Re: [PATCH v9 15/29] x86/insn-eval: Add utility functions to get segment descriptor base address and limit

From: Ricardo Neri
Date: Wed Oct 11 2017 - 21:24:42 EST

Next message: Richard Guy Briggs: "Re: [PATCH ALT4 V3 1/2] audit: show fstype:pathname for entries with anonymous parents"
Previous message: Boqun Feng: "Re: Linux-kernel examples for LKMM recipes"
In reply to: Borislav Petkov: "Re: [PATCH v9 15/29] x86/insn-eval: Add utility functions to get segment descriptor base address and limit"
Next in thread: Borislav Petkov: "Re: [PATCH v9 15/29] x86/insn-eval: Add utility functions to get segment descriptor base address and limit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2017-10-11 at 22:16 +0200, Borislav Petkov wrote:
> On Wed, Oct 11, 2017 at 12:57:01PM -0700, Ricardo Neri wrote:
> >
> > This is meant to be an error case. In long mode,
> > onlyÂINAT_SEG_REG_IGNORE/FS/GS
> > are valid. All other indices are invalid.
> >
> > Perhaps we could return -EINVAL instead?
> So, my question is, when are you ever going to have that case? What
> constellation of events would ever hit this else branch for long mode?
> Because it looks impossible to me. What I can imagine only is something
> like this:
>
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂelse if (seg_reg != INAT_SEG_REG_IGNORE)
> WARN_ONCE(1, "This should never happen!\n");
>
> assertion.

To clarify, I think you meanÂseg_reg_idx.

Yes, it would be impossible to hit this else branch provided that callers don't
attempt to use an invalidÂseg_reg_idx while in long mode. Probably this is not
critical as this is a static function and as such we control who can call it and
make sureÂseg_reg_idx is always valid (i.e.,ÂINAT_SEG_REG_IGNORE/FS/GS in long
mode).

> But you don't really need that - you can simply ignore seg_reg in that
> case:
>
> ÂÂÂÂÂÂÂÂif (user_64bit_mode(regs)) {
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ/*
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ* Only FS or GS will have a base address, the rest of
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ* the segments' bases are forced to 0.
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ*/
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂunsigned long base;
>
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂif (seg_reg == INAT_SEG_REG_FS)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂrdmsrl(MSR_FS_BASE, base);
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂelse if (seg_reg == INAT_SEG_REG_GS)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ/*
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ* swapgs was called at the kernel entry point. Thus,
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ* MSR_KERNEL_GS_BASE will have the user-space GS
> base.
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ*/
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂrdmsrl(MSR_KERNEL_GS_BASE, base);
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂelse
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂbase = 0;
>
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂreturn base;
> ÂÂÂÂÂÂÂÂ}
>
> Or am I missing something?

My intention is to let the caller know about the invalid seg_reg_idx instead of
silently correcting the caller's input by ignoringÂseg_reg_idx.

On the other hand, in long mode, hardware ignore all segment registers except FS
and GS.

Hence, I guess I can remove the check in question.

Thanks and BR,
Ricardo

Next message: Richard Guy Briggs: "Re: [PATCH ALT4 V3 1/2] audit: show fstype:pathname for entries with anonymous parents"
Previous message: Boqun Feng: "Re: Linux-kernel examples for LKMM recipes"
In reply to: Borislav Petkov: "Re: [PATCH v9 15/29] x86/insn-eval: Add utility functions to get segment descriptor base address and limit"
Next in thread: Borislav Petkov: "Re: [PATCH v9 15/29] x86/insn-eval: Add utility functions to get segment descriptor base address and limit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]