• Dave Hansen's avatar
    x86: Remove arbitrary instruction size limit in instruction decoder · 6ba48ff4
    Dave Hansen authored
    The current x86 instruction decoder steps along through the
    instruction stream but always ensures that it never steps farther
    than the largest possible instruction size (MAX_INSN_SIZE).
    
    The MPX code is now going to be doing some decoding of userspace
    instructions.  We copy those from userspace in to the kernel and
    they're obviously completely untrusted coming from userspace.  In
    addition to the constraint that instructions can only be so long,
    we also have to be aware of how long the buffer is that came in
    from userspace.  This _looks_ to be similar to what the perf and
    kprobes is doing, but it's unclear to me whether they are
    affected.
    
    The whole reason we need this is that it is perfectly valid to be
    executing an instruction within MAX_INSN_SIZE bytes of an
    unreadable page. We should be able to gracefully handle short
    reads in those cases.
    
    This adds support to the decoder to record how long the buffer
    being decoded is and to refuse to "validate" the instruction if
    we would have gone over the end of the buffer to decode it.
    
    The kprobes code probably needs to be looked at here a bit more
    carefully.  This patch still respects the MAX_INSN_SIZE limit
    there but the kprobes code does look like it might be able to
    be a bit more strict than it currently is.
    Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
    Acked-by: default avatarJim Keniston <jkenisto@us.ibm.com>
    Acked-by: default avatarMasami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
    Cc: x86@kernel.org
    Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Cc: Paul Mackerras <paulus@samba.org>
    Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
    Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
    Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
    Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
    Cc: "David S. Miller" <davem@davemloft.net>
    Link: http://lkml.kernel.org/r/20141114153957.E6B01535@viggo.jf.intel.comSigned-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    6ba48ff4
core.c 31.7 KB