lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ce2c83091001122125i6aac119fk470621fb6b1c2b4c@mail.gmail.com>
Date:	Wed, 13 Jan 2010 13:25:20 +0800
From:	Dongdong Deng <libfetion@...il.com>
To:	Arjan van de Ven <arjan@...radead.org>
Cc:	linux-kernel@...r.kernel.org, ananth@...ibm.com,
	anil.s.keshavamurthy@...el.com, davem@...emloft.net,
	mhiramat@...hat.com, jkenisto@...ibm.com
Subject: Re: Did we really need to clear the IF flag at prepare_singlestep() 
	of x86 kprobes?

On Wed, Jan 13, 2010 at 12:06 AM, Arjan van de Ven <arjan@...radead.org> wrote:
> On Tue, 12 Jan 2010 19:09:35 +0800
> Dongdong Deng <libfetion@...il.com> wrote:
>
>> Hi Kprobe experts,
>>
>> I have a doubt about the handling "X86_EFLAGS_IF" at
>> prepare_singlestep(), Could you give me some suggestions?
>
>
> iirc it was a security thing; we used to have some exploits
> due to the linux-abi entry points which caused a mess, and this
> was put there as defensive programming.

Hi Arjan,

Thanks for your explain. :)

Do you means that the user will modify the IF? for example: through
"p->pre_handler(p, regs)" .

But I couldn't image the affect that if user modify the IF flag, could
you give me a detail info about security thing?


BTW:

Before linux 2.5, the debug tarp was initalized as trap gate:

linux-2.4.37/arch/i386/kernel/traps.c:966:	set_trap_gate(1,&debug);

I know kprobes have a long history,  Is it possible that the interrupt
flag of kprobes was introduced at that time?


Thanks,
Dongdong




>
> I could totally misremember this as well of course.
>
>
> --
> Arjan van de Ven        Intel Open Source Technology Centre
> For development, discussion and tips for power savings,
> visit http://www.lesswatts.org
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ