| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Jul 2010 14:12:20 -0400 From: Mathieu Desnoyers <mathieu.desnoyers@...icios.com> To: "Maciej W. Rozycki" <macro@...ux-mips.org> Cc: LKML <linux-kernel@...r.kernel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, Ingo Molnar <mingo@...e.hu>, Peter Zijlstra <peterz@...radead.org>, Steven Rostedt <rostedt@...dmis.org>, Steven Rostedt <rostedt@...tedt.homelinux.com>, Frederic Weisbecker <fweisbec@...il.com>, Thomas Gleixner <tglx@...utronix.de>, Christoph Hellwig <hch@....de>, Li Zefan <lizf@...fujitsu.com>, Lai Jiangshan <laijs@...fujitsu.com>, Johannes Berg <johannes.berg@...el.com>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, Arnaldo Carvalho de Melo <acme@...radead.org>, Tom Zanussi <tzanussi@...il.com>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, Andi Kleen <andi@...stfloor.org>, akpm@...l.org, "H. Peter Anvin" <hpa@...or.com>, Jeremy Fitzhardinge <jeremy@...p.org>, "Frank Ch. Eigler" <fche@...hat.com> Subject: Re: [patch 2/2] x86 NMI-safe INT3 and Page Fault * Maciej W. Rozycki (macro@...ux-mips.org) wrote: > On Wed, 14 Jul 2010, Mathieu Desnoyers wrote: > > > This patch makes all faults, traps and exception safe to be called from NMI > > context *except* single-stepping, which requires iret to restore the TF (trap > > flag) and jump to the return address in a single instruction. Sorry, no kprobes > > Watch out for the RF flag too, that is not set correctly by POPFD -- that > may be important for faulting instructions that also have a hardware > breakpoint set at their address. > > > support in NMI handlers because of this limitation. This cannot be emulated > > with popf/lret, because lret would be single-stepped. It does not apply to > > "immediate values" because they do not use single-stepping. This code detects if > > the TF flag is set and uses the iret path for single-stepping, even if it > > reactivates NMIs prematurely. > > What about the VM flag for VM86 tasks? It cannot be changed by POPFD > either. > > How about only using the special return path when a nested exception is > about to return to the NMI handler? You'd avoid all the odd cases then > that do not happen in the NMI context. This is exactly what this patch does :-) It selects the return path with + testl $NMI_MASK,TI_preempt_count(%ebp) + jz resume_kernel /* Not nested over NMI ? */ In addition, about int3 breakpoints use in the kernel, AFAIK the handler does not explicitly set the RF flag, and the breakpoint instruction (int3) appears not to set it. (from my understanding of Intel's Intel Architecture Software Developer’s Manual Volume 3: System Programming 15.3.1.1. INSTRUCTION-BREAKPOINT EXCEPTION C) So it should be safe to set a int3 breakpoint in a NMI handler with this patch. It's just the "single-stepping" feature of kprobes which is problematic. Luckily, only int3 is needed for code patching bypass. Thanks, Mathieu -- Mathieu Desnoyers Operating System Efficiency R&D Consultant EfficiOS Inc. http://www.efficios.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists