Re: [PATCH 1/7] x86/entry: Fix #UD vs WARN more

[Peter Zijlstra]

On Thu, Jun 18, 2020 at 12:29:50PM -0700, Andy Lutomirski wrote:
> 
> > On Jun 18, 2020, at 12:02 PM, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> > 
> > ïOn Thu, Jun 18, 2020 at 11:36:53AM -0700, Andy Lutomirski wrote:
> > 
> >> I wasn't imagining going far down the rabbit hole at all -- I think
> >> that, at most, we should cover the path for when the fault wasn't a
> >> BUG/WARN in the first place.  I admit that, for #UD in particular,
> >> this isn't a big deal, but if it were a different vector, this could
> >> matter.
> > 
> > Right, so there's 3 cases for ud2:
> > 
> > - WARN;  ud2,  bug_entry, recovers
> > - BUG;   ud2,  bug_entry, dies
> > - UBSAN; ud2, !bug_entry, dies
> 
> 4. The #UD matches an extable entry. I donât know whether this ever happens for real.

#UD yes, ud2 instruction, not so much.

> The failure is still a bit farfetched: weâd need an extable to hit in
> an inconsistent state where we blow up due to a lack of entry
> handling.

Right, by noinstr checking the instruction is actually ud2 I think we
mostly good. There really aren't that many places that emit ud2.

> But I think you might need some IRQ fiddling. With your patch, a WARN
> with IRQs on will execute the printk code with IRQs off without
> lockstep handling, and an appropriately configured debugging kernel
> may get a recursive splat.  Or if irq tracing somehow notices that
> IRQs got turned off, the warning recovery might return back to an IF=1
> context with IRQs traced as off.
> 
> So maybe also do an untraced cond_local_irq_enable()?  After all, if
> weâre trying to report a bug from IRQs on, it should be okay to have
> IRQs on while reporting it. It might even work better than having IRQs
> off.

Yes, very good point. Now I want to go look at the old code... I'll frob
something tomorrow, brain is pretty fried by now.