lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120328142021.GC1647@m.brq.redhat.com>
Date:	Wed, 28 Mar 2012 16:20:21 +0200
From:	Jiri Olsa <jolsa@...hat.com>
To:	"Frank Ch. Eigler" <fche@...hat.com>
Cc:	acme@...hat.com, a.p.zijlstra@...llo.nl, mingo@...e.hu,
	paulus@...ba.org, cjashfor@...ux.vnet.ibm.com, fweisbec@...il.com,
	eranian@...gle.com, gorcunov@...nvz.org, tzanussi@...il.com,
	mhiramat@...hat.com, rostedt@...dmis.org, robert.richter@....com,
	linux-kernel@...r.kernel.org, mjw@...hat.com
Subject: Re: [PATCH 04/15] perf: Add ability to dump user regs

On Wed, Mar 28, 2012 at 10:01:15AM -0400, Frank Ch. Eigler wrote:
> Hi, Jiri -
> 
> On Wed, Mar 28, 2012 at 02:35:47PM +0200, Jiri Olsa wrote:
> > [...]
> > The register value here are those of the user space context as
> > it was before the user entered the kernel for whatever reason
> > (syscall, irq, exception, or a PMI happening in userspace).
> > [...]
> 
> As I understand the situation, there is a complication here that you
> haven't accounted for.  Upon a normal syscall entry to the kernel, not
> all user registers are saved explicitly for such easy retrieval.  The
> others may be spilled to the stack by gcc during the various sys_*
> functions or elsewhere.  It turns out that some of these saved
> registers are sometimes necessary to accomplish a user-space unwind.

Are you reffering to x86_64 where only portion of registers
is stored by SAVE_ARGS macro? Seems like 32 bits stores the
whole pt_regs.

Generally you could need all the registers to start the unwind,
but I was assuming that for most cases the stack pointer and
instruction pointer should be enough.. but I might be wrong here.

> 
> To recover these registers at run time, we found that the kernel stack
> itself has to be partially unwound - and not via frame pointers, but
> the full dwarf unwind/cfi machinery.  This RFC code does not appear
> aware of the difference between the explicitly saved and the
> incidentally-spilled registers, and thus may accidentally pass garbage
> data to perf userspace.  Correcting this could require a kernel-space
> libunwind.

AFAIK not going to happen any time soon ;)

thanks,
jirka
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ