linux/arch/x86/lib
Dave Hansen 6ba48ff46f x86: Remove arbitrary instruction size limit in instruction decoder
The current x86 instruction decoder steps along through the
instruction stream but always ensures that it never steps farther
than the largest possible instruction size (MAX_INSN_SIZE).

The MPX code is now going to be doing some decoding of userspace
instructions.  We copy those from userspace in to the kernel and
they're obviously completely untrusted coming from userspace.  In
addition to the constraint that instructions can only be so long,
we also have to be aware of how long the buffer is that came in
from userspace.  This _looks_ to be similar to what the perf and
kprobes is doing, but it's unclear to me whether they are
affected.

The whole reason we need this is that it is perfectly valid to be
executing an instruction within MAX_INSN_SIZE bytes of an
unreadable page. We should be able to gracefully handle short
reads in those cases.

This adds support to the decoder to record how long the buffer
being decoded is and to refuse to "validate" the instruction if
we would have gone over the end of the buffer to decode it.

The kprobes code probably needs to be looked at here a bit more
carefully.  This patch still respects the MAX_INSN_SIZE limit
there but the kprobes code does look like it might be able to
be a bit more strict than it currently is.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Jim Keniston <jkenisto@us.ibm.com>
Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: x86@kernel.org
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Link: http://lkml.kernel.org/r/20141114153957.E6B01535@viggo.jf.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-18 00:58:52 +01:00
..
.gitignore
atomic64_32.c x86: Adjust asm constraints in atomic64 wrappers 2012-01-20 17:29:31 -08:00
atomic64_386_32.S x86: atomic64 assembly improvements 2012-01-20 17:29:49 -08:00
atomic64_cx8_32.S x86: atomic64 assembly improvements 2012-01-20 17:29:49 -08:00
cache-smp.c x86, lib: Add wbinvd smp helpers 2010-01-22 16:05:42 -08:00
checksum_32.S x86/lib: Fix spelling, put space between a numeral and its units 2013-04-15 11:40:32 +02:00
clear_page_64.S x86, mem: clear_page_64.S: Support clear_page() with enhanced REP MOVSB/STOSB 2011-05-17 15:40:27 -07:00
cmdline.c x86, boot: Carve out early cmdline parsing function 2014-05-20 20:21:24 -07:00
cmpxchg8b_emu.S x86: Improve cmpxchg8b_emu.S 2014-10-08 10:05:49 +02:00
cmpxchg16b_emu.S x86: Improve cmpxchg16b_emu.S 2014-10-08 10:05:49 +02:00
copy_page_64.S x86/asm: Clean up copy_page_*() comments and code 2012-10-24 12:42:47 +02:00
copy_user_64.S x86-64, copy_user: Use leal to produce 32-bit results 2013-11-20 13:57:07 -08:00
copy_user_nocache_64.S x86, smap: Add STAC and CLAC instructions to control user space access 2012-09-21 12:45:27 -07:00
csum-copy_64.S x86, extable: Remove open-coded exception table entries in arch/x86/lib/csum-copy_64.S 2012-04-20 13:51:39 -07:00
csum-partial_64.c x86: Fix common misspellings 2011-03-18 10:39:30 +01:00
csum-wrappers_64.c x86, smap: Handle csum_partial_copy_*_user() 2013-09-01 14:09:48 -07:00
delay.c x86: Delete non-required instances of include <linux/init.h> 2014-01-06 21:25:18 -08:00
getuser.S x86: Be consistent with data size in getuser.S 2013-02-11 23:14:48 -08:00
hash.c x86, hash: Simplify switch, add __init annotation 2014-03-19 16:51:04 -07:00
inat.c x86: Fix to decode grouped AVX with VEX pp bits 2012-02-11 15:11:35 +01:00
insn.c x86: Remove arbitrary instruction size limit in instruction decoder 2014-11-18 00:58:52 +01:00
iomap_copy_64.S
Makefile Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-10-13 18:14:50 +02:00
memcpy_32.c asmlinkage, x86: Fix 32bit memcpy for LTO 2014-02-13 18:14:46 -08:00
memcpy_64.S x86/lib: Fix spelling, put space between a numeral and its units 2013-04-15 11:40:32 +02:00
memmove_64.S x86/lib: Fix spelling, put space between a numeral and its units 2013-04-15 11:40:32 +02:00
memset_64.S x86-64: Fix memset() to support sizes of 4Gb and above 2012-01-26 11:50:04 +01:00
misc.c x86/boot: Further compress CPUs bootup message 2013-10-01 10:52:30 +02:00
mmx_32.c
msr-reg-export.c x86, pvops: Remove hooks for {rd,wr}msr_safe_regs 2012-06-07 11:41:08 -07:00
msr-reg.S x86, pvops: Remove hooks for {rd,wr}msr_safe_regs 2012-06-07 11:41:08 -07:00
msr-smp.c x86 / msr: add 64bit _on_cpu access functions 2013-10-17 00:36:06 +02:00
msr.c x86: Fix typo preventing msr_set/clear_bit from having an effect 2014-05-09 08:42:32 -07:00
putuser.S x86, smap: Add STAC and CLAC instructions to control user space access 2012-09-21 12:45:27 -07:00
rwsem.S x86: Unify rwsem assembly implementation 2011-07-21 09:03:32 +02:00
string_32.c x86/i386: Use less assembly in strlen(), speed things up a bit 2011-12-12 18:33:42 +01:00
strstr_32.c
thunk_32.S x86: Unwind-annotate thunk_32.S 2014-10-08 12:31:45 +02:00
thunk_64.S x86: Speed up ___preempt_schedule*() by using THUNK helpers 2014-09-24 15:15:38 +02:00
usercopy_32.c x86: Unify copy_to_user() and add size checking to it 2013-10-26 12:27:37 +02:00
usercopy_64.c x86, asmlinkage: Make several variables used from assembler/linker script visible 2013-08-06 14:20:13 -07:00
usercopy.c perf: Fix arch_perf_out_copy_user default 2013-11-06 12:34:25 +01:00
x86-opcode-map.txt x86, mpx: Add MPX related opcodes to the x86 opcode map 2014-01-17 11:04:09 -08:00