| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 03 Feb 2012 21:01:40 +0900
From: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
To: Srikar Dronamraju <srikar@...ux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@...radead.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Oleg Nesterov <oleg@...hat.com>, Ingo Molnar <mingo@...e.hu>,
Andrew Morton <akpm@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Linux-mm <linux-mm@...ck.org>, Andi Kleen <andi@...stfloor.org>,
Christoph Hellwig <hch@...radead.org>,
Steven Rostedt <rostedt@...dmis.org>,
Roland McGrath <roland@...k.frob.com>,
Thomas Gleixner <tglx@...utronix.de>,
Arnaldo Carvalho de Melo <acme@...radead.org>,
Anton Arapov <anton@...hat.com>,
Ananth N Mavinakayanahalli <ananth@...ibm.com>,
Jim Keniston <jkenisto@...ux.vnet.ibm.com>,
Stephen Rothwell <sfr@...b.auug.org.au>
Subject: Re: [PATCH v10 3.3-rc2 1/9] uprobes: Install and remove breakpoints.
(2012/02/02 23:18), Srikar Dronamraju wrote:
>
> Changelog: (Since v9) : Use insn_offset_modrm as suggested by Masami Hiramatsu.
Would you add REX.B clearing code to handle_riprel_insn() too?
Of course, that might not happen because it's a non-effective bit,
however user can program it and pass it to uprobes.
> +static void handle_riprel_insn(struct mm_struct *mm, struct uprobe *uprobe,
> + struct insn *insn)
> +{
> + u8 *cursor;
> + u8 reg;
> +
> + if (mm->context.ia32_compat)
> + return;
> +
> + uprobe->arch_info.rip_rela_target_address = 0x0;
> + if (!insn_rip_relative(insn))
> + return;
> +
So, here you need a REX.B clearing, like below.
insn_get_length(insn);
if (insn->rex_prefix.nbytes) {
cursor = uprobe->insn + insn_offset_rex_prefix(insn);
*cursor &= 0xfe; /* Clearing REX.B bit */
}
> + /*
> + * Point cursor at the modrm byte. The next 4 bytes are the
> + * displacement. Beyond the displacement, for some instructions,
> + * is the immediate operand.
> + */
> + cursor = uprobe->insn + insn_offset_modrm(insn);
> + insn_get_length(insn);
> +
> + /*
> + * Convert from rip-relative addressing to indirect addressing
> + * via a scratch register. Change the r/m field from 0x5 (%rip)
> + * to 0x0 (%rax) or 0x1 (%rcx), and squeeze out the offset field.
> + */
> + reg = MODRM_REG(insn);
> + if (reg == 0) {
> + /*
> + * The register operand (if any) is either the A register
> + * (%rax, %eax, etc.) or (if the 0x4 bit is set in the
> + * REX prefix) %r8. In any case, we know the C register
> + * is NOT the register operand, so we use %rcx (register
> + * #1) for the scratch register.
> + */
> + uprobe->arch_info.fixups = UPROBES_FIX_RIP_CX;
> + /* Change modrm from 00 000 101 to 00 000 001. */
> + *cursor = 0x1;
> + } else {
> + /* Use %rax (register #0) for the scratch register. */
> + uprobe->arch_info.fixups = UPROBES_FIX_RIP_AX;
> + /* Change modrm from 00 xxx 101 to 00 xxx 000 */
> + *cursor = (reg << 3);
> + }
> +
> + /* Target address = address of next instruction + (signed) offset */
> + uprobe->arch_info.rip_rela_target_address = (long)insn->length
> + + insn->displacement.value;
> + /* Displacement field is gone; slide immediate field (if any) over. */
> + if (insn->immediate.nbytes) {
> + cursor++;
> + memmove(cursor, cursor + insn->displacement.nbytes,
> + insn->immediate.nbytes);
> + }
> + return;
> +}
Thank you,
--
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@...achi.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists