inatomic(ctxt->regs, buffer); > if (!res) { > ctxt->fi.vector = X86_TRAP_PF; > ctxt->fi.error_code = X86_PF_INSTR | X86_PF_USER; > ctxt->fi.cr2 = ctxt->regs->ip; > return ES_EXCEPTION; > } > > Problem #2: Using '0' as an error code means a legitimate effective IP of '0' > will be misinterpreted as a failure. Practically speaking, I highly doubt anyone > will ever actually run code at address 0, but it's technically possible. The > most robust approach would be to pass a pointer to @ip and return an actual error > code. Using a non-canonical magic value might also work, but that could run afoul > of future shenanigans like LAM. > > ip = insn_get_effective_ip(regs); > if (!ip) > return 0; Your observations are all correct. I put some changes onto this patch-set to fix these problems. Regards, Joerg