| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Dec 2014 20:03:27 +0100 From: Peter Zijlstra <peterz@...radead.org> To: Andy Lutomirski <luto@...capital.net> Cc: 秦承刚(承刚) <chenggang.qcg@...baba-inc.com>, root <chenggang.qin@...il.com>, linux-kernel <linux-kernel@...r.kernel.org>, 秦承刚(承刚) <chenggang.qcg@...bao.com>, Andrew Morton <akpm@...ux-foundation.org>, Arjan van de Ven <arjan@...ux.intel.com>, David Ahern <dsahern@...il.com>, Ingo Molnar <mingo@...hat.com>, Mike Galbraith <efault@....de>, Namhyung Kim <namhyung@...il.com>, Paul Mackerras <paulus@...ba.org>, Wu Fengguang <fengguang.wu@...el.com>, Yanmin Zhang <yanmin.zhang@...el.com>, jolsa@...hat.com, Stephane Eranian <eranian@...gle.com> Subject: Re: 答复:[PATCH] perf core: Use KSTK_ESP() instead of pt_regs->sp while output user regs On Thu, Dec 25, 2014 at 07:48:28AM -0800, Andy Lutomirski wrote: > On a quick look, there are plenty of other bugs in there besides just > the stack pointer issue. The ABI check that uses TIF_IA32 in the perf > core is completely wrong. TIF_IA32 may be equal to the actual > userspace bitness by luck, but, if so, that's more or less just luck. > And there's a user_mode test that should be user_mode_vm. > > Also, it's not just sp that's wrong. There are various places that > you can interrupt in which many of the registers have confusing > locations. You could try using the cfi unwind data, but that's > unlikely to work for regs like cs and ss, and, during context switch, > this has very little chance of working. > > What's the point of this feature? Honestly, my suggestion would be to > delete it instead of trying to fix it. It's also not clear to me that > there aren't serious security problems here -- it's entirely possible > for sensitive *kernel* values to and up in task_pt_regs at certain > times, and if you run during context switch and there's no code to > suppress this dump during context switch, then you could be showing > regs that belong to the wrong task. Of course the people who actually wrote the code are not on CC :/ There's two users of this iirc; 1) the dwarf stack unwinder thingy, which basically dumps the userspace regs and the top of userspace stack on 'event'. 2) the recent sample_regs_intr, which dumps the register set at 'event', be it kernel or userspace. The first is somewhat usable when lacking framepointers while still desiring some unwind information, the second is useful to things like call argument profiling and the like. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists