lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 07 Oct 2011 20:25:42 +0900
From:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
To:	Stephane Eranian <eranian@...gle.com>
Cc:	Andi Kleen <andi@...stfloor.org>, linux-kernel@...r.kernel.org,
	peterz@...radead.org, mingo@...e.hu, acme@...hat.com,
	ming.m.lin@...el.com, robert.richter@....com, ravitillo@....gov
Subject: Re: [PATCH 07/12] perf_events: add LBR software filter support for
 Intel X86

(2011/10/07 19:38), Stephane Eranian wrote:
> On Thu, Oct 6, 2011 at 5:32 PM, Andi Kleen <andi@...stfloor.org> wrote:
>>> +     kernel_insn_init(&insn, kaddr);
>>> +     insn_get_opcode(&insn);
>>
>> This makes me uncomfortable. AFAIK that's the first use of the opcode
>> decoder being used directly for user space. It has a quite large attack
>> surface. Who says it cannot be exploited?
>>
> This is not new, it's already used for the PEBS fixups and that includes
> user level fixups, if possible.

Oops, I've thought existing code is only for kernel. Hmm, I guess
this could cause a problem when running 32bit binary on x86-64.

As you know, there are differences between decoding routines of
x86-64 and -32. So insn_init() has the third parameter to give
a flag for changing it.
However, since the kernel itself runs on the native mode, I've added
kernel_insn_init() only for the kernel decoding.

----
/* Init insn for kernel text */
static inline void kernel_insn_init(struct insn *insn, const void *kaddr)
{
#ifdef CONFIG_X86_64
        insn_init(insn, kaddr, 1);
#else /* CONFIG_X86_32 */
        insn_init(insn, kaddr, 0);
#endif
}
----

Thus, I strongly recommend you to check the target instruction bitwidth
on x86-64 as (probably) below;

if (kernel_ip(addr) || !test_tsk_thread_flag(current, TIF_IA32))
	kernel_insn_init(insn, addr);
else
	insn_init(insn, addr, 0);

Thank you,

-- 
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@...achi.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ