Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp885923lqb; Wed, 29 May 2024 13:38:23 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU/kxJjbgoV7LPRvzUPpaoB7RGwrzLzUWI954KvJl6zUPcL6wOUxycpAgH4Sg/pnhChvTTe1ycF/MbFr58a5hjwLm5oD7mKZ2z16FXnyA== X-Google-Smtp-Source: AGHT+IE+eUOogu9OoFLqZnQX60eEwztAAYSuvu2cUS8niVhu1kfgrvpZ3UvjzVgB7+GSJ06b+/3T X-Received: by 2002:a05:6a00:1da9:b0:6ed:cd4c:cc1a with SMTP id d2e1a72fcca58-702310f0ee6mr178562b3a.8.1717015103072; Wed, 29 May 2024 13:38:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717015103; cv=pass; d=google.com; s=arc-20160816; b=hAe0o3KLjoMZ62zRsVyk6RCJWeLzqi227tzA8S1tCpvmI/5oDfgRis776gfsOshe/s o4+MJuC2xQ02ltq7WLAeysB+OJOF5eVelAoIH9Msqr20QAD0AV6SRKODFIaH1WgUSj/L YGBsp9ogu2FcY74f7fwHwtKxBnoaG7dBjIrFLzt94ehgw4WiCDCOEHjCk0hfoHNNH1R0 VXcB7JdTIHHDugcPipFJMRGNL5sZ0uLX/MTcxiwEFpxoW2q7KKKGC/PvqGcXgr92y+lU 94qYsLIYYEd8Ne8I/rg+eYPowdsHIUPJo/vEgt/Fejts2C1IheKq6wq6qNSyG6nsLTAy hFgQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=JsDD1NAPFioHO4gLv1AtQFDU2NR/QOFSQPXZbsUyXIQ=; fh=FsBmK3SSjHpbiD8h1P345Y7AVZspBija+AWFXN5lY8o=; b=DcJvbRDOALCDGe7pOjx4JxClU0MjCaUTCkYo89wLTojFvQor4x6eE+axnHB+EizAik xNPI6YnLLAjy5RCVQg8vUjrLBTxQeogG4e5ZhrhL/5H6ZIBgHAKWHWpzEwapH41KELo9 6sz1X/ac6CZgxCmT+VwT+C9HRY0BrekeRIMxIeNAFStiLWdzTmaEmnzdTsMcOYuYfEf/ GU61uJC6dqcNMTIx9qR+cXckMfF6xoQKHYryvXYE1or5z2ougU1/vrtuCPdimRtCtpzv KjrlKWu/nLHlwDZ9YdT2sETQNQceqXnndNHSZZc+rLbl/yK2bWjB9hYvbbZle+2Lq+w9 rGAA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=hQqn8HrJ; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-194668-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-194668-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id d2e1a72fcca58-702026843d9si2239234b3a.252.2024.05.29.13.38.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 May 2024 13:38:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-194668-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=hQqn8HrJ; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-194668-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-194668-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id C5FF2284D13 for ; Wed, 29 May 2024 20:36:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 492E11C8FA5; Wed, 29 May 2024 20:36:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hQqn8HrJ" Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD0961B960; Wed, 29 May 2024 20:36:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.178 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717015004; cv=none; b=uFUgvJ2XEXcGIt+mFzvcpV4tZtw+pjHC5OrApBxstHgzmauQoUKPFBnDRizwzE3v3OsQUtl5mRn5fNpf6NNTMAmrxHIg4GipFqjPN/M7Bt/kpWBK20UpuvguNXTweXnLbn5VPfy23IhbTI1drMpWBcFJcdNITEoq15CMnMuGavQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717015004; c=relaxed/simple; bh=KAuwmpAQlvgKVAuhQljiF3gBQKzQXSKUp3q7GZNgyAM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=qDFrBKynUVmiodS5gS3DcCDqRjo1p5FRj/4n+2TXV6lzgPkKpq4QavYWGXU1znxQRfhCzlSkT+Uki2kDEc57ASZeIV5QWFsx37u3U3+R6g53Zzb+HAt8maEfvs1tKWOEiuQPeD9trFF/zD00xPhPpHMVpuyMSEfNHjCoYwoPIWs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=hQqn8HrJ; arc=none smtp.client-ip=209.85.214.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1f480624d0dso1633685ad.1; Wed, 29 May 2024 13:36:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717015002; x=1717619802; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=JsDD1NAPFioHO4gLv1AtQFDU2NR/QOFSQPXZbsUyXIQ=; b=hQqn8HrJK04qSpdvyWYymLBpVSatbJ+nu+z3lC2FIW/XjZRpMRwszziyA4cpieiz6u k9evo/5N0omgpREvU/w3Xu5/gExMajk4tT+37+9/e9D4Nu73y9V/ob3eNplitG+Irl+n MA1G2QsRxBvedCdJHXFm1bByc/9M6IqTKQGXG+EwpuYN/2hMVWFRY17R9gy3awkfOwJI KsSs9Nwp+Ywz88eL8FUcusCV4NAasqkierHZ9Qppyo5VTktLmXs9DQo3gZQ2Z0FBoEr+ fA+TXtM3TpTHc76qXA37nV9Gn+sTAtkHSpvDOjOfnKVvPpCFUiLpPMCFjibgPKEE4pSs T9Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717015002; x=1717619802; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=JsDD1NAPFioHO4gLv1AtQFDU2NR/QOFSQPXZbsUyXIQ=; b=cjug+sf4QgfwLmvkGqV/JOdlh12DCv33MrThpnMAo9Bpop+tK2PgDq82WqnONB0KD7 8+wUmSrJxojkodmh7umaYRnBBEsqQydXN9tQLj54ZVaS0BmjnjLLN+0hlK5M+hKU3xH/ y9zY2NvfqHk4fySChBXapNabRIe14f4nqxFCWX+8VzRYvlUR/OCmVuwI+/R/BFJHq3HL 0ssTGmOXZTf3VW/Sa4KSYSPMc0GfKGQgfhQT2TzkYyFa+KuNVwDPjZM3VCpsfYb/ob2N 4G1ZXJ92mupqeD5sEykeGgYqqNHKTF/eIGoi+pzVEuyK0E0M3YUACVS/DulqYQDhNt8G cyuw== X-Forwarded-Encrypted: i=1; AJvYcCVpUppc0np4EhmU5hBvF/BEcORMS5aH5BiGsSAO4ESHHCIgFx0U0jc+VVgbvKUGOhVL+A4mvPtheqqx9+2dU0r71F8LFfrgXjtURIO1OWZFiGl23P16+b61A6nBBWDI/9+owhFH4jMOUhPiTKS6 X-Gm-Message-State: AOJu0YyWmDJcO0pwTO/JyxNqUi5Im3mVZ6uynyu8GfR+O5KaLYILST2O CTM1Phd01c6WpcH4AzI9+xRXdk1AXwQ11HLTv6sgW9l+wq2Svv3j X-Received: by 2002:a17:903:8c3:b0:1f2:f986:595d with SMTP id d9443c01a7336-1f61a4dd759mr1743215ad.66.1717015001980; Wed, 29 May 2024 13:36:41 -0700 (PDT) Received: from Gatlins-MacBook-Pro.local ([131.252.143.197]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1f44c75e579sm103603725ad.35.2024.05.29.13.36.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 May 2024 13:36:41 -0700 (PDT) Date: Wed, 29 May 2024 13:36:39 -0700 From: Gatlin Newhouse To: Marco Elver Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Kees Cook , Andrey Konovalov , Andrey Ryabinin , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Andrew Morton , Baoquan He , Rick Edgecombe , Changbin Du , Pengfei Xu , Josh Poimboeuf , Xin Li , Jason Gunthorpe , "Kirill A. Shutemov" , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-hardening@vger.kernel.org, llvm@lists.linux.dev Subject: Re: [PATCH] x86/traps: Enable UBSAN traps on x86 Message-ID: <57vgoje4bmrckwqtwnletukcnlvjpj2yp3cjlkym4bfw66a57a@w35yjzcurcis> References: <20240529022043.3661757-1-gatlin.newhouse@gmail.com> <2j6nkzn2tfdwdqhoal5o56ds2hqg2sqk5diolv23l5nzteypzh@fi53ovwjjl3w> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Wed, May 29, 2024 at 08:30:20PM UTC, Marco Elver wrote: > On Wed, 29 May 2024 at 20:17, Gatlin Newhouse wrote: > > > > On Wed, May 29, 2024 at 09:25:21AM UTC, Marco Elver wrote: > > > On Wed, 29 May 2024 at 04:20, Gatlin Newhouse wrote: > > > [...] > > > > if (regs->flags & X86_EFLAGS_IF) > > > > raw_local_irq_enable(); > > > > - if (report_bug(regs->ip, regs) == BUG_TRAP_TYPE_WARN || > > > > - handle_cfi_failure(regs) == BUG_TRAP_TYPE_WARN) { > > > > - regs->ip += LEN_UD2; > > > > - handled = true; > > > > + > > > > + if (insn == INSN_UD2) { > > > > + if (report_bug(regs->ip, regs) == BUG_TRAP_TYPE_WARN || > > > > + handle_cfi_failure(regs) == BUG_TRAP_TYPE_WARN) { > > > > + regs->ip += LEN_UD2; > > > > + handled = true; > > > > + } > > > > + } else { > > > > + if (handle_ubsan_failure(regs, insn) == BUG_TRAP_TYPE_WARN) { > > > > > > handle_ubsan_failure currently only returns BUG_TRAP_TYPE_NONE? > > > > > > > + if (insn == INSN_REX) > > > > + regs->ip += LEN_REX; > > > > + regs->ip += LEN_UD1; > > > > + handled = true; > > > > + } > > > > } > > > > if (regs->flags & X86_EFLAGS_IF) > > > > raw_local_irq_disable(); > > > > diff --git a/arch/x86/kernel/ubsan.c b/arch/x86/kernel/ubsan.c > > > > new file mode 100644 > > > > index 000000000000..6cae11f4fe23 > > > > --- /dev/null > > > > +++ b/arch/x86/kernel/ubsan.c > > > > @@ -0,0 +1,32 @@ > > > > +// SPDX-License-Identifier: GPL-2.0 > > > > +/* > > > > + * Clang Undefined Behavior Sanitizer trap mode support. > > > > + */ > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > + > > > > +/* > > > > + * Checks for the information embedded in the UD1 trap instruction > > > > + * for the UB Sanitizer in order to pass along debugging output. > > > > + */ > > > > +enum bug_trap_type handle_ubsan_failure(struct pt_regs *regs, int insn) > > > > +{ > > > > + u32 type = 0; > > > > + > > > > + if (insn == INSN_REX) { > > > > + type = (*(u16 *)(regs->ip + LEN_REX + LEN_UD1)); > > > > + if ((type & 0xFF) == 0x40) > > > > + type = (type >> 8) & 0xFF; > > > > + } else { > > > > + type = (*(u16 *)(regs->ip + LEN_UD1)); > > > > + if ((type & 0xFF) == 0x40) > > > > + type = (type >> 8) & 0xFF; > > > > + } > > > > + pr_crit("%s at %pS\n", report_ubsan_failure(regs, type), (void *)regs->ip); > > > > + > > > > + return BUG_TRAP_TYPE_NONE; > > > > +} > > > > > > Shouldn't this return BUG_TRAP_TYPE_WARN? > > > > So as far as I understand, UBSAN trap mode never warns. Perhaps it does on > > arm64, although it calls die() so I am unsure. Maybe the condition in > > handle_bug() should be rewritten in the case of UBSAN ud1s? Do you have any > > suggestions? > > AFAIK on arm64 it's basically a kernel OOPS. > > The main thing I just wanted to point out though is that your newly added branch > > > if (handle_ubsan_failure(regs, insn) == BUG_TRAP_TYPE_WARN) { > > will never be taken, because I don't see where handle_ubsan_failure() > returns BUG_TRAP_TYPE_WARN. > Initially I wrote this with some symmetry to the KCFI checks nearby, but I was unsure if this would be considered handled or not. > > That means 'handled' will be false, and the code in exc_invalid_op > will proceed to call handle_invalid_op() which is probably not what > you intended - i.e. it's definitely not BUG_TRAP_TYPE_NONE, but one of > TYPE_WARN of TYPE_BUG. > This remains a question to me as to whether it should be considered handled or not. Which is why I'm happy to change this branch which is never taken to something else that still outputs the UBSAN type information before calling handle_invalid_op(). > > Did you test it and you got the behaviour you expected? > Testing with LKDTM provided the output I expected. The UBSAN type information along with file and offsets are output before an illegal op and trace.