| Message ID | 20200211135256.24617-39-joro@8bytes.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Linux as SEV-ES Guest Support | expand |
On Tue, Feb 11, 2020 at 5:53 AM Joerg Roedel <joro@8bytes.org> wrote: > > From: Joerg Roedel <jroedel@suse.de> > > When a #VC exception is triggered by user-space the instruction > decoder needs to read the instruction bytes from user addresses. > Enhance es_fetch_insn_byte() to safely fetch kernel and user > instruction bytes. I realize that this is a somewhat arbitrary point in the series to complain about this, but: the kernel already has infrastructure to decode and fix up an instruction-based exception. See fixup_umip_exception(). Please refactor code so that you can share the same infrastructure rather than creating an entirely new thing. FWIW, the fixup_umip_exception() code seems to have much more robust segment handling than yours :) --Andy
On Wed, Feb 12, 2020 at 01:42:48PM -0800, Andy Lutomirski wrote: > I realize that this is a somewhat arbitrary point in the series to > complain about this, but: the kernel already has infrastructure to > decode and fix up an instruction-based exception. See > fixup_umip_exception(). Please refactor code so that you can share > the same infrastructure rather than creating an entirely new thing. Okay, but 'infrastructure' is a bold word for the call path down fixup_umip_exception(). It uses the in-kernel instruction decoder, which I already use in my patch-set. But I agree that some code in this patch-set is duplicated and already present in the instruction decoder, and that fixup_umip_exception() has more robust instruction decoding. I factor the instruction decoding part out and make is usable for the #VC handler too and remove the code that is already present in the instruction decoder. Regards, Joerg
On Fri, Mar 13, 2020 at 2:12 AM Joerg Roedel <jroedel@suse.de> wrote: > > On Wed, Feb 12, 2020 at 01:42:48PM -0800, Andy Lutomirski wrote: > > I realize that this is a somewhat arbitrary point in the series to > > complain about this, but: the kernel already has infrastructure to > > decode and fix up an instruction-based exception. See > > fixup_umip_exception(). Please refactor code so that you can share > > the same infrastructure rather than creating an entirely new thing. > > Okay, but 'infrastructure' is a bold word for the call path down > fixup_umip_exception(). I won't argue with that. > It uses the in-kernel instruction decoder, which > I already use in my patch-set. But I agree that some code in this > patch-set is duplicated and already present in the instruction decoder, > and that fixup_umip_exception() has more robust instruction decoding. > > I factor the instruction decoding part out and make is usable for the > #VC handler too and remove the code that is already present in the > instruction decoder. Thanks! > > Regards, > > Joerg >
diff --git a/arch/x86/kernel/sev-es.c b/arch/x86/kernel/sev-es.c index 2a801919e7c0..f5bff4219f6f 100644 --- a/arch/x86/kernel/sev-es.c +++ b/arch/x86/kernel/sev-es.c @@ -61,13 +61,29 @@ static enum es_result es_fetch_insn_byte(struct es_em_ctxt *ctxt, unsigned int offset, char *buffer) { - char *rip = (char *)ctxt->regs->ip; - - /* More checks are needed when we boot to user-space */ - if (!check_kernel(ctxt->regs)) - return ES_UNSUPPORTED; - - buffer[offset] = rip[offset]; + if (user_mode(ctxt->regs)) { + unsigned long addr = ctxt->regs->ip + offset; + char __user *rip = (char __user *)addr; + + if (unlikely(addr >= TASK_SIZE_MAX)) + return ES_UNSUPPORTED; + + if (copy_from_user(buffer + offset, rip, 1)) { + ctxt->fi.vector = X86_TRAP_PF; + ctxt->fi.cr2 = addr; + ctxt->fi.error_code = X86_PF_INSTR | X86_PF_USER; + return ES_EXCEPTION; + } + } else { + char *rip = (char *)ctxt->regs->ip + offset; + + if (probe_kernel_read(buffer + offset, rip, 1) != 0) { + ctxt->fi.vector = X86_TRAP_PF; + ctxt->fi.cr2 = (unsigned long)rip; + ctxt->fi.error_code = X86_PF_INSTR; + return ES_EXCEPTION; + } + } return ES_OK; }