Re: [RESEND PATCH v2 4/4] x86/umip: Warn if UMIP-protected instructions are used

From: Ingo Molnar
Date: Tue Nov 14 2017 - 02:34:19 EST

Next message: Peter Zijlstra: "Re: [PATCH v4 2/4] KVM: X86: Add paravirt remote TLB flush"
Previous message: Kang, Luwei: "RE: [patch v2 3/8] KVM: x86: add Intel processor trace virtualization mode"
In reply to: Ricardo Neri: "[RESEND PATCH v2 4/4] x86/umip: Warn if UMIP-protected instructions are used"
Next in thread: Ricardo Neri: "Re: [RESEND PATCH v2 4/4] x86/umip: Warn if UMIP-protected instructions are used"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Ricardo Neri <ricardo.neri-calderon@xxxxxxxxxxxxxxx> wrote:

> +const char * const umip_insns[5] = {
> + [UMIP_INST_SGDT] = "sgdt",
> + [UMIP_INST_SIDT] = "sidt",
> + [UMIP_INST_SMSW] = "smsw",
> + [UMIP_INST_SLDT] = "sldt",
> + [UMIP_INST_STR] = "str",
> +};

Sigh ...

> +/*
> + * If you change these strings, ensure that buffers using them are sufficiently
> + * large.
> + */
> +static const char umip_warn_use[] = "cannot be used by applications.";
> +static const char umip_warn_emu[] = "For now, expensive software emulation returns result.";

Please use the string literals directly, don't add an extra obfuscation layer.

Plus:

> + unsigned char buf[MAX_INSN_SIZE], warn[128];

> + snprintf(warn, sizeof(warn), "%s %s", umip_insns[umip_inst],
> + umip_warn_use);

This is incredibly fragile against future buffer overflows, and warning about it
in comments does not make it less fragile!

Thanks,

Ingo

Next message: Peter Zijlstra: "Re: [PATCH v4 2/4] KVM: X86: Add paravirt remote TLB flush"
Previous message: Kang, Luwei: "RE: [patch v2 3/8] KVM: x86: add Intel processor trace virtualization mode"
In reply to: Ricardo Neri: "[RESEND PATCH v2 4/4] x86/umip: Warn if UMIP-protected instructions are used"
Next in thread: Ricardo Neri: "Re: [RESEND PATCH v2 4/4] x86/umip: Warn if UMIP-protected instructions are used"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]