| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LFD.2.00.1103151529130.2787@localhost6.localdomain6>
Date: Tue, 15 Mar 2011 15:36:59 +0100 (CET)
From: Thomas Gleixner <tglx@...utronix.de>
To: Srikar Dronamraju <srikar@...ux.vnet.ibm.com>
cc: Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...e.hu>,
Steven Rostedt <rostedt@...dmis.org>,
Linux-mm <linux-mm@...ck.org>,
Arnaldo Carvalho de Melo <acme@...radead.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andi Kleen <andi@...stfloor.org>,
Christoph Hellwig <hch@...radead.org>,
Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
Oleg Nesterov <oleg@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
SystemTap <systemtap@...rces.redhat.com>,
Jim Keniston <jkenisto@...ux.vnet.ibm.com>,
Roland McGrath <roland@...k.frob.com>,
Ananth N Mavinakayanahalli <ananth@...ibm.com>,
LKML <linux-kernel@...r.kernel.org>,
"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
Subject: Re: [PATCH v2 2.6.38-rc8-tip 6/20] 6: x86: analyze instruction and
determine fixups.
On Mon, 14 Mar 2011, Srikar Dronamraju wrote:
> +/*
> + * TODO:
> + * - Where necessary, examine the modrm byte and allow only valid instructions
> + * in the different Groups and fpu instructions.
> + */
> +
> +static bool is_prefix_bad(struct insn *insn)
> +{
> + int i;
> +
> + for (i = 0; i < insn->prefixes.nbytes; i++) {
> + switch (insn->prefixes.bytes[i]) {
> + case 0x26: /*INAT_PFX_ES */
> + case 0x2E: /*INAT_PFX_CS */
> + case 0x36: /*INAT_PFX_DS */
> + case 0x3E: /*INAT_PFX_SS */
> + case 0xF0: /*INAT_PFX_LOCK */
> + return 1;
true
> + }
> + }
> + return 0;
false
> +}
> +static int validate_insn_32bits(struct uprobe *uprobe, struct insn *insn)
> +{
> + insn_init(insn, uprobe->insn, false);
> +
> + /* Skip good instruction prefixes; reject "bad" ones. */
> + insn_get_opcode(insn);
> + if (is_prefix_bad(insn)) {
> + report_bad_prefix();
> + return -EPERM;
-ENOTSUPP perhaps. That's not a permission problem
> + }
> +/**
> + * analyze_insn - instruction analysis including validity and fixups.
> + * @tsk: the probed task.
> + * @uprobe: the probepoint information.
> + * Return 0 on success or a -ve number on error.
> + */
> +int analyze_insn(struct task_struct *tsk, struct uprobe *uprobe)
> +{
> + int ret;
> + struct insn insn;
> +
> + uprobe->fixups = 0;
> +#ifdef CONFIG_X86_64
> + uprobe->arch_info.rip_rela_target_address = 0x0;
> +#endif
Please get rid of this #ifdef and use inlines (empty for 32bit)
> +
> + if (is_32bit_app(tsk))
> + ret = validate_insn_32bits(uprobe, &insn);
> + else
> + ret = validate_insn_64bits(uprobe, &insn);
> + if (ret != 0)
> + return ret;
> +#ifdef CONFIG_X86_64
Ditto
> + ret = handle_riprel_insn(uprobe, &insn);
> + if (ret == -1)
> + /* rip-relative; can't XOL */
> + return 0;
So we return -1 from handle_riprel_insn() and return success? Btw how
deals handle_riprel_insn() with 32bit user space ?
> +#endif
> + prepare_fixups(uprobe, &insn);
> + return 0;
Thanks,
tglx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists