lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120328140115.GE4826@redhat.com>
Date:	Wed, 28 Mar 2012 10:01:15 -0400
From:	"Frank Ch. Eigler" <fche@...hat.com>
To:	Jiri Olsa <jolsa@...hat.com>
Cc:	acme@...hat.com, a.p.zijlstra@...llo.nl, mingo@...e.hu,
	paulus@...ba.org, cjashfor@...ux.vnet.ibm.com, fweisbec@...il.com,
	eranian@...gle.com, gorcunov@...nvz.org, tzanussi@...il.com,
	mhiramat@...hat.com, rostedt@...dmis.org, robert.richter@....com,
	linux-kernel@...r.kernel.org, mjw@...hat.com
Subject: Re: [PATCH 04/15] perf: Add ability to dump user regs

Hi, Jiri -

On Wed, Mar 28, 2012 at 02:35:47PM +0200, Jiri Olsa wrote:
> [...]
> The register value here are those of the user space context as
> it was before the user entered the kernel for whatever reason
> (syscall, irq, exception, or a PMI happening in userspace).
> [...]

As I understand the situation, there is a complication here that you
haven't accounted for.  Upon a normal syscall entry to the kernel, not
all user registers are saved explicitly for such easy retrieval.  The
others may be spilled to the stack by gcc during the various sys_*
functions or elsewhere.  It turns out that some of these saved
registers are sometimes necessary to accomplish a user-space unwind.

To recover these registers at run time, we found that the kernel stack
itself has to be partially unwound - and not via frame pointers, but
the full dwarf unwind/cfi machinery.  This RFC code does not appear
aware of the difference between the explicitly saved and the
incidentally-spilled registers, and thus may accidentally pass garbage
data to perf userspace.  Correcting this could require a kernel-space
libunwind.

- FChE
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ