| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4A8B4515.3090508@redhat.com>
Date: Tue, 18 Aug 2009 20:19:33 -0400
From: Masami Hiramatsu <mhiramat@...hat.com>
To: Frederic Weisbecker <fweisbec@...il.com>
CC: Ingo Molnar <mingo@...e.hu>, Steven Rostedt <rostedt@...dmis.org>,
lkml <linux-kernel@...r.kernel.org>,
systemtap <systemtap@...rces.redhat.com>,
kvm <kvm@...r.kernel.org>,
DLE <dle-develop@...ts.sourceforge.net>,
Ananth N Mavinakayanahalli <ananth@...ibm.com>,
Avi Kivity <avi@...hat.com>, Andi Kleen <ak@...ux.intel.com>,
Christoph Hellwig <hch@...radead.org>,
"Frank Ch. Eigler" <fche@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>, Jason Baron <jbaron@...hat.com>,
Jim Keniston <jkenisto@...ibm.com>,
"K.Prasad" <prasad@...ux.vnet.ibm.com>,
Lai Jiangshan <laijs@...fujitsu.com>,
Li Zefan <lizf@...fujitsu.com>,
PrzemysławPawełczyk <przemyslaw@...elczyk.it>,
Roland McGrath <roland@...hat.com>,
Sam Ravnborg <sam@...nborg.org>,
Srikar Dronamraju <srikar@...ux.vnet.ibm.com>,
Tom Zanussi <tzanussi@...il.com>,
Vegard Nossum <vegard.nossum@...il.com>
Subject: Re: [PATCH -tip v14 03/12] kprobes: checks probe address is instruction
boudary on x86
Frederic Weisbecker wrote:
> On Tue, Aug 18, 2009 at 07:17:39PM -0400, Masami Hiramatsu wrote:
>> Frederic Weisbecker wrote:
>>>> + while (addr < paddr) {
>>>> + kernel_insn_init(&insn, (void *)addr);
>>>> + insn_get_opcode(&insn);
>>>> +
>>>> + /* Check if the instruction has been modified. */
>>>> + if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION) {
>>>> + ret = recover_probed_instruction(buf, addr);
>>>
>>>
>>>
>>> I'm confused about the reason of this recovering. Is it to remove
>>> kprobes behind the current setting one in the current function?
>>
>> No, it recovers just an instruction which is probed by a kprobe,
>> because we need to know the first byte of this instruction for
>> decoding it.
Ah, sorry, it was not accurate. the function recovers an instruction
on the buffer(buf), not on the real kernel text. :)
>>
>> Perhaps we'd better to have more generic interface (text_peek?)
>> for it because another subsystem (e.g. kgdb) may want to insert int3...
>>
>> Thank you,
>
>
> Aah, I see now, it's to keep a sane check of the instructions
> boundaries without int 3 artifacts in the middle.
>
> But in that case, you should re-arm the breakpoint after your
> check, right?
>
> Or may be you could do the check without repatching?
Yes, it doesn't modify kernel text, just recover an original
instruction from kernel text and backup byte on a buffer.
> May be by doing a copy of insn.opcode.bytes and replacing bytes[0]
> with what a random kprobe has stolen?
Hm, no, this function is protected from other kprobes by kprobe_mutex.
Thank you,
--
Masami Hiramatsu
Software Engineer
Hitachi Computer Products (America), Inc.
Software Solutions Division
e-mail: mhiramat@...hat.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists